Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus hängt an alle Dateien .vvv

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.11.2015, 23:31   #1
chke
 
Virus hängt an alle Dateien .vvv - Standard

Virus hängt an alle Dateien .vvv



Hallo,

mich - meinen Rechner - hat ein Virus erwischt. An alle Word-, Excel- und PDF-Dateien wurde ein .vvv angehängt. Betroffene Dateien sind nicht mehr zu öffnen.
jpg- und mp3-Dateien - auf der gleichen Platte, aber eine andere Partition - sind nicht betroffen.
Beim Start von zum Beispiel Excel kommt ein englischer Text:All of your files were protected by a strong encryption with RSA-2048.

Alle Dateien habe ich auf einer externen Festplatte gesichert, die nach der Sicherung vom System getrennt wurde. Insofern bin ich erst einmal beruhigt. Wäre aber blöd, alles neu aufsetzen zu müssen, da die zwischenzeitlich erstellten Dateien meiner Finanzsoftware (Wiso Mein Geld) weg wären.

Ich habe defogger laufen lassen. Es wurde kein Neustart gefordert.

Systemscan mit FRST habe ich durchgeführt
FRST.txt:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
durchgeführt von Ulla & Christian (Administrator) auf PC (01-12-2015 00:13:46)
Gestartet von C:\Users\Ulla & Christian\Downloads
Geladene Profile: Ulla & Christian &  (Verfügbare Profile: Ulla & Christian & Jan)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(The OpenVPN Project) C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avcenter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard )
HKLM\...\Run: [Ocs_SM] => C:\Users\Ulla & Christian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-06-17] (OCS)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe [788176 2015-11-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [openvpn-gui] => C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe [436776 2013-06-14] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\Sicherheit-Ordnung\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\Sicherheit-Ordnung\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+yer.html [2015-11-29] ()
Startup: C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+yer.txt [2015-11-29] ()
GroupPolicyUsers\S-1-5-21-3876800203-89553269-3656360523-1003\User: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{82DFC5A4-518D-445C-A2B1-591A6747A3D5}: [DhcpNameServer] 192.168.103.1 192.168.103.20
Tcpip\..\Interfaces\{B56279DC-0CCA-4C4C-8F65-B5B765D59070}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
URLSearchHook: [S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {0376A5AC-5698-4CFB-BF5B-1A12FE88CE17} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {2B9277F9-9AFF-4BE1-8D9F-5C47ACDE8AF9} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E616D617A6F6E2E64652F732F7265663D617A735F6F73645F69656164653F69653D5554462D38267461673D68702D6465312D7673622D3231266C696E6B253546636F64653D717326696E6465783D617073266669656C642D6B6579776F7264733D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {68DA0295-7A32-4CC5-A929-A2513D7186F0} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {B52B0020-6410-4905-8380-4EED9883BE80} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D3135343334352D31323132382D322F34203F6D7072653D687474702533412532462532467777772E656261792E636F6D2532467363682532462533465F6E6B772533447B7365617263685465726D737D266B6579776F72643D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {F2109080-1672-4F41-BDB0-B480859F3699} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0376A5AC-5698-4CFB-BF5B-1A12FE88CE17} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2B9277F9-9AFF-4BE1-8D9F-5C47ACDE8AF9} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E616D617A6F6E2E64652F732F7265663D617A735F6F73645F69656164653F69653D5554462D38267461673D68702D6465312D7673622D3231266C696E6B253546636F64653D717326696E6465783D617073266669656C642D6B6579776F7264733D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {68DA0295-7A32-4CC5-A929-A2513D7186F0} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B52B0020-6410-4905-8380-4EED9883BE80} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D3135343334352D31323132382D322F34203F6D7072653D687474702533412532462532467777772E656261792E636F6D2532467363682532462533465F6E6B772533447B7365617263685465726D737D266B6579776F72643D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F2109080-1672-4F41-BDB0-B480859F3699} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Toolbar: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\Filme - Video\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @ei.UtilityChest_49.com/Plugin -> C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\NP49EISB.dll [2013-07-02] (Utility Chest)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Bilder\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3876800203-89553269-3656360523-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ulla & Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ulla & Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-10-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2010-07-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-10-12] (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.html [2015-11-29]
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.txt [2015-11-29]
FF Extension: Shrunked Image Resizer - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\extensions\shrunked@darktrojan.net.xpi [2015-09-14]
FF Extension: Avira Browser Safety - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\Extensions\abs@avira.com [2015-11-29] [ist nicht signiert]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avmailc7.exe [936544 2015-11-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe [466408 2015-11-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe [466408 2015-11-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avwebg7.exe [1105952 2015-11-10] (Avira Operations GmbH & Co. KG)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2015\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [Datei ist nicht signiert]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
S3 OpenVPNService; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [Datei ist nicht signiert]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-12-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-04-27] () [Datei ist nicht signiert]
R2 ammntdrv; C:\windows\system32\ammntdrv.sys [151480 2013-04-27] () [Datei ist nicht signiert]
R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [17848 2013-02-06] () [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-09-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-08-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-09-23] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-01 00:11 - 2015-12-01 00:11 - 00000000 _____ C:\Users\Ulla & Christian\defogger_reenable
2015-12-01 00:10 - 2015-12-01 00:10 - 00050477 _____ C:\Users\Ulla & Christian\Downloads\Defogger.exe
2015-11-30 23:21 - 2015-12-01 00:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-30 23:21 - 2015-11-30 23:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 23:21 - 2015-11-30 23:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-30 23:19 - 2015-11-30 23:49 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-30 23:19 - 2015-11-30 23:19 - 00000000 ____D C:\Malwarebytes
2015-11-30 23:18 - 2015-11-30 23:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ulla & Christian\Downloads\mbar-1.09.3.1001.exe
2015-11-30 23:06 - 2015-11-30 23:07 - 00053534 _____ C:\Users\Ulla & Christian\Downloads\Addition.txt
2015-11-30 23:05 - 2015-12-01 00:13 - 00030188 _____ C:\Users\Ulla & Christian\Downloads\FRST.txt
2015-11-30 23:05 - 2015-12-01 00:13 - 00000000 ____D C:\FRST
2015-11-30 23:04 - 2015-11-30 23:04 - 02350080 _____ (Farbar) C:\Users\Ulla & Christian\Downloads\FRST64(1).exe
2015-11-30 23:02 - 2015-11-30 23:02 - 02350080 _____ (Farbar) C:\Users\Ulla & Christian\Downloads\FRST64.exe
2015-11-30 13:54 - 2015-11-30 13:56 - 00000050 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2015-11-30 13:54 - 2015-11-30 13:55 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-29 22:45 - 2015-11-29 22:45 - 00024261 _____ C:\Users\Ulla & Christian\Downloads\RX_151129_Bestellbestaetigung_VID3_2245.pdf
2015-11-29 21:46 - 2015-11-29 21:46 - 00006921 _____ C:\WINDOWS\Tasks\how_recover+yer.html
2015-11-29 21:46 - 2015-11-29 21:46 - 00002401 _____ C:\WINDOWS\Tasks\how_recover+yer.txt
2015-11-29 21:45 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\how_recover+yer.html
2015-11-29 21:45 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:33 - 00006921 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:33 - 00002401 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.txt
2015-11-29 21:26 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.html
2015-11-29 21:26 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Downloads\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Downloads\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Documents\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Documents\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\ProgramData\how_recover+yer.txt
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-11-29 21:18 - 2015-11-29 21:18 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\7 Zip 32 Bit - CHIP-Installer.exe
2015-11-29 21:16 - 2015-11-29 21:26 - 00000670 _____ C:\Users\Ulla & Christian\Documents\recover_file_jkvrflnqu.txt.vvv
2015-11-28 23:24 - 2015-11-28 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-11-28 23:22 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-11-28 23:22 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-11-28 23:22 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-11-28 23:22 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-11-28 23:21 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-11-28 23:21 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-11-28 23:21 - 2015-10-10 19:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2015-11-28 23:21 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-11-28 23:21 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-11-28 23:21 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-11-28 23:21 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-11-28 23:21 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-28 23:21 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-11-28 23:21 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-11-28 23:21 - 2015-09-28 19:31 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-11-28 23:21 - 2015-09-28 19:24 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-11-28 23:21 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-11-28 22:23 - 2015-11-28 22:23 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(3).exe
2015-11-25 23:20 - 2015-11-25 23:23 - 88173384 _____ (Buhl Data Service GmbH) C:\Users\Ulla & Christian\Downloads\WISOFinanz2016.exe
2015-11-23 07:26 - 2015-11-29 21:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\DataDesign
2015-11-22 17:53 - 2015-11-22 17:54 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(2).exe
2015-11-18 20:20 - 2015-11-18 20:20 - 00000000 ____D C:\Users\Jan\AppData\Roaming\HpUpdate
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-14 17:17 - 2015-11-30 23:51 - 00008510 _____ C:\WINDOWS\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
2015-11-10 23:24 - 2015-11-10 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-10 19:37 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 19:37 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 19:37 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 19:37 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-10 19:37 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 19:37 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-10 19:37 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-10 19:37 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-10 19:37 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-10 19:37 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-10 19:37 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-10 19:35 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-10 19:35 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-10 19:35 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-10 19:35 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-10 19:35 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-10 19:35 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 19:35 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 19:35 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-10 19:35 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 19:35 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 19:35 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-10 19:35 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-10 19:35 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-10 19:35 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-10 19:35 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-10 19:35 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-10 19:35 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-10 19:35 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-10 19:35 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-10 19:35 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-10 19:35 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-10 19:35 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-10 19:35 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-10 19:35 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-10 19:35 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-10 19:35 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-10 19:30 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-10 19:30 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-10 19:30 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-10 19:30 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-10 19:30 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-07 18:17 - 2015-11-07 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-11-07 18:14 - 2015-11-07 18:14 - 07369576 _____ (Wargaming.net ) C:\Users\Ulla & Christian\Downloads\WoWS_internet_install_eu.exe
2015-11-07 15:58 - 2015-11-07 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 12:48 - 2015-11-06 12:49 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(1).exe
2015-11-03 13:42 - 2015-11-29 21:23 - 00000000 ____D C:\Users\Ulla & Christian\.android
2015-11-03 13:41 - 2015-11-29 21:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MyPhoneExplorer
2015-11-03 13:41 - 2015-11-03 13:41 - 00002078 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2015-11-03 13:41 - 2015-11-03 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2015-11-03 13:41 - 2015-11-03 13:41 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2015-11-03 13:39 - 2015-11-03 13:39 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\MyPhoneExplorer - CHIP-Installer(1).exe
2015-11-03 13:37 - 2015-11-03 13:38 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\MyPhoneExplorer - CHIP-Installer.exe
2015-11-02 11:28 - 2015-11-02 11:28 - 00000383 _____ C:\ftconfig.ini
2015-11-01 22:19 - 2015-11-29 21:33 - 00392270 _____ C:\Users\Ulla & Christian\Downloads\10984200_908781199162434_4585968420000991718_o.jpg.vvv

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-01 00:11 - 2014-11-27 07:27 - 00000000 ____D C:\Users\Ulla & Christian
2015-11-30 23:59 - 2013-09-12 20:04 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-30 23:51 - 2014-09-24 07:17 - 01989598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-30 23:51 - 2014-09-24 06:43 - 00844836 _____ C:\WINDOWS\system32\perfh007.dat
2015-11-30 23:51 - 2014-09-24 06:43 - 00192568 _____ C:\WINDOWS\system32\perfc007.dat
2015-11-30 23:51 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-11-30 23:45 - 2014-11-27 07:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-30 23:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-11-30 23:45 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-30 23:45 - 2013-08-22 15:44 - 00505968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-30 23:44 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-30 23:06 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-11-30 13:55 - 2014-11-27 07:18 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-30 13:14 - 2013-06-16 20:58 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1001
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-11-29 21:45 - 2014-08-31 18:37 - 00000000 ___RD C:\Users\Ulla & Christian\SkyDrive
2015-11-29 21:45 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\VirtualStore
2015-11-29 21:34 - 2015-09-03 14:21 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner (2)
2015-11-29 21:34 - 2015-04-04 14:47 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner
2015-11-29 21:34 - 2013-10-05 10:52 - 00000000 ___RD C:\Users\Ulla & Christian\Dropbox
2015-11-29 21:34 - 2013-06-25 13:22 - 00000000 ____D C:\Users\Ulla & Christian\Mozilla Thunderbird
2015-11-29 21:33 - 2015-10-28 22:39 - 00113870 _____ C:\Users\Ulla & Christian\Downloads\ZIAUFEIN_gquatybzpgcfmcaexqtkhxyk6abcs.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:31 - 00020558 _____ C:\Users\Ulla & Christian\Downloads\_14576829_KuendigungsbestaetigungneuerLieferant_20151027_408d6e5b9a03c91b25785313609ad7d0.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:24 - 00021150 _____ C:\Users\Ulla & Christian\Downloads\_122679474_KuendigungsbestaetigungneuerLieferant_20151027_16f7742108956c86b068dca1a61d62c6.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:20 - 00566430 _____ C:\Users\Ulla & Christian\Downloads\005056881A0F1EE59F995BDDE2AF0EF0.pdf.vvv
2015-11-29 21:33 - 2015-10-25 12:55 - 01781646 _____ C:\Users\Ulla & Christian\Downloads\Ahnenblatt-Handbuch.pdf.vvv
2015-11-29 21:33 - 2015-09-28 21:21 - 00451534 _____ C:\Users\Ulla & Christian\Downloads\320.pdf.vvv
2015-11-29 21:33 - 2015-09-20 20:07 - 00313454 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Preisinformation_20150908_005df263fe16be59a1e07e1fd8a76672.pdf.vvv
2015-11-29 21:33 - 2015-09-13 12:54 - 00122526 _____ C:\Users\Ulla & Christian\Downloads\2390_499_1.PDF.vvv
2015-11-29 21:33 - 2015-09-13 12:32 - 00114462 _____ C:\Users\Ulla & Christian\Downloads\2390_493_1.PDF.vvv
2015-11-29 21:33 - 2015-08-15 23:11 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Lacey
2015-11-29 21:33 - 2015-08-15 22:19 - 09891454 _____ C:\Users\Ulla & Christian\Downloads\freemusicdownloader_1-59.zip.vvv
2015-11-29 21:33 - 2015-05-17 20:41 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721(1).pdf.vvv
2015-11-29 21:33 - 2015-05-17 20:38 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721.pdf.vvv
2015-11-29 21:33 - 2015-04-11 15:42 - 00178222 _____ C:\Users\Ulla & Christian\Downloads\rlmpdf.pdf.vvv
2015-11-29 21:33 - 2015-03-06 20:40 - 00984990 _____ C:\Users\Ulla & Christian\Downloads\Bedarfsfeldbroschuere_Vermoegen_anlegen_VR.pdf.vvv
2015-11-29 21:33 - 2015-01-09 23:24 - 01414318 _____ C:\Users\Ulla & Christian\Downloads\Syno_QIG_2bay2_deu.pdf.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 30247390 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_110114.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 11537854 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_Utility99.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:26 - 21632238 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_v1_110825.zip.vvv
2015-11-29 21:33 - 2014-12-21 14:12 - 00027790 _____ C:\Users\Ulla & Christian\Downloads\RX_141221_Bestellbestaetigung_VID616_1412.pdf.vvv
2015-11-29 21:33 - 2014-11-23 21:39 - 00039278 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Lieferbestaetigung_20141121_df4db33247be1b6428d8ec0eb7955911.pdf.vvv
2015-11-29 21:33 - 2014-10-25 22:41 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Gameforge Live
2015-11-29 21:33 - 2014-08-03 12:06 - 00225342 _____ C:\Users\Ulla & Christian\Downloads\testresultate_farbspruehgeraete.pdf.vvv
2015-11-29 21:33 - 2014-07-28 19:47 - 00916606 _____ C:\Users\Ulla & Christian\Downloads\flexibrass.pdf.vvv
2015-11-29 21:33 - 2014-05-27 19:08 - 00342942 _____ C:\Users\Ulla & Christian\Downloads\IMM1294E.PDF.vvv
2015-11-29 21:33 - 2014-05-27 18:54 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent(1).pdf.vvv
2015-11-29 21:33 - 2014-05-10 14:46 - 00239358 _____ C:\Users\Ulla & Christian\Downloads\document.pdf.vvv
2015-11-29 21:33 - 2014-05-04 12:08 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent.pdf.vvv
2015-11-29 21:33 - 2014-02-13 22:20 - 00078174 _____ C:\Users\Ulla & Christian\Downloads\identificationAstIdent.PDF.vvv
2015-11-29 21:33 - 2013-12-21 20:55 - 00001150 _____ C:\Users\Ulla & Christian\Downloads\umsatz-5232________0800-20131221.csv.vvv
2015-11-29 21:33 - 2013-12-01 19:02 - 00000000 ____D C:\Users\Ulla & Christian\Documents\SelfMV
2015-11-29 21:33 - 2013-10-05 20:18 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister
2015-11-29 21:33 - 2013-07-25 15:22 - 00000000 ___RD C:\Users\Ulla & Christian\Documents\Scanned Documents
2015-11-29 21:33 - 2013-07-12 21:07 - 00509358 _____ C:\Users\Ulla & Christian\Downloads\15875_1373659579.pdf.vvv
2015-11-29 21:33 - 2013-07-12 21:05 - 00103934 _____ C:\Users\Ulla & Christian\Downloads\versicherungsbedingungen_indiv_praktikum.pdf.vvv
2015-11-29 21:33 - 2013-07-03 22:32 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Volition
2015-11-29 21:33 - 2013-06-30 13:26 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister Backup
2015-11-29 21:33 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\Documents\WISO Mein Geld
2015-11-29 21:33 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\Documents\samsung
2015-11-29 21:26 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WorldofTanks
2015-11-29 21:26 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Skype
2015-11-29 21:26 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\Documents\My Games
2015-11-29 21:26 - 2013-07-25 15:22 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Fax
2015-11-29 21:26 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Amazon MP3
2015-11-29 21:26 - 2013-07-05 20:19 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\vlc
2015-11-29 21:26 - 2013-07-05 20:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WebApp
2015-11-29 21:26 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\Documents\CyberLink
2015-11-29 21:26 - 2013-07-02 22:05 - 00000000 ____D C:\Users\Ulla & Christian\Documents\default
2015-11-29 21:26 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Thunderbird
2015-11-29 21:26 - 2013-06-22 08:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Wargaming.net
2015-11-29 21:26 - 2013-06-21 22:14 - 00000000 ____D C:\Users\Ulla & Christian\Bilder
2015-11-29 21:26 - 2013-06-18 01:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WinBatch
2015-11-29 21:26 - 2013-06-17 13:03 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Ahnenblatt
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.system.package.metadata
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.applications.package.appdata
2015-11-29 21:25 - 2015-10-25 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2015-11-29 21:25 - 2015-05-17 15:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Hewlett-Packard
2015-11-29 21:25 - 2015-05-17 15:42 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\HpUpdate
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\java
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\.minecraft
2015-11-29 21:25 - 2014-12-24 22:48 - 00000000 __SHD C:\Users\Ulla & Christian\AppData\LocalLow\EmieSiteList
2015-11-29 21:25 - 2014-12-13 11:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\hpqLog
2015-11-29 21:25 - 2014-11-20 09:32 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Iminent
2015-11-29 21:25 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera Software
2015-11-29 21:25 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks
2015-11-29 21:25 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\WorldofTanks
2015-11-29 21:25 - 2014-09-24 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Temp
2015-11-29 21:25 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Skype
2015-11-29 21:25 - 2014-02-02 11:21 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-11-29 21:25 - 2013-12-22 18:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Sun
2015-11-29 21:25 - 2013-10-05 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ArcSoft
2015-11-29 21:25 - 2013-10-05 10:49 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-29 21:25 - 2013-10-05 10:48 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Dropbox
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\WarThunder
2015-11-29 21:25 - 2013-09-01 20:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Leadertech
2015-11-29 21:25 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ICAClient
2015-11-29 21:25 - 2013-08-26 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Sophos
2015-11-29 21:25 - 2013-08-26 19:50 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2015-11-29 21:25 - 2013-08-09 18:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2015-11-29 21:25 - 2013-08-07 20:57 - 00000000 __RHD C:\Users\Ulla & Christian\AppData\Roaming\SecuROM
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Program Files
2015-11-29 21:25 - 2013-07-10 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging
2015-11-29 21:25 - 2013-07-10 21:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Lasersoft Imaging
2015-11-29 21:25 - 2013-07-05 20:39 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Media Player Classic
2015-11-29 21:25 - 2013-07-05 20:36 - 00000462 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:25 - 2013-07-05 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\dvdcss
2015-11-29 21:25 - 2013-07-05 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Windows Live
2015-11-29 21:25 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\CyberLink
2015-11-29 21:25 - 2013-07-05 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Mozilla
2015-11-29 21:25 - 2013-07-03 22:40 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga
2015-11-29 21:25 - 2013-07-03 22:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele
2015-11-29 21:25 - 2013-07-02 22:15 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\AVS4YOU
2015-11-29 21:25 - 2013-07-02 22:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ashampoo
2015-11-29 21:25 - 2013-07-02 13:12 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\UtilityChest_49EI
2015-11-29 21:25 - 2013-07-02 06:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canon
2015-11-29 21:25 - 2013-07-01 22:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Adobe
2015-11-29 21:25 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Thunderbird
2015-11-29 21:25 - 2013-06-23 20:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-11-29 21:25 - 2013-06-23 18:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Avira
2015-11-29 21:25 - 2013-06-23 17:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canneverbe Limited
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service GmbH
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service
2015-11-29 21:25 - 2013-06-19 21:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\NVIDIA
2015-11-29 21:25 - 2013-06-18 13:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft Web Folders
2015-11-29 21:25 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MediaMonkey
2015-11-29 21:25 - 2013-06-17 21:47 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2015-11-29 21:25 - 2013-06-17 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera
2015-11-29 21:25 - 2013-06-17 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\OCS
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Samsung
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Samsung
2015-11-29 21:25 - 2013-06-17 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ahnenblatt
2015-11-29 21:25 - 2013-06-16 21:38 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Macromedia
2015-11-29 21:25 - 2013-06-16 20:53 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Adobe
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Hewlett-Packard
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Power2Go8
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Packages
2015-11-29 21:24 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Opera Software
2015-11-29 21:24 - 2013-06-21 20:57 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Microsoft Help
2015-11-29 21:24 - 2013-06-17 22:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Mozilla
2015-11-29 21:23 - 2015-06-09 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\GWX
2015-11-29 21:23 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\Visan
2015-11-29 21:23 - 2015-01-10 22:40 - 00000000 ____D C:\ProgramData\Synology
2015-11-29 21:23 - 2014-11-27 07:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-29 21:23 - 2014-11-17 00:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-29 21:23 - 2014-08-31 18:37 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-11-29 21:23 - 2014-08-17 16:22 - 00000000 ____D C:\ProgramData\Skype
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Sun
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Oracle
2015-11-29 21:23 - 2013-11-14 20:02 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-11-29 21:23 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\tmp
2015-11-29 21:23 - 2013-10-03 19:03 - 00000000 ____D C:\Users\Ulla & Christian\2013_10_03
2015-11-29 21:23 - 2013-09-25 20:16 - 00000000 ____D C:\ProgramData\WarThunder
2015-11-29 21:23 - 2013-09-25 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Gameforge4d
2015-11-29 21:23 - 2013-09-01 20:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech® Webcam-Software
2015-11-29 21:23 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Citrix
2015-11-29 21:23 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-29 21:23 - 2013-07-12 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Apps\2.0
2015-11-29 21:23 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Public\CyberLink
2015-11-29 21:23 - 2013-07-04 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\DFH
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Public\Documents\Softwrap
2015-11-29 21:23 - 2013-07-02 22:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ashampoo
2015-11-29 21:23 - 2013-07-02 06:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP
2015-11-29 21:23 - 2013-06-30 15:28 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP Quick Start
2015-11-29 21:23 - 2013-06-23 18:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ArcSoft
2015-11-29 21:23 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Buhl Data Service
2015-11-29 21:23 - 2013-06-23 11:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Macromedia
2015-11-29 21:23 - 2013-06-17 22:27 - 00000000 ____D C:\ProgramData\Mozilla
2015-11-29 21:23 - 2013-06-17 21:59 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Google
2015-11-29 21:23 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\MediaMonkey
2015-11-29 21:23 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-11-29 21:23 - 2013-06-17 21:33 - 00000000 ____D C:\ProgramData\Samsung
2015-11-29 21:23 - 2013-06-17 21:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Downloaded Installations
2015-11-29 21:23 - 2013-06-17 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Adobe
2015-11-29 21:23 - 2013-06-16 21:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Hewlett-Packard
2015-11-29 21:23 - 2013-06-16 20:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\Users\Public\Symantec
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\ProgramData\Norton
2015-11-29 21:23 - 2013-01-12 06:37 - 00000000 ____D C:\ProgramData\NortonInstaller
2015-11-29 21:23 - 2013-01-12 06:36 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2015-11-29 21:23 - 2013-01-12 06:23 - 00000000 ____D C:\ProgramData\Temp
2015-11-29 21:23 - 2013-01-12 06:14 - 00000000 ____D C:\ProgramData\SoundResearch
2015-11-29 21:23 - 2012-08-10 16:06 - 00000000 ____D C:\ProgramData\PRICache
2015-11-29 21:23 - 2010-01-25 22:35 - 00000000 ___DC C:\ProgramData\Mozilla Thunderbird
2015-11-29 21:22 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-11-29 21:22 - 2015-05-17 15:41 - 00000000 ____D C:\ProgramData\HP
2015-11-29 21:22 - 2014-12-20 16:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-11-29 21:22 - 2014-11-20 09:32 - 00000000 ____D C:\ProgramData\Iminent
2015-11-29 21:22 - 2013-11-26 07:45 - 00000000 ____D C:\ProgramData\McAfee
2015-11-29 21:22 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\hps
2015-11-29 21:22 - 2013-09-01 21:25 - 00000000 ____D C:\ProgramData\FLEXnet
2015-11-29 21:22 - 2013-09-01 20:00 - 00000000 ____D C:\ProgramData\LogiShrd
2015-11-29 21:22 - 2013-07-03 22:32 - 00000000 ____D C:\ProgramData\InstallMate
2015-11-29 21:22 - 2013-06-23 18:07 - 00000000 ____D C:\ProgramData\eBay
2015-11-29 21:22 - 2013-06-21 22:16 - 00000000 ____D C:\ProgramData\MediaMonkey
2015-11-29 21:22 - 2013-01-12 06:25 - 00000000 ____D C:\ProgramData\install_clap
2015-11-29 21:22 - 2013-01-12 06:19 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-29 21:21 - 2015-01-10 19:07 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2015-11-29 21:21 - 2014-11-27 08:00 - 00000000 ____D C:\ProgramData\AmUStor
2015-11-29 21:21 - 2013-08-27 20:03 - 00000000 ____D C:\ProgramData\Citrix
2015-11-29 21:21 - 2013-07-02 22:20 - 00000000 ____D C:\ProgramData\AomeiBR
2015-11-29 21:21 - 2013-07-02 22:00 - 00000000 ____D C:\ProgramData\Ashampoo
2015-11-29 21:21 - 2013-07-02 06:37 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-11-29 21:21 - 2013-07-01 20:47 - 00000000 ____D C:\ProgramData\Adobe
2015-11-29 21:21 - 2013-06-23 20:30 - 00000000 ____D C:\ProgramData\AVS4YOU
2015-11-29 21:21 - 2013-06-23 18:11 - 00000000 ____D C:\ProgramData\ArcSoft
2015-11-29 21:21 - 2013-06-23 17:57 - 00000000 ____D C:\ProgramData\Avira
2015-11-29 21:21 - 2013-06-23 17:55 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-11-29 21:21 - 2013-06-23 11:35 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\Apple
2015-11-29 21:18 - 2012-10-12 04:21 - 00000000 _RSHD C:\SYSTEM.SAV
2015-11-29 21:17 - 2013-07-01 23:00 - 00000000 ____D C:\Program Files (x86)l
2015-11-29 21:17 - 2013-06-18 21:29 - 00000000 ____D C:\sources
2015-11-29 21:17 - 2012-10-12 04:24 - 00000000 ____D C:\SWSETUP
2015-11-29 21:16 - 2014-07-03 20:43 - 00000000 ____D C:\My Music
2015-11-29 21:16 - 2013-01-07 12:12 - 00000000 _RSHD C:\hp
2015-11-28 23:24 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-23 06:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-18 20:56 - 2015-10-06 19:48 - 00001048 _____ C:\Users\Jan\Desktop\nativelog.txt
2015-11-18 20:56 - 2015-10-03 14:43 - 00000000 ____D C:\Users\Jan\AppData\Roaming\.minecraft
2015-11-18 20:30 - 2015-10-01 13:15 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1003
2015-11-18 20:25 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-16 23:50 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration
2015-11-15 17:06 - 2014-12-20 16:57 - 00001959 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-13 22:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-12 23:13 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-12 21:39 - 2013-06-21 20:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 21:34 - 2013-08-27 20:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 21:29 - 2013-06-17 22:17 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 23:24 - 2015-05-07 21:02 - 00002274 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-11-10 21:59 - 2014-11-29 17:24 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-08 13:16 - 2015-03-08 14:44 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-08 10:34 - 2015-04-23 12:23 - 00000000 ___RD C:\Users\Ulla & Christian\Desktop\Spiele
2015-11-07 22:39 - 2013-06-17 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-07 18:16 - 2013-06-21 23:19 - 00000000 ____D C:\Program Files (x86)\Spiele
2015-11-03 01:23 - 2014-12-13 10:44 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 01:23 - 2014-12-13 10:44 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-06-23 18:04 - 2006-07-18 08:49 - 0587249 _____ (MAGIX AG) C:\Program Files (x86)\addoninstall.exe
2013-06-23 18:04 - 2002-02-13 07:00 - 0022016 _____ (Borland Software Corporation) C:\Program Files (x86)\borlndmm.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 1500160 _____ (Borland Corporation) C:\Program Files (x86)\cc3260mt.dll
2013-06-23 18:04 - 2006-06-28 08:32 - 0004694 _____ () C:\Program Files (x86)\e-mode-upgradedialog.rtf
2013-06-23 18:04 - 2006-06-28 08:32 - 0004716 _____ () C:\Program Files (x86)\e-mode-upgradedlg-exit.rtf
2013-06-23 18:04 - 2013-06-23 18:04 - 0002885 _____ () C:\Program Files (x86)\e-mode.ini
2013-06-23 18:04 - 2006-06-28 09:55 - 0315392 _____ (MAGIX AG) C:\Program Files (x86)\eModeUpgradeDlg.dll
2013-06-23 18:04 - 2003-02-12 10:20 - 0028672 _____ () C:\Program Files (x86)\explore.exe
2013-06-23 18:04 - 2006-07-26 15:46 - 2442752 _____ (MAGIX) C:\Program Files (x86)\FotoClinic.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000707 _____ () C:\Program Files (x86)\FotoClinic.ini
2013-06-23 18:04 - 2013-06-23 18:04 - 0001138 _____ () C:\Program Files (x86)\Install.cfg
2013-06-23 18:04 - 2013-06-23 18:04 - 0040289 _____ () C:\Program Files (x86)\INSTALL.LOG
2013-06-23 18:04 - 2013-06-23 18:04 - 0006564 _____ () C:\Program Files (x86)\INSTALL1.LOG
2013-06-23 18:04 - 2006-07-17 09:58 - 0184320 _____ (MAGIX AG) C:\Program Files (x86)\instslct.exe
2013-06-23 18:04 - 2006-07-26 15:29 - 0100352 _____ () C:\Program Files (x86)\libpng.dll
2013-06-23 18:04 - 2005-06-16 08:43 - 0008980 _____ () C:\Program Files (x86)\license.txt
2013-06-23 18:04 - 2005-08-08 14:51 - 0786305 _____ () C:\Program Files (x86)\MAGIX Creation Logo.pdf
2013-06-23 18:04 - 2004-04-15 14:48 - 0032768 _____ () C:\Program Files (x86)\MagixUpdater.exe
2013-06-23 18:04 - 2006-04-25 09:27 - 0014810 _____ () C:\Program Files (x86)\order.rtf
2013-06-23 18:04 - 2005-03-04 17:51 - 0005509 _____ () C:\Program Files (x86)\pa.cnt
2013-06-23 18:04 - 2005-03-04 17:51 - 0361656 _____ () C:\Program Files (x86)\pa.hlp
2013-06-23 18:04 - 2006-07-26 15:46 - 0055296 _____ () C:\Program Files (x86)\palng.dll
2013-06-23 18:04 - 2006-07-26 15:45 - 0240128 _____ () C:\Program Files (x86)\pcomponents.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0018432 _____ () C:\Program Files (x86)\ps8bf.dll
2013-06-23 18:04 - 2013-06-23 18:04 - 0002757 _____ () C:\Program Files (x86)\register.rtf
2013-06-23 18:04 - 1999-12-10 12:00 - 0431376 _____ (Microsoft Corporation) C:\Program Files (x86)\riched20.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 0685056 _____ (Borland Software Corporation) C:\Program Files (x86)\rtl60.bpl
2013-06-23 18:04 - 2003-03-17 05:04 - 0618496 _____ () C:\Program Files (x86)\stlpmt45.dll
2013-06-23 18:04 - 2005-11-02 14:34 - 0016460 _____ () C:\Program Files (x86)\support.rtf
2013-06-23 18:04 - 2006-07-17 12:30 - 0129024 _____ () C:\Program Files (x86)\uninstall.exe
2013-06-23 18:04 - 2002-02-18 10:06 - 0006034 _____ () C:\Program Files (x86)\uninstall.ini
2013-06-23 18:04 - 2006-07-17 10:09 - 0081920 _____ (MAGIX AG) C:\Program Files (x86)\unwise.adf
2013-06-23 18:04 - 2006-07-17 10:10 - 0176128 _____ (MAGIX AG) C:\Program Files (x86)\unwise.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000723 _____ () C:\Program Files (x86)\unwise.ini
2013-06-23 18:04 - 2006-07-26 13:50 - 0139264 _____ () C:\Program Files (x86)\UpgradeInfo.exe
2013-06-23 18:04 - 2006-02-14 14:03 - 0024576 _____ (Magix AG) C:\Program Files (x86)\Validation.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000140 _____ () C:\Program Files (x86)\Validation.ini
2013-06-23 18:04 - 2002-02-13 07:00 - 1326080 _____ (Borland Software Corporation) C:\Program Files (x86)\vcl60.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0046080 _____ () C:\Program Files (x86)\zlib.dll
2015-11-30 13:54 - 2015-11-30 13:56 - 0000050 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2013-07-05 20:36 - 2015-11-29 21:25 - 0000462 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:23 - 2015-11-29 21:26 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2013-12-25 21:18 - 2015-10-20 22:01 - 0028256 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2013-12-25 21:14 - 2013-12-25 21:16 - 0028295 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
2013-10-20 11:29 - 2015-07-02 13:29 - 0005632 _____ () C:\Users\Ulla & Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-29 21:23 - 2015-11-29 21:34 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2013-12-10 20:40 - 2015-09-13 22:27 - 0007605 _____ () C:\Users\Ulla & Christian\AppData\Local\resmon.resmoncfg
2015-05-17 15:41 - 2015-05-17 15:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-29 21:21 - 2015-11-29 21:23 - 0006921 _____ () C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 0002401 _____ () C:\ProgramData\how_recover+yer.txt
2013-06-16 20:51 - 2013-06-16 20:51 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-07-10 21:31 - 2013-07-10 21:42 - 0020531 ____H () C:\ProgramData\R49LW

Einige Dateien in TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\avgnt.exe
C:\Users\Ulla & Christian\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-29 14:04

==================== Ende von FRST.txt ============================
         
Die Addition.txt erscheint nicht/finde ich nicht. Jedenfalls keine, die nach dem letzten Scan erstellt wurde.


Kann mir jemand helfen?

Im Voraus schon mal Danke.

Christian

Alt 01.12.2015, 06:43   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Virus hängt an alle Dateien .vvv - Standard

Virus hängt an alle Dateien .vvv



Hi,

Entschlüsselung unmöglich, Bereinigung eventuell. Sollen wir eine Bereinigung versuchen?

Dann bitte FRST öffnen, Haken setzen bei Addition und scannen, poste bitte die Addition.txt.
__________________

__________________

Alt 01.12.2015, 10:17   #3
chke
 
Virus hängt an alle Dateien .vvv - Standard

Virus hängt an alle Dateien .vvv



Hallo Schrauber,

gerne.

Hier die addition.tx.
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
durchgeführt von Ulla & Christian (Administrator) auf PC (01-12-2015 00:13:46)
Gestartet von C:\Users\Ulla & Christian\Downloads
Geladene Profile: Ulla & Christian &  (Verfügbare Profile: Ulla & Christian & Jan)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(The OpenVPN Project) C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avcenter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard )
HKLM\...\Run: [Ocs_SM] => C:\Users\Ulla & Christian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-06-17] (OCS)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe [788176 2015-11-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [openvpn-gui] => C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe [436776 2013-06-14] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\Sicherheit-Ordnung\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\Sicherheit-Ordnung\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+yer.html [2015-11-29] ()
Startup: C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+yer.txt [2015-11-29] ()
GroupPolicyUsers\S-1-5-21-3876800203-89553269-3656360523-1003\User: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{82DFC5A4-518D-445C-A2B1-591A6747A3D5}: [DhcpNameServer] 192.168.103.1 192.168.103.20
Tcpip\..\Interfaces\{B56279DC-0CCA-4C4C-8F65-B5B765D59070}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
URLSearchHook: [S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {0376A5AC-5698-4CFB-BF5B-1A12FE88CE17} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {2B9277F9-9AFF-4BE1-8D9F-5C47ACDE8AF9} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E616D617A6F6E2E64652F732F7265663D617A735F6F73645F69656164653F69653D5554462D38267461673D68702D6465312D7673622D3231266C696E6B253546636F64653D717326696E6465783D617073266669656C642D6B6579776F7264733D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {68DA0295-7A32-4CC5-A929-A2513D7186F0} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {B52B0020-6410-4905-8380-4EED9883BE80} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D3135343334352D31323132382D322F34203F6D7072653D687474702533412532462532467777772E656261792E636F6D2532467363682532462533465F6E6B772533447B7365617263685465726D737D266B6579776F72643D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {F2109080-1672-4F41-BDB0-B480859F3699} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0376A5AC-5698-4CFB-BF5B-1A12FE88CE17} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2B9277F9-9AFF-4BE1-8D9F-5C47ACDE8AF9} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E616D617A6F6E2E64652F732F7265663D617A735F6F73645F69656164653F69653D5554462D38267461673D68702D6465312D7673622D3231266C696E6B253546636F64653D717326696E6465783D617073266669656C642D6B6579776F7264733D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {68DA0295-7A32-4CC5-A929-A2513D7186F0} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B52B0020-6410-4905-8380-4EED9883BE80} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D3135343334352D31323132382D322F34203F6D7072653D687474702533412532462532467777772E656261792E636F6D2532467363682532462533465F6E6B772533447B7365617263685465726D737D266B6579776F72643D7B7365617263685465726D737D&st={searchTerms}&clid=8106a2b4-3f40-4652-b50f-5ed672b28841&pid=fotofreeware&k=0
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F2109080-1672-4F41-BDB0-B480859F3699} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Toolbar: HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\Filme - Video\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @ei.UtilityChest_49.com/Plugin -> C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\NP49EISB.dll [2013-07-02] (Utility Chest)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Bilder\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3876800203-89553269-3656360523-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ulla & Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3876800203-89553269-3656360523-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ulla & Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-10-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2010-07-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-10-12] (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.html [2015-11-29]
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.txt [2015-11-29]
FF Extension: Shrunked Image Resizer - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\extensions\shrunked@darktrojan.net.xpi [2015-09-14]
FF Extension: Avira Browser Safety - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\Extensions\abs@avira.com [2015-11-29] [ist nicht signiert]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avmailc7.exe [936544 2015-11-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe [466408 2015-11-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe [466408 2015-11-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avwebg7.exe [1105952 2015-11-10] (Avira Operations GmbH & Co. KG)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2015\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [Datei ist nicht signiert]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
S3 OpenVPNService; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [Datei ist nicht signiert]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-12-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-04-27] () [Datei ist nicht signiert]
R2 ammntdrv; C:\windows\system32\ammntdrv.sys [151480 2013-04-27] () [Datei ist nicht signiert]
R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [17848 2013-02-06] () [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-09-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-08-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-09-23] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-01 00:11 - 2015-12-01 00:11 - 00000000 _____ C:\Users\Ulla & Christian\defogger_reenable
2015-12-01 00:10 - 2015-12-01 00:10 - 00050477 _____ C:\Users\Ulla & Christian\Downloads\Defogger.exe
2015-11-30 23:21 - 2015-12-01 00:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-30 23:21 - 2015-11-30 23:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 23:21 - 2015-11-30 23:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-30 23:19 - 2015-11-30 23:49 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-30 23:19 - 2015-11-30 23:19 - 00000000 ____D C:\Malwarebytes
2015-11-30 23:18 - 2015-11-30 23:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ulla & Christian\Downloads\mbar-1.09.3.1001.exe
2015-11-30 23:06 - 2015-11-30 23:07 - 00053534 _____ C:\Users\Ulla & Christian\Downloads\Addition.txt
2015-11-30 23:05 - 2015-12-01 00:13 - 00030188 _____ C:\Users\Ulla & Christian\Downloads\FRST.txt
2015-11-30 23:05 - 2015-12-01 00:13 - 00000000 ____D C:\FRST
2015-11-30 23:04 - 2015-11-30 23:04 - 02350080 _____ (Farbar) C:\Users\Ulla & Christian\Downloads\FRST64(1).exe
2015-11-30 23:02 - 2015-11-30 23:02 - 02350080 _____ (Farbar) C:\Users\Ulla & Christian\Downloads\FRST64.exe
2015-11-30 13:54 - 2015-11-30 13:56 - 00000050 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2015-11-30 13:54 - 2015-11-30 13:55 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-29 22:45 - 2015-11-29 22:45 - 00024261 _____ C:\Users\Ulla & Christian\Downloads\RX_151129_Bestellbestaetigung_VID3_2245.pdf
2015-11-29 21:46 - 2015-11-29 21:46 - 00006921 _____ C:\WINDOWS\Tasks\how_recover+yer.html
2015-11-29 21:46 - 2015-11-29 21:46 - 00002401 _____ C:\WINDOWS\Tasks\how_recover+yer.txt
2015-11-29 21:45 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\how_recover+yer.html
2015-11-29 21:45 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:33 - 00006921 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:33 - 00002401 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.txt
2015-11-29 21:26 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.html
2015-11-29 21:26 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Downloads\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Downloads\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Documents\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Documents\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\ProgramData\how_recover+yer.txt
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-11-29 21:18 - 2015-11-29 21:18 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\7 Zip 32 Bit - CHIP-Installer.exe
2015-11-29 21:16 - 2015-11-29 21:26 - 00000670 _____ C:\Users\Ulla & Christian\Documents\recover_file_jkvrflnqu.txt.vvv
2015-11-28 23:24 - 2015-11-28 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-11-28 23:22 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-11-28 23:22 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-11-28 23:22 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-11-28 23:22 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-11-28 23:21 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-11-28 23:21 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-11-28 23:21 - 2015-10-10 19:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2015-11-28 23:21 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-11-28 23:21 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-11-28 23:21 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-11-28 23:21 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-11-28 23:21 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-28 23:21 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-11-28 23:21 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-11-28 23:21 - 2015-09-28 19:31 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-11-28 23:21 - 2015-09-28 19:24 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-11-28 23:21 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-11-28 22:23 - 2015-11-28 22:23 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(3).exe
2015-11-25 23:20 - 2015-11-25 23:23 - 88173384 _____ (Buhl Data Service GmbH) C:\Users\Ulla & Christian\Downloads\WISOFinanz2016.exe
2015-11-23 07:26 - 2015-11-29 21:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\DataDesign
2015-11-22 17:53 - 2015-11-22 17:54 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(2).exe
2015-11-18 20:20 - 2015-11-18 20:20 - 00000000 ____D C:\Users\Jan\AppData\Roaming\HpUpdate
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-14 17:17 - 2015-11-30 23:51 - 00008510 _____ C:\WINDOWS\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
2015-11-10 23:24 - 2015-11-10 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-10 19:37 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 19:37 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 19:37 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 19:37 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-10 19:37 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 19:37 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-10 19:37 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-10 19:37 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-10 19:37 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-10 19:37 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-10 19:37 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-10 19:35 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-10 19:35 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-10 19:35 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-10 19:35 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-10 19:35 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-10 19:35 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 19:35 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 19:35 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-10 19:35 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 19:35 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 19:35 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-10 19:35 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-10 19:35 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-10 19:35 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-10 19:35 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-10 19:35 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-10 19:35 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-10 19:35 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-10 19:35 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-10 19:35 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-10 19:35 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-10 19:35 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-10 19:35 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-10 19:35 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-10 19:35 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-10 19:35 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-10 19:30 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-10 19:30 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-10 19:30 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-10 19:30 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-10 19:30 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-07 18:17 - 2015-11-07 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-11-07 18:14 - 2015-11-07 18:14 - 07369576 _____ (Wargaming.net ) C:\Users\Ulla & Christian\Downloads\WoWS_internet_install_eu.exe
2015-11-07 15:58 - 2015-11-07 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 12:48 - 2015-11-06 12:49 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(1).exe
2015-11-03 13:42 - 2015-11-29 21:23 - 00000000 ____D C:\Users\Ulla & Christian\.android
2015-11-03 13:41 - 2015-11-29 21:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MyPhoneExplorer
2015-11-03 13:41 - 2015-11-03 13:41 - 00002078 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2015-11-03 13:41 - 2015-11-03 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2015-11-03 13:41 - 2015-11-03 13:41 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2015-11-03 13:39 - 2015-11-03 13:39 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\MyPhoneExplorer - CHIP-Installer(1).exe
2015-11-03 13:37 - 2015-11-03 13:38 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\MyPhoneExplorer - CHIP-Installer.exe
2015-11-02 11:28 - 2015-11-02 11:28 - 00000383 _____ C:\ftconfig.ini
2015-11-01 22:19 - 2015-11-29 21:33 - 00392270 _____ C:\Users\Ulla & Christian\Downloads\10984200_908781199162434_4585968420000991718_o.jpg.vvv

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-01 00:11 - 2014-11-27 07:27 - 00000000 ____D C:\Users\Ulla & Christian
2015-11-30 23:59 - 2013-09-12 20:04 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-30 23:51 - 2014-09-24 07:17 - 01989598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-30 23:51 - 2014-09-24 06:43 - 00844836 _____ C:\WINDOWS\system32\perfh007.dat
2015-11-30 23:51 - 2014-09-24 06:43 - 00192568 _____ C:\WINDOWS\system32\perfc007.dat
2015-11-30 23:51 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-11-30 23:45 - 2014-11-27 07:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-30 23:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-11-30 23:45 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-30 23:45 - 2013-08-22 15:44 - 00505968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-30 23:44 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-30 23:06 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-11-30 13:55 - 2014-11-27 07:18 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-30 13:14 - 2013-06-16 20:58 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1001
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-11-29 21:45 - 2014-08-31 18:37 - 00000000 ___RD C:\Users\Ulla & Christian\SkyDrive
2015-11-29 21:45 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\VirtualStore
2015-11-29 21:34 - 2015-09-03 14:21 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner (2)
2015-11-29 21:34 - 2015-04-04 14:47 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner
2015-11-29 21:34 - 2013-10-05 10:52 - 00000000 ___RD C:\Users\Ulla & Christian\Dropbox
2015-11-29 21:34 - 2013-06-25 13:22 - 00000000 ____D C:\Users\Ulla & Christian\Mozilla Thunderbird
2015-11-29 21:33 - 2015-10-28 22:39 - 00113870 _____ C:\Users\Ulla & Christian\Downloads\ZIAUFEIN_gquatybzpgcfmcaexqtkhxyk6abcs.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:31 - 00020558 _____ C:\Users\Ulla & Christian\Downloads\_14576829_KuendigungsbestaetigungneuerLieferant_20151027_408d6e5b9a03c91b25785313609ad7d0.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:24 - 00021150 _____ C:\Users\Ulla & Christian\Downloads\_122679474_KuendigungsbestaetigungneuerLieferant_20151027_16f7742108956c86b068dca1a61d62c6.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:20 - 00566430 _____ C:\Users\Ulla & Christian\Downloads\005056881A0F1EE59F995BDDE2AF0EF0.pdf.vvv
2015-11-29 21:33 - 2015-10-25 12:55 - 01781646 _____ C:\Users\Ulla & Christian\Downloads\Ahnenblatt-Handbuch.pdf.vvv
2015-11-29 21:33 - 2015-09-28 21:21 - 00451534 _____ C:\Users\Ulla & Christian\Downloads\320.pdf.vvv
2015-11-29 21:33 - 2015-09-20 20:07 - 00313454 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Preisinformation_20150908_005df263fe16be59a1e07e1fd8a76672.pdf.vvv
2015-11-29 21:33 - 2015-09-13 12:54 - 00122526 _____ C:\Users\Ulla & Christian\Downloads\2390_499_1.PDF.vvv
2015-11-29 21:33 - 2015-09-13 12:32 - 00114462 _____ C:\Users\Ulla & Christian\Downloads\2390_493_1.PDF.vvv
2015-11-29 21:33 - 2015-08-15 23:11 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Lacey
2015-11-29 21:33 - 2015-08-15 22:19 - 09891454 _____ C:\Users\Ulla & Christian\Downloads\freemusicdownloader_1-59.zip.vvv
2015-11-29 21:33 - 2015-05-17 20:41 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721(1).pdf.vvv
2015-11-29 21:33 - 2015-05-17 20:38 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721.pdf.vvv
2015-11-29 21:33 - 2015-04-11 15:42 - 00178222 _____ C:\Users\Ulla & Christian\Downloads\rlmpdf.pdf.vvv
2015-11-29 21:33 - 2015-03-06 20:40 - 00984990 _____ C:\Users\Ulla & Christian\Downloads\Bedarfsfeldbroschuere_Vermoegen_anlegen_VR.pdf.vvv
2015-11-29 21:33 - 2015-01-09 23:24 - 01414318 _____ C:\Users\Ulla & Christian\Downloads\Syno_QIG_2bay2_deu.pdf.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 30247390 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_110114.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 11537854 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_Utility99.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:26 - 21632238 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_v1_110825.zip.vvv
2015-11-29 21:33 - 2014-12-21 14:12 - 00027790 _____ C:\Users\Ulla & Christian\Downloads\RX_141221_Bestellbestaetigung_VID616_1412.pdf.vvv
2015-11-29 21:33 - 2014-11-23 21:39 - 00039278 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Lieferbestaetigung_20141121_df4db33247be1b6428d8ec0eb7955911.pdf.vvv
2015-11-29 21:33 - 2014-10-25 22:41 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Gameforge Live
2015-11-29 21:33 - 2014-08-03 12:06 - 00225342 _____ C:\Users\Ulla & Christian\Downloads\testresultate_farbspruehgeraete.pdf.vvv
2015-11-29 21:33 - 2014-07-28 19:47 - 00916606 _____ C:\Users\Ulla & Christian\Downloads\flexibrass.pdf.vvv
2015-11-29 21:33 - 2014-05-27 19:08 - 00342942 _____ C:\Users\Ulla & Christian\Downloads\IMM1294E.PDF.vvv
2015-11-29 21:33 - 2014-05-27 18:54 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent(1).pdf.vvv
2015-11-29 21:33 - 2014-05-10 14:46 - 00239358 _____ C:\Users\Ulla & Christian\Downloads\document.pdf.vvv
2015-11-29 21:33 - 2014-05-04 12:08 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent.pdf.vvv
2015-11-29 21:33 - 2014-02-13 22:20 - 00078174 _____ C:\Users\Ulla & Christian\Downloads\identificationAstIdent.PDF.vvv
2015-11-29 21:33 - 2013-12-21 20:55 - 00001150 _____ C:\Users\Ulla & Christian\Downloads\umsatz-5232________0800-20131221.csv.vvv
2015-11-29 21:33 - 2013-12-01 19:02 - 00000000 ____D C:\Users\Ulla & Christian\Documents\SelfMV
2015-11-29 21:33 - 2013-10-05 20:18 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister
2015-11-29 21:33 - 2013-07-25 15:22 - 00000000 ___RD C:\Users\Ulla & Christian\Documents\Scanned Documents
2015-11-29 21:33 - 2013-07-12 21:07 - 00509358 _____ C:\Users\Ulla & Christian\Downloads\15875_1373659579.pdf.vvv
2015-11-29 21:33 - 2013-07-12 21:05 - 00103934 _____ C:\Users\Ulla & Christian\Downloads\versicherungsbedingungen_indiv_praktikum.pdf.vvv
2015-11-29 21:33 - 2013-07-03 22:32 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Volition
2015-11-29 21:33 - 2013-06-30 13:26 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister Backup
2015-11-29 21:33 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\Documents\WISO Mein Geld
2015-11-29 21:33 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\Documents\samsung
2015-11-29 21:26 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WorldofTanks
2015-11-29 21:26 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Skype
2015-11-29 21:26 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\Documents\My Games
2015-11-29 21:26 - 2013-07-25 15:22 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Fax
2015-11-29 21:26 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Amazon MP3
2015-11-29 21:26 - 2013-07-05 20:19 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\vlc
2015-11-29 21:26 - 2013-07-05 20:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WebApp
2015-11-29 21:26 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\Documents\CyberLink
2015-11-29 21:26 - 2013-07-02 22:05 - 00000000 ____D C:\Users\Ulla & Christian\Documents\default
2015-11-29 21:26 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Thunderbird
2015-11-29 21:26 - 2013-06-22 08:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Wargaming.net
2015-11-29 21:26 - 2013-06-21 22:14 - 00000000 ____D C:\Users\Ulla & Christian\Bilder
2015-11-29 21:26 - 2013-06-18 01:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WinBatch
2015-11-29 21:26 - 2013-06-17 13:03 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Ahnenblatt
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.system.package.metadata
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.applications.package.appdata
2015-11-29 21:25 - 2015-10-25 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2015-11-29 21:25 - 2015-05-17 15:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Hewlett-Packard
2015-11-29 21:25 - 2015-05-17 15:42 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\HpUpdate
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\java
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\.minecraft
2015-11-29 21:25 - 2014-12-24 22:48 - 00000000 __SHD C:\Users\Ulla & Christian\AppData\LocalLow\EmieSiteList
2015-11-29 21:25 - 2014-12-13 11:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\hpqLog
2015-11-29 21:25 - 2014-11-20 09:32 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Iminent
2015-11-29 21:25 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera Software
2015-11-29 21:25 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks
2015-11-29 21:25 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\WorldofTanks
2015-11-29 21:25 - 2014-09-24 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Temp
2015-11-29 21:25 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Skype
2015-11-29 21:25 - 2014-02-02 11:21 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-11-29 21:25 - 2013-12-22 18:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Sun
2015-11-29 21:25 - 2013-10-05 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ArcSoft
2015-11-29 21:25 - 2013-10-05 10:49 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-29 21:25 - 2013-10-05 10:48 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Dropbox
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\WarThunder
2015-11-29 21:25 - 2013-09-01 20:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Leadertech
2015-11-29 21:25 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ICAClient
2015-11-29 21:25 - 2013-08-26 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Sophos
2015-11-29 21:25 - 2013-08-26 19:50 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2015-11-29 21:25 - 2013-08-09 18:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2015-11-29 21:25 - 2013-08-07 20:57 - 00000000 __RHD C:\Users\Ulla & Christian\AppData\Roaming\SecuROM
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Program Files
2015-11-29 21:25 - 2013-07-10 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging
2015-11-29 21:25 - 2013-07-10 21:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Lasersoft Imaging
2015-11-29 21:25 - 2013-07-05 20:39 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Media Player Classic
2015-11-29 21:25 - 2013-07-05 20:36 - 00000462 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:25 - 2013-07-05 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\dvdcss
2015-11-29 21:25 - 2013-07-05 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Windows Live
2015-11-29 21:25 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\CyberLink
2015-11-29 21:25 - 2013-07-05 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Mozilla
2015-11-29 21:25 - 2013-07-03 22:40 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga
2015-11-29 21:25 - 2013-07-03 22:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele
2015-11-29 21:25 - 2013-07-02 22:15 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\AVS4YOU
2015-11-29 21:25 - 2013-07-02 22:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ashampoo
2015-11-29 21:25 - 2013-07-02 13:12 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\UtilityChest_49EI
2015-11-29 21:25 - 2013-07-02 06:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canon
2015-11-29 21:25 - 2013-07-01 22:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Adobe
2015-11-29 21:25 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Thunderbird
2015-11-29 21:25 - 2013-06-23 20:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-11-29 21:25 - 2013-06-23 18:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Avira
2015-11-29 21:25 - 2013-06-23 17:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canneverbe Limited
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service GmbH
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service
2015-11-29 21:25 - 2013-06-19 21:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\NVIDIA
2015-11-29 21:25 - 2013-06-18 13:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft Web Folders
2015-11-29 21:25 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MediaMonkey
2015-11-29 21:25 - 2013-06-17 21:47 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
2015-11-29 21:25 - 2013-06-17 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera
2015-11-29 21:25 - 2013-06-17 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\OCS
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Samsung
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Samsung
2015-11-29 21:25 - 2013-06-17 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ahnenblatt
2015-11-29 21:25 - 2013-06-16 21:38 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Macromedia
2015-11-29 21:25 - 2013-06-16 20:53 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Adobe
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Hewlett-Packard
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Power2Go8
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Packages
2015-11-29 21:24 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Opera Software
2015-11-29 21:24 - 2013-06-21 20:57 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Microsoft Help
2015-11-29 21:24 - 2013-06-17 22:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Mozilla
2015-11-29 21:23 - 2015-06-09 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\GWX
2015-11-29 21:23 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\Visan
2015-11-29 21:23 - 2015-01-10 22:40 - 00000000 ____D C:\ProgramData\Synology
2015-11-29 21:23 - 2014-11-27 07:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-29 21:23 - 2014-11-17 00:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-29 21:23 - 2014-08-31 18:37 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-11-29 21:23 - 2014-08-17 16:22 - 00000000 ____D C:\ProgramData\Skype
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Sun
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Oracle
2015-11-29 21:23 - 2013-11-14 20:02 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-11-29 21:23 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\tmp
2015-11-29 21:23 - 2013-10-03 19:03 - 00000000 ____D C:\Users\Ulla & Christian\2013_10_03
2015-11-29 21:23 - 2013-09-25 20:16 - 00000000 ____D C:\ProgramData\WarThunder
2015-11-29 21:23 - 2013-09-25 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Gameforge4d
2015-11-29 21:23 - 2013-09-01 20:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech® Webcam-Software
2015-11-29 21:23 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Citrix
2015-11-29 21:23 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-29 21:23 - 2013-07-12 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Apps\2.0
2015-11-29 21:23 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Public\CyberLink
2015-11-29 21:23 - 2013-07-04 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\DFH
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Public\Documents\Softwrap
2015-11-29 21:23 - 2013-07-02 22:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ashampoo
2015-11-29 21:23 - 2013-07-02 06:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP
2015-11-29 21:23 - 2013-06-30 15:28 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP Quick Start
2015-11-29 21:23 - 2013-06-23 18:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ArcSoft
2015-11-29 21:23 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Buhl Data Service
2015-11-29 21:23 - 2013-06-23 11:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Macromedia
2015-11-29 21:23 - 2013-06-17 22:27 - 00000000 ____D C:\ProgramData\Mozilla
2015-11-29 21:23 - 2013-06-17 21:59 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Google
2015-11-29 21:23 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\MediaMonkey
2015-11-29 21:23 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-11-29 21:23 - 2013-06-17 21:33 - 00000000 ____D C:\ProgramData\Samsung
2015-11-29 21:23 - 2013-06-17 21:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Downloaded Installations
2015-11-29 21:23 - 2013-06-17 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Adobe
2015-11-29 21:23 - 2013-06-16 21:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Hewlett-Packard
2015-11-29 21:23 - 2013-06-16 20:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\Users\Public\Symantec
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\ProgramData\Norton
2015-11-29 21:23 - 2013-01-12 06:37 - 00000000 ____D C:\ProgramData\NortonInstaller
2015-11-29 21:23 - 2013-01-12 06:36 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2015-11-29 21:23 - 2013-01-12 06:23 - 00000000 ____D C:\ProgramData\Temp
2015-11-29 21:23 - 2013-01-12 06:14 - 00000000 ____D C:\ProgramData\SoundResearch
2015-11-29 21:23 - 2012-08-10 16:06 - 00000000 ____D C:\ProgramData\PRICache
2015-11-29 21:23 - 2010-01-25 22:35 - 00000000 ___DC C:\ProgramData\Mozilla Thunderbird
2015-11-29 21:22 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-11-29 21:22 - 2015-05-17 15:41 - 00000000 ____D C:\ProgramData\HP
2015-11-29 21:22 - 2014-12-20 16:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-11-29 21:22 - 2014-11-20 09:32 - 00000000 ____D C:\ProgramData\Iminent
2015-11-29 21:22 - 2013-11-26 07:45 - 00000000 ____D C:\ProgramData\McAfee
2015-11-29 21:22 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\hps
2015-11-29 21:22 - 2013-09-01 21:25 - 00000000 ____D C:\ProgramData\FLEXnet
2015-11-29 21:22 - 2013-09-01 20:00 - 00000000 ____D C:\ProgramData\LogiShrd
2015-11-29 21:22 - 2013-07-03 22:32 - 00000000 ____D C:\ProgramData\InstallMate
2015-11-29 21:22 - 2013-06-23 18:07 - 00000000 ____D C:\ProgramData\eBay
2015-11-29 21:22 - 2013-06-21 22:16 - 00000000 ____D C:\ProgramData\MediaMonkey
2015-11-29 21:22 - 2013-01-12 06:25 - 00000000 ____D C:\ProgramData\install_clap
2015-11-29 21:22 - 2013-01-12 06:19 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-29 21:21 - 2015-01-10 19:07 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2015-11-29 21:21 - 2014-11-27 08:00 - 00000000 ____D C:\ProgramData\AmUStor
2015-11-29 21:21 - 2013-08-27 20:03 - 00000000 ____D C:\ProgramData\Citrix
2015-11-29 21:21 - 2013-07-02 22:20 - 00000000 ____D C:\ProgramData\AomeiBR
2015-11-29 21:21 - 2013-07-02 22:00 - 00000000 ____D C:\ProgramData\Ashampoo
2015-11-29 21:21 - 2013-07-02 06:37 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-11-29 21:21 - 2013-07-01 20:47 - 00000000 ____D C:\ProgramData\Adobe
2015-11-29 21:21 - 2013-06-23 20:30 - 00000000 ____D C:\ProgramData\AVS4YOU
2015-11-29 21:21 - 2013-06-23 18:11 - 00000000 ____D C:\ProgramData\ArcSoft
2015-11-29 21:21 - 2013-06-23 17:57 - 00000000 ____D C:\ProgramData\Avira
2015-11-29 21:21 - 2013-06-23 17:55 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-11-29 21:21 - 2013-06-23 11:35 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\Apple
2015-11-29 21:18 - 2012-10-12 04:21 - 00000000 _RSHD C:\SYSTEM.SAV
2015-11-29 21:17 - 2013-07-01 23:00 - 00000000 ____D C:\Program Files (x86)l
2015-11-29 21:17 - 2013-06-18 21:29 - 00000000 ____D C:\sources
2015-11-29 21:17 - 2012-10-12 04:24 - 00000000 ____D C:\SWSETUP
2015-11-29 21:16 - 2014-07-03 20:43 - 00000000 ____D C:\My Music
2015-11-29 21:16 - 2013-01-07 12:12 - 00000000 _RSHD C:\hp
2015-11-28 23:24 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-23 06:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-18 20:56 - 2015-10-06 19:48 - 00001048 _____ C:\Users\Jan\Desktop\nativelog.txt
2015-11-18 20:56 - 2015-10-03 14:43 - 00000000 ____D C:\Users\Jan\AppData\Roaming\.minecraft
2015-11-18 20:30 - 2015-10-01 13:15 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1003
2015-11-18 20:25 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-16 23:50 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration
2015-11-15 17:06 - 2014-12-20 16:57 - 00001959 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-13 22:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-12 23:13 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-12 21:39 - 2013-06-21 20:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 21:34 - 2013-08-27 20:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 21:29 - 2013-06-17 22:17 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 23:24 - 2015-05-07 21:02 - 00002274 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-11-10 21:59 - 2014-11-29 17:24 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-08 13:16 - 2015-03-08 14:44 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-08 10:34 - 2015-04-23 12:23 - 00000000 ___RD C:\Users\Ulla & Christian\Desktop\Spiele
2015-11-07 22:39 - 2013-06-17 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-07 18:16 - 2013-06-21 23:19 - 00000000 ____D C:\Program Files (x86)\Spiele
2015-11-03 01:23 - 2014-12-13 10:44 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 01:23 - 2014-12-13 10:44 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-06-23 18:04 - 2006-07-18 08:49 - 0587249 _____ (MAGIX AG) C:\Program Files (x86)\addoninstall.exe
2013-06-23 18:04 - 2002-02-13 07:00 - 0022016 _____ (Borland Software Corporation) C:\Program Files (x86)\borlndmm.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 1500160 _____ (Borland Corporation) C:\Program Files (x86)\cc3260mt.dll
2013-06-23 18:04 - 2006-06-28 08:32 - 0004694 _____ () C:\Program Files (x86)\e-mode-upgradedialog.rtf
2013-06-23 18:04 - 2006-06-28 08:32 - 0004716 _____ () C:\Program Files (x86)\e-mode-upgradedlg-exit.rtf
2013-06-23 18:04 - 2013-06-23 18:04 - 0002885 _____ () C:\Program Files (x86)\e-mode.ini
2013-06-23 18:04 - 2006-06-28 09:55 - 0315392 _____ (MAGIX AG) C:\Program Files (x86)\eModeUpgradeDlg.dll
2013-06-23 18:04 - 2003-02-12 10:20 - 0028672 _____ () C:\Program Files (x86)\explore.exe
2013-06-23 18:04 - 2006-07-26 15:46 - 2442752 _____ (MAGIX) C:\Program Files (x86)\FotoClinic.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000707 _____ () C:\Program Files (x86)\FotoClinic.ini
2013-06-23 18:04 - 2013-06-23 18:04 - 0001138 _____ () C:\Program Files (x86)\Install.cfg
2013-06-23 18:04 - 2013-06-23 18:04 - 0040289 _____ () C:\Program Files (x86)\INSTALL.LOG
2013-06-23 18:04 - 2013-06-23 18:04 - 0006564 _____ () C:\Program Files (x86)\INSTALL1.LOG
2013-06-23 18:04 - 2006-07-17 09:58 - 0184320 _____ (MAGIX AG) C:\Program Files (x86)\instslct.exe
2013-06-23 18:04 - 2006-07-26 15:29 - 0100352 _____ () C:\Program Files (x86)\libpng.dll
2013-06-23 18:04 - 2005-06-16 08:43 - 0008980 _____ () C:\Program Files (x86)\license.txt
2013-06-23 18:04 - 2005-08-08 14:51 - 0786305 _____ () C:\Program Files (x86)\MAGIX Creation Logo.pdf
2013-06-23 18:04 - 2004-04-15 14:48 - 0032768 _____ () C:\Program Files (x86)\MagixUpdater.exe
2013-06-23 18:04 - 2006-04-25 09:27 - 0014810 _____ () C:\Program Files (x86)\order.rtf
2013-06-23 18:04 - 2005-03-04 17:51 - 0005509 _____ () C:\Program Files (x86)\pa.cnt
2013-06-23 18:04 - 2005-03-04 17:51 - 0361656 _____ () C:\Program Files (x86)\pa.hlp
2013-06-23 18:04 - 2006-07-26 15:46 - 0055296 _____ () C:\Program Files (x86)\palng.dll
2013-06-23 18:04 - 2006-07-26 15:45 - 0240128 _____ () C:\Program Files (x86)\pcomponents.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0018432 _____ () C:\Program Files (x86)\ps8bf.dll
2013-06-23 18:04 - 2013-06-23 18:04 - 0002757 _____ () C:\Program Files (x86)\register.rtf
2013-06-23 18:04 - 1999-12-10 12:00 - 0431376 _____ (Microsoft Corporation) C:\Program Files (x86)\riched20.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 0685056 _____ (Borland Software Corporation) C:\Program Files (x86)\rtl60.bpl
2013-06-23 18:04 - 2003-03-17 05:04 - 0618496 _____ () C:\Program Files (x86)\stlpmt45.dll
2013-06-23 18:04 - 2005-11-02 14:34 - 0016460 _____ () C:\Program Files (x86)\support.rtf
2013-06-23 18:04 - 2006-07-17 12:30 - 0129024 _____ () C:\Program Files (x86)\uninstall.exe
2013-06-23 18:04 - 2002-02-18 10:06 - 0006034 _____ () C:\Program Files (x86)\uninstall.ini
2013-06-23 18:04 - 2006-07-17 10:09 - 0081920 _____ (MAGIX AG) C:\Program Files (x86)\unwise.adf
2013-06-23 18:04 - 2006-07-17 10:10 - 0176128 _____ (MAGIX AG) C:\Program Files (x86)\unwise.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000723 _____ () C:\Program Files (x86)\unwise.ini
2013-06-23 18:04 - 2006-07-26 13:50 - 0139264 _____ () C:\Program Files (x86)\UpgradeInfo.exe
2013-06-23 18:04 - 2006-02-14 14:03 - 0024576 _____ (Magix AG) C:\Program Files (x86)\Validation.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000140 _____ () C:\Program Files (x86)\Validation.ini
2013-06-23 18:04 - 2002-02-13 07:00 - 1326080 _____ (Borland Software Corporation) C:\Program Files (x86)\vcl60.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0046080 _____ () C:\Program Files (x86)\zlib.dll
2015-11-30 13:54 - 2015-11-30 13:56 - 0000050 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2013-07-05 20:36 - 2015-11-29 21:25 - 0000462 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:23 - 2015-11-29 21:26 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2013-12-25 21:18 - 2015-10-20 22:01 - 0028256 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2013-12-25 21:14 - 2013-12-25 21:16 - 0028295 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
2013-10-20 11:29 - 2015-07-02 13:29 - 0005632 _____ () C:\Users\Ulla & Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-29 21:23 - 2015-11-29 21:34 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2013-12-10 20:40 - 2015-09-13 22:27 - 0007605 _____ () C:\Users\Ulla & Christian\AppData\Local\resmon.resmoncfg
2015-05-17 15:41 - 2015-05-17 15:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-29 21:21 - 2015-11-29 21:23 - 0006921 _____ () C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 0002401 _____ () C:\ProgramData\how_recover+yer.txt
2013-06-16 20:51 - 2013-06-16 20:51 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-07-10 21:31 - 2013-07-10 21:42 - 0020531 ____H () C:\ProgramData\R49LW

Einige Dateien in TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\avgnt.exe
C:\Users\Ulla & Christian\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-29 14:04

==================== Ende von FRST.txt ============================
         
__________________

Alt 01.12.2015, 19:46   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Virus hängt an alle Dateien .vvv - Standard

Virus hängt an alle Dateien .vvv



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.12.2015, 21:21   #5
chke
 
Virus hängt an alle Dateien .vvv - Standard

Virus hängt an alle Dateien .vvv



Hallo,

ich habe mbar gestern schon laufen lassen. Da hat es 3 Fehler gefunden und behoben.

Heute Abend hat es nichts mehr gefunden.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.12.01.06
  rootkit: v2015.11.26.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18098
Ulla & Christian :: PC [administrator]

01.12.2015 21:33:42
mbar-log-2015-12-01 (21-33-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 435499
Time elapsed: 25 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Der TDSSKiller hat nichts gefunden (ich weiß nicht, ob ich mich darüber freuen soll).
Code:
ATTFilter
22:13:25.0895 0x0ffc  TDSS rootkit removing tool 3.1.0.7 Nov 29 2015 22:37:04
22:13:25.0895 0x0ffc  UEFI system
22:14:08.0870 0x0ffc  ============================================================
22:14:08.0870 0x0ffc  Current date / time: 2015/12/01 22:14:08.0870
22:14:08.0870 0x0ffc  SystemInfo:
22:14:08.0870 0x0ffc  
22:14:08.0870 0x0ffc  OS Version: 6.3.9600 ServicePack: 0.0
22:14:08.0870 0x0ffc  Product type: Workstation
22:14:08.0870 0x0ffc  ComputerName: PC
22:14:08.0870 0x0ffc  UserName: Ulla & Christian
22:14:08.0870 0x0ffc  Windows directory: C:\WINDOWS
22:14:08.0870 0x0ffc  System windows directory: C:\WINDOWS
22:14:08.0870 0x0ffc  Running under WOW64
22:14:08.0870 0x0ffc  Processor architecture: Intel x64
22:14:08.0870 0x0ffc  Number of processors: 4
22:14:08.0870 0x0ffc  Page size: 0x1000
22:14:08.0870 0x0ffc  Boot type: Normal boot
22:14:08.0870 0x0ffc  ============================================================
22:14:09.0667 0x0ffc  KLMD registered as C:\WINDOWS\system32\drivers\94715411.sys
22:14:10.0620 0x0ffc  System UUID: {6E158DDA-BEF9-6DF3-D126-0B059BA19288}
22:14:12.0167 0x0ffc  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:14:12.0198 0x0ffc  ============================================================
22:14:12.0198 0x0ffc  \Device\Harddisk0\DR0:
22:14:12.0198 0x0ffc  GPT partitions:
22:14:12.0198 0x0ffc  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {25FDF47F-DF08-4C32-8441-7284723865BF}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1FF800
22:14:12.0198 0x0ffc  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {AF2C3336-11DF-481C-AF98-0A66A58C2DB3}, Name: EFI system partition, StartLBA 0x200000, BlocksNum 0xB4000
22:14:12.0198 0x0ffc  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {22A34A73-B85E-42D8-A682-4F54106BADFB}, Name: Microsoft reserved partition, StartLBA 0x2B4000, BlocksNum 0x40000
22:14:12.0198 0x0ffc  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {3E123CB9-3670-4D79-B747-C0A6C71D4E39}, Name: Basic data partition, StartLBA 0x2F4000, BlocksNum 0x23696000
22:14:12.0198 0x0ffc  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5C4895AA-990D-4E0D-9445-8ED4FBFF4265}, Name: , StartLBA 0x2398A000, BlocksNum 0xE1000
22:14:12.0198 0x0ffc  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {1F9B68AB-CE7D-44B8-9326-5858CA09620B}, Name: Basic data partition, StartLBA 0x23A6B000, BlocksNum 0x4F587800
22:14:12.0198 0x0ffc  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {FEB7732C-BE78-4E55-93C6-0140768331DB}, Name: Basic data partition, StartLBA 0x72FF3000, BlocksNum 0x1713800
22:14:12.0198 0x0ffc  MBR partitions:
22:14:12.0198 0x0ffc  ============================================================
22:14:12.0214 0x0ffc  C: <-> \Device\Harddisk0\DR0\Partition4
22:14:12.0261 0x0ffc  D: <-> \Device\Harddisk0\DR0\Partition7
22:14:12.0308 0x0ffc  G: <-> \Device\Harddisk0\DR0\Partition6
22:14:12.0308 0x0ffc  ============================================================
22:14:12.0308 0x0ffc  Initialize success
22:14:12.0308 0x0ffc  ============================================================
22:15:23.0620 0x1428  ============================================================
22:15:23.0620 0x1428  Scan started
22:15:23.0620 0x1428  Mode: Manual; SigCheck; TDLFS; 
22:15:23.0620 0x1428  ============================================================
22:15:23.0636 0x1428  KSN ping started
22:15:26.0120 0x1428  KSN ping finished: true
22:15:28.0745 0x1428  ================ Scan system memory ========================
22:15:28.0745 0x1428  System memory - ok
22:15:28.0745 0x1428  ================ Scan services =============================
22:15:28.0948 0x1428  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
22:15:29.0027 0x1428  1394ohci - ok
22:15:29.0058 0x1428  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
22:15:29.0073 0x1428  3ware - ok
22:15:29.0105 0x1428  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
22:15:29.0136 0x1428  ACPI - ok
22:15:29.0152 0x1428  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
22:15:29.0167 0x1428  acpiex - ok
22:15:29.0198 0x1428  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
22:15:29.0214 0x1428  acpipagr - ok
22:15:29.0245 0x1428  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
22:15:29.0323 0x1428  AcpiPmi - ok
22:15:29.0386 0x1428  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
22:15:29.0448 0x1428  acpitime - ok
22:15:29.0573 0x1428  [ D9881575C4166AE3A92118ECC217B079, 8D5D5A281576AD18D4C49CF022B28B095528D8E0FEA51AC1C28030547822317D ] ADExchange      C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
22:15:29.0605 0x1428  ADExchange - ok
22:15:29.0683 0x1428  [ 34400005DE52842C4D6D4EE978B4D7CE, E7C3121812284B9FE6A12910C67C98354BAF5DB74865A5B4E0C2E64852BDB50A ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
22:15:29.0714 0x1428  AdobeActiveFileMonitor8.0 - ok
22:15:29.0777 0x1428  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:15:29.0792 0x1428  AdobeARMservice - ok
22:15:29.0917 0x1428  [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:15:30.0027 0x1428  AdobeFlashPlayerUpdateSvc - ok
22:15:30.0183 0x1428  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
22:15:30.0214 0x1428  ADP80XX - ok
22:15:30.0245 0x1428  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
22:15:30.0292 0x1428  AeLookupSvc - ok
22:15:30.0339 0x1428  [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD             C:\WINDOWS\system32\drivers\afd.sys
22:15:30.0386 0x1428  AFD - ok
22:15:30.0417 0x1428  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
22:15:30.0417 0x1428  agp440 - ok
22:15:30.0448 0x1428  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
22:15:30.0511 0x1428  ahcache - ok
22:15:30.0542 0x1428  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
22:15:30.0573 0x1428  ALG - ok
22:15:30.0605 0x1428  [ E019017558B28A707119F8545AD1A1C0, 7A080DB2BDD1AE7E849EE79BF42B737D78A4F6EA6D07F61D6E994D7A383E9551 ] ambakdrv        C:\WINDOWS\system32\ambakdrv.sys
22:15:30.0620 0x1428  ambakdrv - detected UnsignedFile.Multi.Generic ( 1 )
22:15:33.0105 0x1428  Detect skipped due to KSN trusted
22:15:33.0105 0x1428  ambakdrv - ok
22:15:33.0136 0x1428  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
22:15:33.0198 0x1428  AmdK8 - ok
22:15:33.0230 0x1428  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
22:15:33.0261 0x1428  AmdPPM - ok
22:15:33.0277 0x1428  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
22:15:33.0292 0x1428  amdsata - ok
22:15:33.0323 0x1428  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
22:15:33.0339 0x1428  amdsbs - ok
22:15:33.0339 0x1428  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
22:15:33.0355 0x1428  amdxata - ok
22:15:33.0370 0x1428  [ 46014EDFDC8AF8733E14947448D122C5, 8CE2BD29CF7230A624745334A76F5F8C2E5C01EEDB2B803F9468771BC9DCBC4D ] ammntdrv        C:\windows\system32\ammntdrv.sys
22:15:33.0386 0x1428  ammntdrv - detected UnsignedFile.Multi.Generic ( 1 )
22:15:35.0902 0x1428  Detect skipped due to KSN trusted
22:15:35.0902 0x1428  ammntdrv - ok
22:15:35.0933 0x1428  [ E5F36F2FF6E8BC2E9E51655489EA753D, 83A7BA29D411C039511A9306C0136099572EE8E306E1C87207F3E721568C0136 ] AmUStor         C:\WINDOWS\system32\drivers\AmUStor.SYS
22:15:35.0948 0x1428  AmUStor - ok
22:15:35.0964 0x1428  [ 7CD08E63219E00BB206077F5BA708677, E8F4031E5E524C60D5853B5DE3AC37E45F28B490665F0CD2016754EDCFA4B2F2 ] amwrtdrv        C:\windows\system32\amwrtdrv.sys
22:15:35.0980 0x1428  amwrtdrv - detected UnsignedFile.Multi.Generic ( 1 )
22:15:43.0620 0x1428  Detect skipped due to KSN trusted
22:15:43.0620 0x1428  amwrtdrv - ok
22:15:43.0761 0x1428  [ 81E02299B534F61E104C1235519C37B3, B389458C13A0E0717365B7CE371A6B768EB2F98C4CDBAA6DCBBBDE3A2B1D8B14 ] AntiVirMailService C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avmailc7.exe
22:15:43.0808 0x1428  AntiVirMailService - ok
22:15:43.0839 0x1428  [ 3CBE5047BB08BD363420D68364F9E829, 7A6C59E9B98C1A50CB5FB895050127C5A433BA825D3832FC6DDA2A41AE986543 ] AntiVirSchedulerService C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe
22:15:43.0855 0x1428  AntiVirSchedulerService - ok
22:15:43.0902 0x1428  [ 3CBE5047BB08BD363420D68364F9E829, 7A6C59E9B98C1A50CB5FB895050127C5A433BA825D3832FC6DDA2A41AE986543 ] AntiVirService  C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe
22:15:43.0917 0x1428  AntiVirService - ok
22:15:43.0948 0x1428  [ CAA9D66CA6D21AF0AE7DA01D5AC6CC2F, 827400CFB53026757B3D75B6C5AC7BBECE7E62B335160C18CBF6A41047F4A400 ] AntiVirWebService C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avwebg7.exe
22:15:44.0027 0x1428  AntiVirWebService - ok
22:15:44.0058 0x1428  [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
22:15:44.0120 0x1428  AppHostSvc - ok
22:15:44.0167 0x1428  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
22:15:44.0198 0x1428  AppID - ok
22:15:44.0214 0x1428  [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
22:15:44.0245 0x1428  AppIDSvc - ok
22:15:44.0277 0x1428  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
22:15:44.0355 0x1428  Appinfo - ok
22:15:44.0386 0x1428  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
22:15:44.0433 0x1428  AppReadiness - ok
22:15:44.0495 0x1428  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
22:15:44.0589 0x1428  AppXSvc - ok
22:15:44.0605 0x1428  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
22:15:44.0620 0x1428  arcsas - ok
22:15:44.0730 0x1428  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:15:44.0761 0x1428  aspnet_state - ok
22:15:44.0792 0x1428  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:15:44.0839 0x1428  AsyncMac - ok
22:15:44.0870 0x1428  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
22:15:44.0886 0x1428  atapi - ok
22:15:44.0917 0x1428  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
22:15:44.0948 0x1428  AudioEndpointBuilder - ok
22:15:44.0995 0x1428  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
22:15:45.0027 0x1428  Audiosrv - ok
22:15:45.0058 0x1428  [ CF233C89DEFF6BCA1F65BE3DA0C1A306, B718A59CFC0E3A9ED4E8C690390F54C96828C5A4C2790C2E98075DB4484240D6 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:15:45.0073 0x1428  avgntflt - ok
22:15:45.0105 0x1428  [ 4764D299855174D6B5C7DA853B490029, 6E2C8E25DC3C38EEAAA1221E515AC06C2EDC0A71CF2F7762E8DFCC55938D59B3 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:15:45.0120 0x1428  avipbb - ok
22:15:45.0152 0x1428  [ 79F7741A773FF194EEC64A8161AE26D5, 3DDEA5FBDCB74A2BACC895A44C8C2A947F09E2649ED61D781E99DD61DBFACA5D ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:15:45.0167 0x1428  avkmgr - ok
22:15:45.0183 0x1428  [ E477AF94ACCCF99A0E56D71D450DCCCB, C97756A4E82EC7EF8268967B10DEBAAEDB746B2846CA2BFD68E1B7DBBAE7901A ] avnetflt        C:\WINDOWS\system32\DRIVERS\avnetflt.sys
22:15:45.0198 0x1428  avnetflt - ok
22:15:45.0245 0x1428  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
22:15:45.0292 0x1428  AxInstSV - ok
22:15:45.0339 0x1428  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
22:15:45.0370 0x1428  b06bdrv - ok
22:15:45.0386 0x1428  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
22:15:45.0464 0x1428  BasicDisplay - ok
22:15:45.0480 0x1428  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
22:15:45.0527 0x1428  BasicRender - ok
22:15:45.0542 0x1428  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
22:15:45.0558 0x1428  bcmfn2 - ok
22:15:45.0589 0x1428  [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
22:15:45.0698 0x1428  BDESVC - ok
22:15:45.0730 0x1428  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:15:45.0792 0x1428  Beep - ok
22:15:45.0948 0x1428  [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE             C:\WINDOWS\System32\bfe.dll
22:15:46.0058 0x1428  BFE - ok
22:15:46.0136 0x1428  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
22:15:46.0245 0x1428  BITS - ok
22:15:46.0355 0x1428  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:15:46.0386 0x1428  Bonjour Service - ok
22:15:46.0402 0x1428  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
22:15:46.0433 0x1428  bowser - ok
22:15:46.0464 0x1428  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
22:15:46.0511 0x1428  BrokerInfrastructure - ok
22:15:46.0558 0x1428  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
22:15:46.0620 0x1428  Browser - ok
22:15:46.0636 0x1428  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
22:15:46.0652 0x1428  BthAvrcpTg - ok
22:15:46.0683 0x1428  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
22:15:46.0714 0x1428  BthHFEnum - ok
22:15:46.0730 0x1428  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
22:15:46.0839 0x1428  bthhfhid - ok
22:15:46.0902 0x1428  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
22:15:46.0933 0x1428  BthHFSrv - ok
22:15:46.0964 0x1428  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
22:15:47.0011 0x1428  BTHMODEM - ok
22:15:47.0058 0x1428  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
22:15:47.0120 0x1428  bthserv - ok
22:15:47.0136 0x1428  [ 5A458422B4312BAEEFA3E64D321596E6, 1213D86B9B6FBB1414D1D3E5F4B0ED0C68D05EB98C902395AB0F0FC3D8A29AD5 ] busenum         C:\WINDOWS\System32\drivers\busenum.sys
22:15:47.0152 0x1428  busenum - ok
22:15:47.0167 0x1428  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
22:15:47.0214 0x1428  cdfs - ok
22:15:47.0230 0x1428  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
22:15:47.0261 0x1428  cdrom - ok
22:15:47.0292 0x1428  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
22:15:47.0323 0x1428  CertPropSvc - ok
22:15:47.0339 0x1428  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
22:15:47.0339 0x1428  circlass - ok
22:15:47.0386 0x1428  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
22:15:47.0402 0x1428  CLFS - ok
22:15:47.0433 0x1428  [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive  C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
22:15:47.0448 0x1428  CLVirtualDrive - ok
22:15:47.0480 0x1428  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
22:15:47.0511 0x1428  CmBatt - ok
22:15:47.0542 0x1428  [ 0DE32A0BB1FE2A773666572F79584520, C417C12476B937265BEDC9A2C3C3F6C50FD19AEC096362337B0921627A2A92EA ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
22:15:47.0573 0x1428  CNG - ok
22:15:47.0589 0x1428  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
22:15:47.0605 0x1428  CompositeBus - ok
22:15:47.0620 0x1428  COMSysApp - ok
22:15:47.0636 0x1428  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
22:15:47.0652 0x1428  condrv - ok
22:15:47.0683 0x1428  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
22:15:47.0714 0x1428  CryptSvc - ok
22:15:47.0745 0x1428  [ BA8E5B2291C01EF71CA80E25F0C79D55, 913C85EC00752AEEE2E29C6664085865DA45A091789C0F8CB015208D69F1915A ] ctxusbm         C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
22:15:47.0761 0x1428  ctxusbm - ok
22:15:47.0792 0x1428  [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam             C:\WINDOWS\system32\drivers\dam.sys
22:15:47.0808 0x1428  dam - ok
22:15:47.0886 0x1428  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:15:47.0917 0x1428  DcomLaunch - ok
22:15:47.0964 0x1428  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
22:15:47.0995 0x1428  defragsvc - ok
22:15:48.0027 0x1428  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
22:15:48.0073 0x1428  DeviceAssociationService - ok
22:15:48.0089 0x1428  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
22:15:48.0136 0x1428  DeviceInstall - ok
22:15:48.0152 0x1428  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
22:15:48.0183 0x1428  Dfsc - ok
22:15:48.0245 0x1428  [ D51B32BA3897F630D99713B74B40D6A2, 5EB136A8248E6FA1316CFA273D9DC8F9C8E8CCB9AC00AE23C1337FBF5F6FDBEC ] DfSdkS          C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2015\DfsdkS64.exe
22:15:48.0292 0x1428  DfSdkS - detected UnsignedFile.Multi.Generic ( 1 )
22:15:50.0777 0x1428  Detect skipped due to KSN trusted
22:15:50.0777 0x1428  DfSdkS - ok
22:15:50.0808 0x1428  [ 5492F6FB1F32E10AEF02679872AFD194, 470A0C39734E261DC7443C8E59ECE89A7E367ABCFC15AA325EB995452C3973AA ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
22:15:50.0839 0x1428  dg_ssudbus - ok
22:15:50.0870 0x1428  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
22:15:50.0917 0x1428  Dhcp - ok
22:15:50.0980 0x1428  [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
22:15:51.0042 0x1428  DiagTrack - ok
22:15:51.0073 0x1428  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
22:15:51.0089 0x1428  disk - ok
22:15:51.0105 0x1428  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
22:15:51.0152 0x1428  dmvsc - ok
22:15:51.0198 0x1428  [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:15:51.0230 0x1428  Dnscache - ok
22:15:51.0277 0x1428  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
22:15:51.0308 0x1428  dot3svc - ok
22:15:51.0339 0x1428  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
22:15:51.0355 0x1428  DPS - ok
22:15:51.0386 0x1428  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:15:51.0386 0x1428  drmkaud - ok
22:15:51.0417 0x1428  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
22:15:51.0433 0x1428  DsmSvc - ok
22:15:51.0511 0x1428  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
22:15:51.0573 0x1428  DXGKrnl - ok
22:15:51.0589 0x1428  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
22:15:51.0636 0x1428  Eaphost - ok
22:15:51.0761 0x1428  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
22:15:51.0886 0x1428  ebdrv - ok
22:15:51.0917 0x1428  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
22:15:51.0933 0x1428  EFS - ok
22:15:51.0948 0x1428  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
22:15:51.0948 0x1428  EhStorClass - ok
22:15:51.0964 0x1428  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
22:15:51.0980 0x1428  EhStorTcgDrv - ok
22:15:51.0995 0x1428  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
22:15:51.0995 0x1428  ErrDev - ok
22:15:52.0042 0x1428  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
22:15:52.0089 0x1428  EventSystem - ok
22:15:52.0105 0x1428  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
22:15:52.0183 0x1428  exfat - ok
22:15:52.0198 0x1428  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
22:15:52.0214 0x1428  fastfat - ok
22:15:52.0277 0x1428  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
22:15:52.0323 0x1428  Fax - ok
22:15:52.0339 0x1428  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
22:15:52.0370 0x1428  fdc - ok
22:15:52.0386 0x1428  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
22:15:52.0448 0x1428  fdPHost - ok
22:15:52.0464 0x1428  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
22:15:52.0511 0x1428  FDResPub - ok
22:15:52.0542 0x1428  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
22:15:52.0605 0x1428  fhsvc - ok
22:15:52.0620 0x1428  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
22:15:52.0636 0x1428  FileInfo - ok
22:15:52.0652 0x1428  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
22:15:52.0683 0x1428  Filetrace - ok
22:15:52.0777 0x1428  [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:15:52.0792 0x1428  FLEXnet Licensing Service - ok
22:15:52.0808 0x1428  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
22:15:52.0823 0x1428  flpydisk - ok
22:15:52.0855 0x1428  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
22:15:52.0870 0x1428  FltMgr - ok
22:15:52.0933 0x1428  [ 1E93CBB75D167CDF85501A8C790097A8, C9E5DD090C94E7855939CE1F416460DB408EFF897C2CD52E0D52A734D8ED18B7 ] FontCache       C:\WINDOWS\system32\FntCache.dll
22:15:53.0027 0x1428  FontCache - ok
22:15:53.0073 0x1428  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:15:53.0089 0x1428  FontCache3.0.0.0 - ok
22:15:53.0120 0x1428  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
22:15:53.0136 0x1428  FsDepends - ok
22:15:53.0152 0x1428  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:15:53.0152 0x1428  Fs_Rec - ok
22:15:53.0183 0x1428  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
22:15:53.0214 0x1428  fvevol - ok
22:15:53.0230 0x1428  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
22:15:53.0245 0x1428  FxPPM - ok
22:15:53.0261 0x1428  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
22:15:53.0277 0x1428  gagp30kx - ok
22:15:53.0292 0x1428  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
22:15:53.0323 0x1428  gencounter - ok
22:15:53.0370 0x1428  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
22:15:53.0402 0x1428  GPIOClx0101 - ok
22:15:53.0448 0x1428  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
22:15:53.0527 0x1428  gpsvc - ok
22:15:53.0558 0x1428  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:15:53.0558 0x1428  gusvc - ok
22:15:53.0573 0x1428  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
22:15:53.0605 0x1428  HDAudBus - ok
22:15:53.0636 0x1428  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
22:15:53.0667 0x1428  HidBatt - ok
22:15:53.0698 0x1428  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
22:15:53.0745 0x1428  HidBth - ok
22:15:53.0761 0x1428  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
22:15:53.0792 0x1428  hidi2c - ok
22:15:53.0808 0x1428  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
22:15:53.0839 0x1428  HidIr - ok
22:15:53.0870 0x1428  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
22:15:53.0917 0x1428  hidserv - ok
22:15:53.0933 0x1428  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
22:15:53.0964 0x1428  HidUsb - ok
22:15:53.0995 0x1428  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
22:15:54.0042 0x1428  hkmsvc - ok
22:15:54.0073 0x1428  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
22:15:54.0120 0x1428  HomeGroupListener - ok
22:15:54.0167 0x1428  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
22:15:54.0214 0x1428  HomeGroupProvider - ok
22:15:54.0292 0x1428  [ 2A8B93A01621E100A578E83C768AFA2C, 6637D260AF180D1F200D219796FCE6D524FC6BF57C0CEEF9E1B3616E85865AD1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:15:54.0308 0x1428  HP Support Assistant Service - detected UnsignedFile.Multi.Generic ( 1 )
22:15:56.0808 0x1428  Detect skipped due to KSN trusted
22:15:56.0808 0x1428  HP Support Assistant Service - ok
22:15:56.0855 0x1428  [ 4F88FA114D15504E1B17978A8DA4165E, FB3876525BC82B20D1CD159F1DC2CCBA63CAAA755A97E5C97089B09DEA6DD790 ] HPConnectedRemote c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
22:15:56.0870 0x1428  HPConnectedRemote - ok
22:15:56.0933 0x1428  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
22:15:56.0980 0x1428  hpqwmiex - ok
22:15:56.0995 0x1428  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
22:15:57.0011 0x1428  HpSAMD - ok
22:15:57.0058 0x1428  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
22:15:57.0089 0x1428  HTTP - ok
22:15:57.0120 0x1428  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
22:15:57.0136 0x1428  hwpolicy - ok
22:15:57.0152 0x1428  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
22:15:57.0183 0x1428  hyperkbd - ok
22:15:57.0198 0x1428  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
22:15:57.0214 0x1428  HyperVideo - ok
22:15:57.0230 0x1428  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
22:15:57.0277 0x1428  i8042prt - ok
22:15:57.0292 0x1428  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
22:15:57.0308 0x1428  iaLPSSi_GPIO - ok
22:15:57.0323 0x1428  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
22:15:57.0339 0x1428  iaLPSSi_I2C - ok
22:15:57.0370 0x1428  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
22:15:57.0386 0x1428  iaStorAV - ok
22:15:57.0417 0x1428  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
22:15:57.0433 0x1428  iaStorV - ok
22:15:57.0448 0x1428  IEEtwCollectorService - ok
22:15:57.0527 0x1428  [ AF8A43C376F83A4A1E7DA16461EDE114, EBA10519B074888355A4FC11D52FF1E6A52F88F754B7F1F9863A8313638645CB ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
22:15:57.0573 0x1428  IKEEXT - ok
22:15:57.0589 0x1428  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
22:15:57.0605 0x1428  intelide - ok
22:15:57.0620 0x1428  [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
22:15:57.0620 0x1428  intelpep - ok
22:15:57.0652 0x1428  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
22:15:57.0683 0x1428  intelppm - ok
22:15:57.0698 0x1428  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:15:57.0714 0x1428  IpFilterDriver - ok
22:15:57.0792 0x1428  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
22:15:57.0823 0x1428  iphlpsvc - ok
22:15:57.0839 0x1428  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
22:15:57.0870 0x1428  IPMIDRV - ok
22:15:57.0902 0x1428  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
22:15:57.0917 0x1428  IPNAT - ok
22:15:57.0948 0x1428  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
22:15:57.0964 0x1428  IRENUM - ok
22:15:57.0995 0x1428  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
22:15:57.0995 0x1428  isapnp - ok
22:15:58.0042 0x1428  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
22:15:58.0058 0x1428  iScsiPrt - ok
22:15:58.0089 0x1428  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
22:15:58.0089 0x1428  kbdclass - ok
22:15:58.0120 0x1428  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
22:15:58.0152 0x1428  kbdhid - ok
22:15:58.0167 0x1428  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
22:15:58.0214 0x1428  kdnic - ok
22:15:58.0230 0x1428  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
22:15:58.0245 0x1428  KeyIso - ok
22:15:58.0277 0x1428  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
22:15:58.0292 0x1428  KSecDD - ok
22:15:58.0323 0x1428  [ 35C19AF2116F67914712D7C4CBE47B8C, 5F976726880A6E51D7ABFA7E3EF7294C6FB7F383DC5710A2C2EC8DD26DAEC204 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
22:15:58.0339 0x1428  KSecPkg - ok
22:15:58.0355 0x1428  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
22:15:58.0370 0x1428  ksthunk - ok
22:15:58.0386 0x1428  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
22:15:58.0417 0x1428  KtmRm - ok
22:15:58.0448 0x1428  [ 50AECF8C21AB2A6428A6E1E10549D8E5, 6BC7C60CF5E8AFB9972619EE1C78357756E9C0A3EC783C3056CEB600DCBB1555 ] L1C             C:\WINDOWS\system32\DRIVERS\L1C63x64.sys
22:15:58.0448 0x1428  L1C - ok
22:15:58.0495 0x1428  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
22:15:58.0527 0x1428  LanmanServer - ok
22:15:58.0558 0x1428  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
22:15:58.0589 0x1428  LanmanWorkstation - ok
22:15:58.0636 0x1428  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
22:15:58.0683 0x1428  lfsvc - ok
22:15:58.0698 0x1428  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
22:15:58.0730 0x1428  lltdio - ok
22:15:58.0745 0x1428  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
22:15:58.0777 0x1428  lltdsvc - ok
22:15:58.0808 0x1428  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
22:15:58.0870 0x1428  lmhosts - ok
22:15:58.0902 0x1428  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
22:15:58.0917 0x1428  LSI_SAS - ok
22:15:58.0933 0x1428  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
22:15:58.0948 0x1428  LSI_SAS2 - ok
22:15:58.0964 0x1428  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
22:15:58.0980 0x1428  LSI_SAS3 - ok
22:15:58.0980 0x1428  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
22:15:58.0995 0x1428  LSI_SSS - ok
22:15:59.0042 0x1428  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
22:15:59.0105 0x1428  LSM - ok
22:15:59.0120 0x1428  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
22:15:59.0152 0x1428  luafv - ok
22:15:59.0183 0x1428  [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] LVRS64          C:\WINDOWS\system32\DRIVERS\lvrs64.sys
22:15:59.0198 0x1428  LVRS64 - ok
22:15:59.0370 0x1428  [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64         C:\WINDOWS\system32\DRIVERS\lvuvc64.sys
22:15:59.0511 0x1428  LVUVC64 - ok
22:15:59.0573 0x1428  [ E1C4AE452E1F6C6571CE5F8A6937EAF4, CB3C89BD5C6C0197A033C8A6B834FD3326728BA5D7364E64AE2E8F42AAD91D23 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe
22:15:59.0605 0x1428  McComponentHostService - ok
22:15:59.0620 0x1428  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
22:15:59.0636 0x1428  megasas - ok
22:15:59.0667 0x1428  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
22:15:59.0698 0x1428  megasr - ok
22:15:59.0761 0x1428  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:15:59.0792 0x1428  Microsoft Office Groove Audit Service - ok
22:15:59.0823 0x1428  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
22:15:59.0855 0x1428  MMCSS - ok
22:15:59.0886 0x1428  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
22:15:59.0917 0x1428  Modem - ok
22:15:59.0933 0x1428  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
22:15:59.0995 0x1428  monitor - ok
22:16:00.0042 0x1428  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
22:16:00.0073 0x1428  mouclass - ok
22:16:00.0105 0x1428  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
22:16:00.0152 0x1428  mouhid - ok
22:16:00.0183 0x1428  [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
22:16:00.0198 0x1428  mountmgr - ok
22:16:00.0230 0x1428  [ 0DE2474F316C515482ABAD3B697F8714, 62862AE7432F5350068E96AD466093359C6CF444EB517AE6D09134FAF78C49F5 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:16:00.0245 0x1428  MozillaMaintenance - ok
22:16:00.0277 0x1428  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
22:16:00.0308 0x1428  mpsdrv - ok
22:16:00.0355 0x1428  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
22:16:00.0402 0x1428  MpsSvc - ok
22:16:00.0464 0x1428  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
22:16:00.0511 0x1428  MRxDAV - ok
22:16:00.0542 0x1428  [ 89DE71940A0E7F5BA617AE08321EF5C3, BD056C9E18E902D6F118E59A6AC68415BFA0690A02D2B360F6C111CE3B5EAC67 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:16:00.0589 0x1428  mrxsmb - ok
22:16:00.0620 0x1428  [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
22:16:00.0667 0x1428  mrxsmb10 - ok
22:16:00.0698 0x1428  [ EE16457030175F449BAB0ABD279F4B6A, DF627054136079553A24AD12DC7374F1ACEEAD782EFFDC278996AD7BCCE98877 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
22:16:00.0714 0x1428  mrxsmb20 - ok
22:16:00.0745 0x1428  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
22:16:00.0761 0x1428  MsBridge - ok
22:16:00.0792 0x1428  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
22:16:00.0823 0x1428  MSDTC - ok
22:16:00.0886 0x1428  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:16:00.0917 0x1428  Msfs - ok
22:16:00.0948 0x1428  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
22:16:00.0964 0x1428  msgpiowin32 - ok
22:16:00.0980 0x1428  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
22:16:00.0995 0x1428  mshidkmdf - ok
22:16:01.0011 0x1428  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
22:16:01.0042 0x1428  mshidumdf - ok
22:16:01.0058 0x1428  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
22:16:01.0058 0x1428  msisadrv - ok
22:16:01.0089 0x1428  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
22:16:01.0105 0x1428  MSiSCSI - ok
22:16:01.0105 0x1428  msiserver - ok
22:16:01.0120 0x1428  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:16:01.0152 0x1428  MSKSSRV - ok
22:16:01.0183 0x1428  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
22:16:01.0198 0x1428  MsLldp - ok
22:16:01.0214 0x1428  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:16:01.0245 0x1428  MSPCLOCK - ok
22:16:01.0277 0x1428  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:16:01.0292 0x1428  MSPQM - ok
22:16:01.0308 0x1428  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
22:16:01.0339 0x1428  MsRPC - ok
22:16:01.0355 0x1428  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
22:16:01.0370 0x1428  mssmbios - ok
22:16:01.0386 0x1428  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
22:16:01.0402 0x1428  MSTEE - ok
22:16:01.0417 0x1428  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
22:16:01.0433 0x1428  MTConfig - ok
22:16:01.0480 0x1428  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
22:16:01.0480 0x1428  Mup - ok
22:16:01.0511 0x1428  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
22:16:01.0511 0x1428  mvumis - ok
22:16:01.0558 0x1428  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
22:16:01.0573 0x1428  napagent - ok
22:16:01.0652 0x1428  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
22:16:01.0730 0x1428  NativeWifiP - ok
22:16:01.0761 0x1428  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
22:16:01.0777 0x1428  NcaSvc - ok
22:16:01.0823 0x1428  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
22:16:01.0886 0x1428  NcbService - ok
22:16:01.0917 0x1428  [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
22:16:01.0948 0x1428  NcdAutoSetup - ok
22:16:02.0011 0x1428  [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
22:16:02.0073 0x1428  NDIS - ok
22:16:02.0105 0x1428  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
22:16:02.0120 0x1428  NdisCap - ok
22:16:02.0167 0x1428  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
22:16:02.0214 0x1428  NdisImPlatform - ok
22:16:02.0230 0x1428  [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:16:02.0277 0x1428  NdisTapi - ok
22:16:02.0308 0x1428  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:16:02.0339 0x1428  Ndisuio - ok
22:16:02.0355 0x1428  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
22:16:02.0370 0x1428  NdisVirtualBus - ok
22:16:02.0386 0x1428  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:16:02.0417 0x1428  NdisWan - ok
22:16:02.0433 0x1428  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:16:02.0448 0x1428  NdisWanLegacy - ok
22:16:02.0480 0x1428  [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
22:16:02.0495 0x1428  NDProxy - ok
22:16:02.0527 0x1428  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
22:16:02.0589 0x1428  Ndu - ok
22:16:02.0605 0x1428  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
22:16:02.0636 0x1428  NetBIOS - ok
22:16:02.0667 0x1428  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:16:02.0698 0x1428  NetBT - ok
22:16:02.0730 0x1428  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
22:16:02.0745 0x1428  Netlogon - ok
22:16:02.0777 0x1428  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
22:16:02.0808 0x1428  Netman - ok
22:16:02.0855 0x1428  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
22:16:02.0870 0x1428  netprofm - ok
22:16:02.0948 0x1428  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:16:02.0980 0x1428  NetTcpPortSharing - ok
22:16:03.0011 0x1428  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
22:16:03.0073 0x1428  netvsc - ok
22:16:03.0120 0x1428  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
22:16:03.0152 0x1428  NlaSvc - ok
22:16:03.0183 0x1428  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:16:03.0198 0x1428  Npfs - ok
22:16:03.0230 0x1428  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
22:16:03.0261 0x1428  npsvctrig - ok
22:16:03.0292 0x1428  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
22:16:03.0323 0x1428  nsi - ok
22:16:03.0339 0x1428  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
22:16:03.0448 0x1428  nsiproxy - ok
22:16:03.0683 0x1428  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
22:16:03.0777 0x1428  Ntfs - ok
22:16:03.0808 0x1428  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:16:03.0870 0x1428  Null - ok
22:16:03.0902 0x1428  [ 1F07B814C0BB5AABA703ABFF1F31F2E8, 07F578686CAE0FAB5462B472A03DD1BC5DFE0D5DA6307895534CECC330C3D220 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
22:16:03.0917 0x1428  NVHDA - ok
22:16:04.0261 0x1428  [ 9B93CC9C70EDE60A9C486E7719DB9E8D, 8E31BE72797D3308D8AF136E9F4C6199BCF4592F88E9FEB361752FF768225EC9 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
22:16:04.0605 0x1428  nvlddmkm - ok
22:16:04.0652 0x1428  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
22:16:04.0667 0x1428  nvraid - ok
22:16:04.0698 0x1428  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
22:16:04.0698 0x1428  nvstor - ok
22:16:04.0745 0x1428  [ FB50E60564ED30DDC855F0CE435C8467, C9A56D74F58739B8A069336FF5456FC5F3CE89371B8CFE8144B8D06A9C79C6AB ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
22:16:04.0777 0x1428  nvsvc - ok
22:16:04.0792 0x1428  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
22:16:04.0808 0x1428  nv_agp - ok
22:16:04.0902 0x1428  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:16:04.0933 0x1428  odserv - ok
22:16:04.0995 0x1428  [ 475C3F9886D18A8392C476493C99E9AF, B2E50A8620E1467FCD0A009516E7509CE0DAAF7F2F24434BF2A5BC77D1C66C81 ] OpenVPNService  C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
22:16:05.0027 0x1428  OpenVPNService - ok
22:16:05.0027 0x1428  [ 475C3F9886D18A8392C476493C99E9AF, B2E50A8620E1467FCD0A009516E7509CE0DAAF7F2F24434BF2A5BC77D1C66C81 ] OpenVPNServiceInteractive C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
22:16:05.0042 0x1428  OpenVPNServiceInteractive - ok
22:16:05.0073 0x1428  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:16:05.0073 0x1428  ose - ok
22:16:05.0120 0x1428  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
22:16:05.0152 0x1428  p2pimsvc - ok
22:16:05.0198 0x1428  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
22:16:05.0230 0x1428  p2psvc - ok
22:16:05.0245 0x1428  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
22:16:05.0261 0x1428  Parport - ok
22:16:05.0292 0x1428  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
22:16:05.0308 0x1428  partmgr - ok
22:16:05.0323 0x1428  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
22:16:05.0355 0x1428  PcaSvc - ok
22:16:05.0355 0x1428  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
22:16:05.0386 0x1428  pci - ok
22:16:05.0402 0x1428  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
22:16:05.0402 0x1428  pciide - ok
22:16:05.0417 0x1428  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
22:16:05.0433 0x1428  pcmcia - ok
22:16:05.0448 0x1428  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
22:16:05.0464 0x1428  pcw - ok
22:16:05.0495 0x1428  [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
22:16:05.0495 0x1428  pdc - ok
22:16:05.0542 0x1428  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
22:16:05.0589 0x1428  PEAUTH - ok
22:16:05.0667 0x1428  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
22:16:05.0714 0x1428  PerfHost - ok
22:16:05.0808 0x1428  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
22:16:05.0886 0x1428  pla - ok
22:16:05.0917 0x1428  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
22:16:05.0933 0x1428  PlugPlay - ok
22:16:05.0964 0x1428  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
22:16:05.0995 0x1428  PNRPAutoReg - ok
22:16:06.0011 0x1428  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
22:16:06.0042 0x1428  PNRPsvc - ok
22:16:06.0073 0x1428  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
22:16:06.0120 0x1428  PolicyAgent - ok
22:16:06.0152 0x1428  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
22:16:06.0183 0x1428  Power - ok
22:16:06.0230 0x1428  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:16:06.0261 0x1428  PptpMiniport - ok
22:16:06.0417 0x1428  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
22:16:06.0558 0x1428  PrintNotify - ok
22:16:06.0574 0x1428  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
22:16:06.0605 0x1428  Processor - ok
22:16:06.0636 0x1428  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
22:16:06.0683 0x1428  ProfSvc - ok
22:16:06.0714 0x1428  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
22:16:06.0714 0x1428  Psched - ok
22:16:06.0761 0x1428  [ FBF4DB6D53585437E41A113300002A2B, A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2 ] PxHlpa64        C:\WINDOWS\system32\Drivers\PxHlpa64.sys
22:16:06.0761 0x1428  PxHlpa64 - ok
22:16:06.0792 0x1428  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
22:16:06.0839 0x1428  QWAVE - ok
22:16:06.0870 0x1428  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
22:16:06.0886 0x1428  QWAVEdrv - ok
22:16:06.0902 0x1428  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:16:06.0933 0x1428  RasAcd - ok
22:16:06.0980 0x1428  [ 3EE5097945A7F680E320953271EB2D4F, 0B9F2B458177A654F65C5E862B7C55B35E20271B76D5E20A20F30D3223A1216F ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
22:16:06.0995 0x1428  RasAgileVpn - ok
22:16:07.0027 0x1428  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:16:07.0042 0x1428  RasAuto - ok
22:16:07.0058 0x1428  [ 1BD3022FD6E450B00DE560265638FD2A, 3878B443053DFFED62641BE8736891F426C7121EB8C4DB38FF0F218697133A6D ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:16:07.0089 0x1428  Rasl2tp - ok
22:16:07.0136 0x1428  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:16:07.0183 0x1428  RasMan - ok
22:16:07.0199 0x1428  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:16:07.0230 0x1428  RasPppoe - ok
22:16:07.0245 0x1428  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
22:16:07.0261 0x1428  RasSstp - ok
22:16:07.0308 0x1428  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:16:07.0355 0x1428  rdbss - ok
22:16:07.0386 0x1428  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
22:16:07.0417 0x1428  rdpbus - ok
22:16:07.0433 0x1428  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
22:16:07.0464 0x1428  RDPDR - ok
22:16:07.0495 0x1428  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
22:16:07.0511 0x1428  RdpVideoMiniport - ok
22:16:07.0527 0x1428  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
22:16:07.0542 0x1428  rdyboost - ok
22:16:07.0589 0x1428  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
22:16:07.0620 0x1428  ReFS - ok
22:16:07.0652 0x1428  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:16:07.0683 0x1428  RemoteAccess - ok
22:16:07.0714 0x1428  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
22:16:07.0745 0x1428  RemoteRegistry - ok
22:16:07.0761 0x1428  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
22:16:07.0792 0x1428  RpcEptMapper - ok
22:16:07.0839 0x1428  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
22:16:07.0902 0x1428  RpcLocator - ok
22:16:07.0949 0x1428  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
22:16:07.0980 0x1428  RpcSs - ok
22:16:08.0011 0x1428  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
22:16:08.0027 0x1428  rspndr - ok
22:16:08.0027 0x1428  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
22:16:08.0058 0x1428  s3cap - ok
22:16:08.0089 0x1428  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
22:16:08.0105 0x1428  SamSs - ok
22:16:08.0136 0x1428  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
22:16:08.0152 0x1428  sbp2port - ok
22:16:08.0183 0x1428  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
22:16:08.0214 0x1428  SCardSvr - ok
22:16:08.0230 0x1428  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
22:16:08.0245 0x1428  ScDeviceEnum - ok
22:16:08.0277 0x1428  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
22:16:08.0292 0x1428  scfilter - ok
22:16:08.0355 0x1428  [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:16:08.0433 0x1428  Schedule - ok
22:16:08.0449 0x1428  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
22:16:08.0464 0x1428  SCPolicySvc - ok
22:16:08.0480 0x1428  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
22:16:08.0495 0x1428  sdbus - ok
22:16:08.0667 0x1428  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
22:16:08.0714 0x1428  SDScannerService - ok
22:16:08.0730 0x1428  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
22:16:08.0745 0x1428  sdstor - ok
22:16:08.0824 0x1428  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
22:16:08.0870 0x1428  SDUpdateService - ok
22:16:08.0886 0x1428  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
22:16:08.0902 0x1428  SDWSCService - ok
22:16:08.0933 0x1428  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
22:16:08.0949 0x1428  secdrv - ok
22:16:08.0980 0x1428  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
22:16:08.0995 0x1428  seclogon - ok
22:16:09.0011 0x1428  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
22:16:09.0074 0x1428  SENS - ok
22:16:09.0105 0x1428  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
22:16:09.0152 0x1428  SensrSvc - ok
22:16:09.0167 0x1428  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
22:16:09.0167 0x1428  SerCx - ok
22:16:09.0183 0x1428  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
22:16:09.0199 0x1428  SerCx2 - ok
22:16:09.0214 0x1428  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
22:16:09.0245 0x1428  Serenum - ok
22:16:09.0277 0x1428  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
22:16:09.0292 0x1428  Serial - ok
22:16:09.0324 0x1428  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
22:16:09.0339 0x1428  sermouse - ok
22:16:09.0402 0x1428  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
22:16:09.0433 0x1428  SessionEnv - ok
22:16:09.0449 0x1428  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
22:16:09.0464 0x1428  sfloppy - ok
22:16:09.0495 0x1428  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
22:16:09.0527 0x1428  SharedAccess - ok
22:16:09.0558 0x1428  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:16:09.0605 0x1428  ShellHWDetection - ok
22:16:09.0620 0x1428  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
22:16:09.0636 0x1428  SiSRaid2 - ok
22:16:09.0652 0x1428  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
22:16:09.0652 0x1428  SiSRaid4 - ok
22:16:09.0699 0x1428  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:16:09.0714 0x1428  SkypeUpdate - ok
22:16:09.0761 0x1428  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
22:16:09.0777 0x1428  smphost - ok
22:16:09.0808 0x1428  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
22:16:09.0824 0x1428  SNMPTRAP - ok
22:16:09.0886 0x1428  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
22:16:09.0917 0x1428  spaceport - ok
22:16:09.0933 0x1428  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
22:16:09.0949 0x1428  SpbCx - ok
22:16:09.0995 0x1428  [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
22:16:10.0042 0x1428  Spooler - ok
22:16:10.0261 0x1428  [ 46549AF7CB672BC8138264CC4100E9F8, 6434249FADB07A033FD40C37DF2B775CF0617CF0C3E7C170F2984BD3CE423794 ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
22:16:10.0433 0x1428  sppsvc - ok
22:16:10.0464 0x1428  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
22:16:10.0511 0x1428  srv - ok
22:16:10.0558 0x1428  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
22:16:10.0605 0x1428  srv2 - ok
22:16:10.0620 0x1428  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
22:16:10.0652 0x1428  srvnet - ok
22:16:10.0699 0x1428  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:16:10.0745 0x1428  SSDPSRV - ok
22:16:10.0761 0x1428  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
22:16:10.0808 0x1428  SstpSvc - ok
22:16:10.0839 0x1428  [ 627FFBE52FEDF0460C3D7259FC0EDF50, 92CB006CA91E4AF0CAA3ECD74D9329C349650EAFF70D847E62D9D8F2BE38B3B1 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
22:16:10.0855 0x1428  ssudmdm - ok
22:16:11.0042 0x1428  [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
22:16:11.0074 0x1428  ss_conn_service - ok
22:16:11.0183 0x1428  [ D67F951F6BA708812420195B8D0AB8B6, 6583DB22EB8AA5FF0134D2536C9A46BC0D7D8F8B2829D5719DD68968C22F5917 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
22:16:11.0214 0x1428  STacSV - detected UnsignedFile.Multi.Generic ( 1 )
22:16:13.0120 0x14bc  Object required for P2P: [ 81E02299B534F61E104C1235519C37B3 ] AntiVirMailService
22:16:13.0730 0x1428  Detect skipped due to KSN trusted
22:16:13.0730 0x1428  STacSV - ok
22:16:13.0792 0x1428  [ 3F0826F632F66906CB3ED62202A6BAD7, CA21B038DD1A1BED7293A8DEEBE19D43D1C12378ED5C6B82D36900CD4FFF23B7 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
22:16:13.0824 0x1428  Steam Client Service - ok
22:16:13.0902 0x1428  [ 7FCE08C739136C9C64107A8814EF854C, 820E494A401D69E3DA7A8624B2093DCF98198E6D8CCCE345BDF76952EE4ADB07 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:16:13.0917 0x1428  Stereo Service - ok
22:16:13.0964 0x1428  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
22:16:13.0964 0x1428  stexstor - ok
22:16:14.0027 0x1428  [ 71CB3BB20F08BB724769DAAAFD5AB26E, FC4B2BD03037EC07F4443BBE13A28859035F7229CA06D4E42AFB42ABF1A89F09 ] STHDA           C:\WINDOWS\system32\DRIVERS\stwrt64.sys
22:16:14.0074 0x1428  STHDA - ok
22:16:14.0183 0x1428  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
22:16:14.0245 0x1428  stisvc - ok
22:16:14.0277 0x1428  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
22:16:14.0292 0x1428  storahci - ok
22:16:14.0324 0x1428  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
22:16:14.0339 0x1428  storflt - ok
22:16:14.0355 0x1428  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
22:16:14.0370 0x1428  stornvme - ok
22:16:14.0402 0x1428  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
22:16:14.0433 0x1428  StorSvc - ok
22:16:14.0449 0x1428  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
22:16:14.0464 0x1428  storvsc - ok
22:16:14.0495 0x1428  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
22:16:14.0527 0x1428  svsvc - ok
22:16:14.0558 0x1428  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
22:16:14.0558 0x1428  swenum - ok
22:16:14.0620 0x1428  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
22:16:14.0667 0x1428  swprv - ok
22:16:14.0730 0x1428  [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain         C:\WINDOWS\system32\sysmain.dll
22:16:14.0792 0x1428  SysMain - ok
22:16:14.0824 0x1428  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
22:16:14.0870 0x1428  SystemEventsBroker - ok
22:16:14.0902 0x1428  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
22:16:14.0933 0x1428  TabletInputService - ok
22:16:14.0964 0x1428  [ 5D7360A19660F1C9B3E15C8DA969FE41, 94E144E5AB3A0AB4CF18D1DBAD2B2AE426DBF40D520F7C961705A71CE3C0629E ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys
22:16:14.0964 0x1428  tap0901 - ok
22:16:15.0011 0x1428  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:16:15.0058 0x1428  TapiSrv - ok
22:16:15.0167 0x1428  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
22:16:15.0261 0x1428  Tcpip - ok
22:16:15.0339 0x1428  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:16:15.0402 0x1428  TCPIP6 - ok
22:16:15.0449 0x1428  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
22:16:15.0464 0x1428  tcpipreg - ok
22:16:15.0495 0x1428  [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
22:16:15.0527 0x1428  tdx - ok
22:16:15.0542 0x1428  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
22:16:15.0558 0x1428  terminpt - ok
22:16:15.0605 0x1428  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
22:16:15.0652 0x1428  TermService - ok
22:16:15.0683 0x1428  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
22:16:15.0699 0x1428  Themes - ok
22:16:15.0745 0x1428  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
22:16:15.0761 0x1428  THREADORDER - ok
22:16:15.0777 0x1428  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
22:16:15.0808 0x1428  TimeBroker - ok
22:16:15.0839 0x1428  [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
22:16:15.0839 0x1428  TPM - ok
22:16:15.0886 0x1428  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
22:16:15.0917 0x1428  TrkWks - ok
22:16:15.0980 0x1428  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
22:16:16.0027 0x1428  TrustedInstaller - ok
22:16:16.0042 0x1428  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
22:16:16.0058 0x1428  TsUsbFlt - ok
22:16:16.0089 0x1428  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
22:16:16.0120 0x1428  TsUsbGD - ok
22:16:16.0152 0x1428  [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
22:16:16.0183 0x1428  tunnel - ok
22:16:16.0214 0x1428  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
22:16:16.0230 0x1428  uagp35 - ok
22:16:16.0245 0x1428  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
22:16:16.0261 0x1428  UASPStor - ok
22:16:16.0292 0x1428  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
22:16:16.0308 0x1428  UCX01000 - ok
22:16:16.0355 0x1428  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
22:16:16.0386 0x1428  udfs - ok
22:16:16.0402 0x1428  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
22:16:16.0402 0x1428  UEFI - ok
22:16:16.0433 0x1428  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
22:16:16.0480 0x1428  UI0Detect - ok
22:16:16.0480 0x1428  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
22:16:16.0495 0x1428  uliagpkx - ok
22:16:16.0495 0x1428  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
22:16:16.0527 0x1428  umbus - ok
22:16:16.0542 0x1428  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
22:16:16.0558 0x1428  UmPass - ok
22:16:16.0620 0x1428  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
22:16:16.0652 0x14bc  Object send P2P result: true
22:16:16.0652 0x14bc  Object required for P2P: [ 3CBE5047BB08BD363420D68364F9E829 ] AntiVirSchedulerService
22:16:16.0714 0x1428  UmRdpService - ok
22:16:16.0761 0x1428  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:16:16.0839 0x1428  upnphost - ok
22:16:16.0886 0x1428  [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
22:16:16.0933 0x1428  usbaudio - ok
22:16:16.0949 0x1428  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
22:16:16.0964 0x1428  usbccgp - ok
22:16:17.0011 0x1428  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
22:16:17.0074 0x1428  usbcir - ok
22:16:17.0120 0x1428  [ 635686E528F2C9CB916EC1BB04EE6AD1, 080A0F209773232860F510F17005EF92650BA831F69BB0006AEF11A2BB0A4906 ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
22:16:17.0152 0x1428  UsbClientService - ok
22:16:17.0183 0x1428  [ BBFD17B6B954FC9FA02E62D604052069, 47D2B7228EABA7F37F69A1756B69FFFB19F0C2CC2869C5BF674E4FD9257488A2 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
22:16:17.0183 0x1428  usbehci - ok
22:16:17.0230 0x1428  [ 4875DC63E548812C75D4FDEF84970C89, 6A29306BAB6F95F0384E16533A9588A654A6E3CFC35D55A4CEB2B14EF34EEE19 ] usbfilter       C:\WINDOWS\System32\drivers\usbfilter.sys
22:16:17.0230 0x1428  usbfilter - ok
22:16:17.0245 0x1428  [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
22:16:17.0277 0x1428  usbhub - ok
22:16:17.0308 0x1428  [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
22:16:17.0339 0x1428  USBHUB3 - ok
22:16:17.0370 0x1428  [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
22:16:17.0402 0x1428  usbohci - ok
22:16:17.0402 0x1428  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
22:16:17.0433 0x1428  usbprint - ok
22:16:17.0464 0x1428  [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan         C:\WINDOWS\System32\drivers\usbscan.sys
22:16:17.0511 0x1428  usbscan - ok
22:16:17.0527 0x1428  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
22:16:17.0542 0x1428  USBSTOR - ok
22:16:17.0558 0x1428  [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
22:16:17.0574 0x1428  usbuhci - ok
22:16:17.0620 0x1428  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
22:16:17.0652 0x1428  USBXHCI - ok
22:16:17.0667 0x1428  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
22:16:17.0667 0x1428  VaultSvc - ok
22:16:17.0699 0x1428  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
22:16:17.0699 0x1428  vdrvroot - ok
22:16:17.0777 0x1428  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
22:16:17.0824 0x1428  vds - ok
22:16:17.0839 0x1428  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
22:16:17.0855 0x1428  VerifierExt - ok
22:16:17.0902 0x1428  [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
22:16:17.0933 0x1428  vhdmp - ok
22:16:17.0949 0x1428  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
22:16:17.0964 0x1428  viaide - ok
22:16:17.0980 0x1428  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
22:16:17.0995 0x1428  vmbus - ok
22:16:18.0011 0x1428  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
22:16:18.0027 0x1428  VMBusHID - ok
22:16:18.0074 0x1428  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
22:16:18.0105 0x1428  vmicguestinterface - ok
22:16:18.0105 0x1428  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
22:16:18.0136 0x1428  vmicheartbeat - ok
22:16:18.0152 0x1428  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
22:16:18.0167 0x1428  vmickvpexchange - ok
22:16:18.0183 0x1428  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
22:16:18.0214 0x1428  vmicrdv - ok
22:16:18.0230 0x1428  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
22:16:18.0245 0x1428  vmicshutdown - ok
22:16:18.0261 0x1428  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
22:16:18.0277 0x1428  vmictimesync - ok
22:16:18.0292 0x1428  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
22:16:18.0324 0x1428  vmicvss - ok
22:16:18.0324 0x1428  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
22:16:18.0339 0x1428  volmgr - ok
22:16:18.0370 0x1428  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
22:16:18.0386 0x1428  volmgrx - ok
22:16:18.0417 0x1428  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
22:16:18.0433 0x1428  volsnap - ok
22:16:18.0449 0x1428  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
22:16:18.0464 0x1428  vpci - ok
22:16:18.0480 0x1428  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
22:16:18.0495 0x1428  vsmraid - ok
22:16:18.0542 0x1428  [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS             C:\WINDOWS\system32\vssvc.exe
22:16:18.0605 0x1428  VSS - ok
22:16:18.0636 0x1428  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
22:16:18.0652 0x1428  VSTXRAID - ok
22:16:18.0714 0x1428  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
22:16:18.0761 0x1428  vwifibus - ok
22:16:18.0792 0x1428  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
22:16:18.0839 0x1428  W32Time - ok
22:16:18.0870 0x1428  [ A22546B0093EBBDE03C52E56C3391373, 0C28D5C6A4E4EF12ABF0195409CAED17E07DEA22FB330D99FEEF847CBBC04A4E ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
22:16:18.0933 0x1428  w3logsvc - ok
22:16:18.0933 0x1428  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
22:16:18.0964 0x1428  WacomPen - ok
22:16:18.0995 0x1428  [ 23006D660C0E54BF1CE8253E15F5E995, 4FA7ED2F6B29BACBE2BB43C79FC8231C4C59F27C79AB09DB07BBFE36B35689E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:16:19.0042 0x1428  Wanarp - ok
22:16:19.0042 0x1428  [ 23006D660C0E54BF1CE8253E15F5E995, 4FA7ED2F6B29BACBE2BB43C79FC8231C4C59F27C79AB09DB07BBFE36B35689E5 ] Wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:16:19.0074 0x1428  Wanarpv6 - ok
22:16:19.0120 0x1428  [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
22:16:19.0152 0x1428  WAS - ok
22:16:19.0214 0x1428  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
22:16:19.0277 0x1428  wbengine - ok
22:16:19.0292 0x1428  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
22:16:19.0355 0x1428  WbioSrvc - ok
22:16:19.0355 0x1428  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
22:16:19.0386 0x1428  Wcmsvc - ok
22:16:19.0417 0x1428  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
22:16:19.0433 0x1428  wcncsvc - ok
22:16:19.0464 0x1428  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
22:16:19.0495 0x1428  WcsPlugInService - ok
22:16:19.0527 0x1428  [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
22:16:19.0542 0x1428  WdBoot - ok
22:16:19.0589 0x1428  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
22:16:19.0620 0x1428  Wdf01000 - ok
22:16:19.0636 0x1428  [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
22:16:19.0652 0x1428  WdFilter - ok
22:16:19.0683 0x1428  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
22:16:19.0824 0x1428  WdiServiceHost - ok
22:16:19.0824 0x1428  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
22:16:19.0839 0x1428  WdiSystemHost - ok
22:16:19.0870 0x1428  [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
22:16:19.0917 0x1428  WdNisDrv - ok
22:16:19.0933 0x1428  WdNisSvc - ok
22:16:19.0995 0x1428  [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:16:20.0074 0x1428  WebClient - ok
22:16:20.0105 0x1428  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
22:16:20.0136 0x1428  Wecsvc - ok
22:16:20.0152 0x14bc  Object send P2P result: true
22:16:20.0152 0x14bc  Object required for P2P: [ 3CBE5047BB08BD363420D68364F9E829 ] AntiVirService
22:16:20.0167 0x1428  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
22:16:20.0183 0x1428  WEPHOSTSVC - ok
22:16:20.0230 0x1428  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
22:16:20.0261 0x1428  wercplsupport - ok
22:16:20.0277 0x1428  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
22:16:20.0308 0x1428  WerSvc - ok
22:16:20.0339 0x1428  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
22:16:20.0355 0x1428  WFPLWFS - ok
22:16:20.0370 0x1428  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
22:16:20.0402 0x1428  WiaRpc - ok
22:16:20.0402 0x1428  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
22:16:20.0417 0x1428  WIMMount - ok
22:16:20.0417 0x1428  WinDefend - ok
22:16:20.0480 0x1428  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
22:16:20.0511 0x1428  WinHttpAutoProxySvc - ok
22:16:20.0558 0x1428  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:16:20.0605 0x1428  Winmgmt - ok
22:16:20.0683 0x1428  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
22:16:20.0792 0x1428  WinRM - ok
22:16:20.0824 0x1428  [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb          C:\WINDOWS\System32\drivers\WinUsb.sys
22:16:20.0886 0x1428  WinUsb - ok
22:16:20.0949 0x1428  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
22:16:21.0011 0x1428  WlanSvc - ok
22:16:21.0058 0x1428  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
22:16:21.0136 0x1428  wlidsvc - ok
22:16:21.0214 0x1428  [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum         C:\WINDOWS\system32\drivers\WmBEnum.sys
22:16:21.0230 0x1428  WmBEnum - ok
22:16:21.0261 0x1428  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
22:16:21.0292 0x1428  WmiAcpi - ok
22:16:21.0324 0x1428  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
22:16:21.0355 0x1428  wmiApSrv - ok
22:16:21.0386 0x1428  WMPNetworkSvc - ok
22:16:21.0417 0x1428  [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore        C:\WINDOWS\system32\drivers\WmXlCore.sys
22:16:21.0433 0x1428  WmXlCore - ok
22:16:21.0464 0x1428  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
22:16:21.0480 0x1428  Wof - ok
22:16:21.0527 0x1428  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
22:16:21.0620 0x1428  workfolderssvc - ok
22:16:21.0652 0x1428  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
22:16:21.0667 0x1428  wpcfltr - ok
22:16:21.0699 0x1428  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
22:16:21.0730 0x1428  WPCSvc - ok
22:16:21.0761 0x1428  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
22:16:21.0792 0x1428  WPDBusEnum - ok
22:16:21.0824 0x1428  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
22:16:21.0824 0x1428  WpdUpFltr - ok
22:16:21.0839 0x1428  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:16:21.0870 0x1428  ws2ifsl - ok
22:16:21.0902 0x1428  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
22:16:21.0933 0x1428  wscsvc - ok
22:16:21.0933 0x1428  WSearch - ok
22:16:22.0058 0x1428  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
22:16:22.0230 0x1428  WSService - ok
22:16:22.0417 0x1428  [ 4BD3138EF061E24F9FDC722B49274B40, F9339F6AA8822E5E1334E41BE4140F9E8E5B24D1CD85B4C746D714AFDD485B49 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
22:16:22.0542 0x1428  wuauserv - ok
22:16:22.0589 0x1428  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
22:16:22.0636 0x1428  WudfPf - ok
22:16:22.0652 0x1428  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
22:16:22.0683 0x1428  WUDFRd - ok
22:16:22.0714 0x1428  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
22:16:22.0745 0x1428  wudfsvc - ok
22:16:22.0761 0x1428  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
22:16:22.0777 0x1428  WUDFWpdFs - ok
22:16:22.0792 0x1428  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
22:16:22.0808 0x1428  WUDFWpdMtp - ok
22:16:22.0839 0x1428  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
22:16:22.0870 0x1428  WwanSvc - ok
22:16:22.0870 0x1428  ================ Scan global ===============================
22:16:22.0917 0x1428  [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\WINDOWS\system32\basesrv.dll
22:16:22.0964 0x1428  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
22:16:22.0995 0x1428  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
22:16:23.0058 0x1428  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
22:16:23.0058 0x1428  [ Global ] - ok
22:16:23.0058 0x1428  ================ Scan MBR ==================================
22:16:23.0074 0x1428  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:16:23.0152 0x1428  \Device\Harddisk0\DR0 - ok
22:16:23.0152 0x1428  ================ Scan VBR ==================================
22:16:23.0183 0x1428  [ DC434E4CE68371C0257562F10E59D8C1 ] \Device\Harddisk0\DR0\Partition1
22:16:23.0261 0x1428  \Device\Harddisk0\DR0\Partition1 - ok
22:16:23.0277 0x1428  [ 3BC3BBE85C5862F82D445926527DDE4A ] \Device\Harddisk0\DR0\Partition2
22:16:23.0324 0x1428  \Device\Harddisk0\DR0\Partition2 - ok
22:16:23.0339 0x1428  [ CA8623916A4A9F50086A957970977E6C ] \Device\Harddisk0\DR0\Partition3
22:16:23.0339 0x1428  \Device\Harddisk0\DR0\Partition3 - ok
22:16:23.0355 0x1428  [ B8242B121673FB16B11A4ACAA06AB030 ] \Device\Harddisk0\DR0\Partition4
22:16:23.0402 0x1428  \Device\Harddisk0\DR0\Partition4 - ok
22:16:23.0433 0x1428  [ 87A268C6BC6D4FEF3BA15752EDF2576D ] \Device\Harddisk0\DR0\Partition5
22:16:23.0464 0x1428  \Device\Harddisk0\DR0\Partition5 - ok
22:16:23.0480 0x1428  [ C4D051979BEA83FB73D0B79DEBB824B6 ] \Device\Harddisk0\DR0\Partition6
22:16:23.0527 0x1428  \Device\Harddisk0\DR0\Partition6 - ok
22:16:23.0542 0x1428  [ 0908369477BA8F33AB0078D8E3F402D8 ] \Device\Harddisk0\DR0\Partition7
22:16:23.0558 0x1428  \Device\Harddisk0\DR0\Partition7 - ok
22:16:23.0558 0x1428  ================ Scan generic autorun ======================
22:16:23.0589 0x1428  [ 96A1D93D16F959C6F5A63E749A9F2EF7, 9EDD4EEC5C625ECF4A1C82318ED6B74404E63A3D43312B53E4F627D76D47658C ] C:\Program Files\IDT\WDM\beats64.exe
22:16:23.0620 0x1428  BeatsOSDApp - detected UnsignedFile.Multi.Generic ( 1 )
22:16:23.0636 0x14bc  Object send P2P result: true
22:16:23.0636 0x14bc  Object required for P2P: [ CAA9D66CA6D21AF0AE7DA01D5AC6CC2F ] AntiVirWebService
22:16:26.0120 0x1428  Detect skipped due to KSN trusted
22:16:26.0120 0x1428  BeatsOSDApp - ok
22:16:26.0261 0x1428  [ CC450F79AC71C54FFE48527B9C547259, 8557B9B3E950498559DA2A0336D6BADDC2A63A862319DBDF831D1DDE112B06C1 ] C:\Users\Ulla & Christian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
22:16:26.0277 0x1428  Ocs_SM - detected UnsignedFile.Multi.Generic ( 1 )
22:16:27.0120 0x14bc  Object send P2P result: true
22:16:27.0120 0x14bc  Object required for P2P: [ 4764D299855174D6B5C7DA853B490029 ] avipbb
22:16:28.0777 0x1428  Detect skipped due to KSN trusted
22:16:28.0777 0x1428  Ocs_SM - ok
22:16:28.0839 0x1428  [ 2EA68E33DFF41A10F1BAB15FC3A28076, C971C009F36A87116FBE785E45EB7192EAD9BAF713C43C8A3AC643624144ECF9 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
22:16:28.0855 0x1428  KiesTrayAgent - ok
22:16:28.0917 0x1428  [ 4A57AB2D5E3624D63E7F8854C79F3D8C, 2637E8933193F10BC8CD893EE0CCF7ABF7A7B32A2278EFE95D958FDAD3794696 ] C:\Program Files\IDT\WDM\sttray64.exe
22:16:28.0949 0x1428  SysTrayApp - detected UnsignedFile.Multi.Generic ( 1 )
22:16:30.0620 0x14bc  Object send P2P result: true
22:16:30.0620 0x14bc  Object required for P2P: [ E477AF94ACCCF99A0E56D71D450DCCCB ] avnetflt
22:16:31.0464 0x1428  Detect skipped due to KSN trusted
22:16:31.0464 0x1428  SysTrayApp - ok
22:16:31.0542 0x1428  [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
22:16:31.0558 0x1428  GrooveMonitor - ok
22:16:31.0667 0x1428  [ 5668994A6AE925189C7D7F03BFE19C66, 269146783422D06BE2BA5D358D22B03339C102D0D5970894625C9C03BFCCB773 ] C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe
22:16:31.0699 0x1428  avgnt - ok
22:16:31.0824 0x1428  [ 07A37CB5C5A01E73FB69F138FAE2DB0E, 9E8B5D78D7EAB8FA35133763EDA91AFE5CDEE275D604F02CDB56FB00A0D5AA0F ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:16:31.0839 0x1428  Adobe ARM - ok
22:16:31.0870 0x1428  [ C8918EBDE8B9BA1C35F8030E7E8534D3, CFDF7B0592D290EC9F32B1A96283CA84D62E741E1B1B4C5CF3E0032EDB3D06DB ] C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
22:16:31.0886 0x1428  openvpn-gui - ok
22:16:31.0949 0x1428  [ 20FFD9CA4AF20000665B73F4E56235B4, 35D3B37CA3C6D5D1C0ECC1428145C1D498C22C532CB37B5A8CD27CA71911FE7B ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
22:16:31.0980 0x1428  ConnectionCenter - ok
22:16:32.0027 0x1428  [ 8FFDB89A0FB7C8ABC3A8825E38047341, B9107FAA3A885CD9A08C20F78D31C3642FA76812E417F41C4F2ADF7D90CA8C72 ] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
22:16:32.0058 0x1428  LWS - ok
22:16:32.0074 0x1428  [ 2EA68E33DFF41A10F1BAB15FC3A28076, C971C009F36A87116FBE785E45EB7192EAD9BAF713C43C8A3AC643624144ECF9 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
22:16:32.0089 0x1428  KiesTrayAgent - ok
22:16:32.0292 0x1428  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
22:16:32.0370 0x1428  SDTray - ok
22:16:32.0433 0x1428  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
22:16:32.0449 0x1428  HP Software Update - ok
22:16:32.0714 0x1428  [ FB5B78A3DE88FD3B725DA574497BC225, 0096C3ED0E29153E6A9E84C121B79A170FEDFE521AEA1BC602BC536E1795E5F3 ] C:\Program Files (x86)\Sicherheit-Ordnung\CCleaner64.exe
22:16:32.0980 0x1428  CCleaner Monitoring - ok
22:16:33.0152 0x1428  [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
22:16:33.0324 0x1428  Spybot-S&D Cleaning - ok
22:16:33.0433 0x1428  [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
22:16:33.0464 0x1428  SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
22:16:34.0120 0x14bc  Object send P2P result: true
22:16:35.0980 0x1428  Detect skipped due to KSN trusted
22:16:35.0980 0x1428  SpybotPostWindows10UpgradeReInstall - ok
22:16:35.0980 0x1428  Waiting for KSN requests completion. In queue: 12
22:16:36.0995 0x1428  Waiting for KSN requests completion. In queue: 12
22:16:38.0011 0x1428  Waiting for KSN requests completion. In queue: 12
22:16:39.0120 0x1428  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\wsctool.exe ( 15.0.15.106 ), 0x41000 ( enabled : updated )
22:16:39.0120 0x1428  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
22:16:39.0183 0x1428  Win FW state via NFP2: enabled ( trusted )
22:16:41.0714 0x1428  ============================================================
22:16:41.0714 0x1428  Scan finished
22:16:41.0714 0x1428  ============================================================
22:16:41.0730 0x0148  Detected object count: 0
22:16:41.0730 0x0148  Actual detected object count: 0
         
Vielleicht findest Du was.

Grüße

Christian


Alt 02.12.2015, 10:45   #6
chke
 
Virus hängt an alle Dateien .vvv - Standard

Virus hängt an alle Dateien .vvv



ich noch mal.

Irgendwas ist noch da. Beim Neustart kommt automatisch das:

Code:
ATTFilter
 ________________________1234____________________________________-
What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048.
More information about the encryption keys using RSA-2048 can be found here: hxxp://en.wikipedia.org/wiki/RSA_(cryptosystem)

What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.

How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do ?
________________________1234____________________________________
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.
________________________1234____________________________________

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1. hxxp://gfhshhf.home7dfg4.com/AEF8A5E235723E8F
2. hxxp://td63hftt.buwve5ton2.com/AEF8A5E235723E8F
3. https://tw7kaqthui5ojcez.onion.to/AEF8A5E235723E8F 
 
If for some reasons the addresses are not available, follow these steps:
1. Download and install tor-browser: hxxp://www.torproject.org/projects/torbrowser.html.en 
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: tw7kaqthui5ojcez.onion/AEF8A5E235723E8F 
4. Follow the instructions on the site.

IMPORTANT INFORMATION:
Your personal pages:
hxxp://gfhshhf.home7dfg4.com/AEF8A5E235723E8F
hxxp://td63hftt.buwve5ton2.com/AEF8A5E235723E8F 
https://tw7kaqthui5ojcez.onion.to/AEF8A5E235723E8F  
Your personal page (using TOR-Browser): tw7kaqthui5ojcez.onion/AEF8A5E235723E8F 
Your personal identification number (if you open the site (or TOR-Browser's) directly): AEF8A5E235723E8F
         
Der gleiche Text erscheint auch auf Firefox - ohne dass ich Firefox gestartet hätte. Alles automatisch.

Grüße

Christian

das obige Problem scheint gelöst.

Ich habe die Autostart/Word und Excel bereinigt.

Eine neu erstellte Excel-Datei ist bis jetzt nicht wieder befallen worden und kann uneingeschränkt genutzt werden.
Ich hoffe, dass das so bleibt und sich nicht noch irgendwo ein "Schläfer" versteckt hält.

Alt 03.12.2015, 14:36   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Virus hängt an alle Dateien .vvv - Standard

Virus hängt an alle Dateien .vvv



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.12.2015, 20:03   #8
chke
 
Virus hängt an alle Dateien .vvv - Standard

Virus hängt an alle Dateien .vvv



Hallo,

hier die Datei von MBAM
Code:
ATTFilter
# AdwCleaner v5.023 - Bericht erstellt am 04/12/2015 um 20:36:46
# Aktualisiert am 30/11/2015 von Xplode
# Datenbank : 2015-12-03.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Ulla & Christian - PC
# Gestartet von : C:\Users\Ulla & Christian\Downloads\AdwCleaner_5.023.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Program Files (x86)\myfree codec
[-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[#] Ordner Gelöscht : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\Extensions\staged\firefoxmini@go.im.xpi
[-] Ordner Gelöscht : C:\Users\Ulla & Christian\AppData\Roaming\DesktopIconForAmazon
[-] Ordner Gelöscht : C:\Users\Ulla & Christian\AppData\Roaming\OCS

***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****

[-] Verknüpfung Desinfiziert : C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks\WorldofTanks.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk

***** [ Aufgabenplanung ] *****

[-] Aufgabenplanung Gelöscht : WOT N
[-] Aufgabenplanung Gelöscht : WOT T

***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
[-] Schlüssel Gelöscht : HKCU\Software\5f2dedae73ee414
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{405592DC-1E4A-47F9-9C3C-DCCC346655FD}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Schlüssel Gelöscht : HKCU\Software\Myfree Codec
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Softonic
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{206a7328-437f-4bd9-b53e-12bfee24d588}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldofTanks
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1837A345-0C6D-42AE-ACD6-6C4F5FF490BA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your Software Deals_is1
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
[-] Schlüssel Gelöscht : HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Myfree Codec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0376A5AC-5698-4CFB-BF5B-1A12FE88CE17}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2B9277F9-9AFF-4BE1-8D9F-5C47ACDE8AF9}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{471E55EA-5870-4D06-85B1-087E723116A4}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{68DA0295-7A32-4CC5-A929-A2513D7186F0}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B52B0020-6410-4905-8380-4EED9883BE80}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}

***** [ Internetbrowser ] *****

[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.LayoutId", "1");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":3}");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.adapters", "{\"get3.adobe.com\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"AdapterKey\":\"default_adapter\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"140891[...]
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"b7110a40-a16f-4a12-a411-bd0b6014905a\",\"name\":\"Superfish\",\"addonId\":2,\"url\":\"//www.superfish.com/ws/sf_main.jsp\",\"queryStri[...]
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts.iRobinHood.IROBPKG", "{\"pkgid\":\"wrPCtMK3wrHCtMK4wrbCtcK0\",\"raw_pkgid\":\"256059745\"}");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts.iRobinHood.irobsettings2", "[{\"ALERT_MESSAGES\":1,\"Analytics_code\":\"\",\"APPROVE_STRIP_COLOR\":\"4BBA42    \",\"CHARITY_URL\":\"hxxp://iminent.donation-tools.org[...]
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrPCtMK3wrHCtMK4wrbCtcK0");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent102", "1416262758803");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent109", "1416170232538");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent110", "1414520649129");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent111", "1416170231631");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent112", "1416170232608");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent122", "1416170232705");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent136", "1414609195025");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent140", "1416259266190");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts12", "1415310470837");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts14", "1415278245956");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts15", "1415309653277");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts16", "1415226049923");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts2", "1415226048960");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts3", "1415226049499");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts5", "1415226049606");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts6", "1415309640296");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts7", "1415226049713");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts8", "1415226049814");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts9", "1415309652970");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.version", "8.45.2.1");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.45.2.1\",\"InstallEventCTime\":1416178805692,\"InstallEvent\":\"True\"}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":3}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.adapters", "{\"www.google.de\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"google\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"1409337617899864[...]
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent102", "1409337619205");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.version", "8.31.1.1");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.31.1.1\",\"InstallEventCTime\":1409337604546,\"InstallEvent\":\"True\"}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.versioning", "");

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [38428 Bytes] ##########
         
hier die AdwCleaner - Datei:
Code:
ATTFilter
# AdwCleaner v5.023 - Bericht erstellt am 04/12/2015 um 20:36:46
# Aktualisiert am 30/11/2015 von Xplode
# Datenbank : 2015-12-03.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Ulla & Christian - PC
# Gestartet von : C:\Users\Ulla & Christian\Downloads\AdwCleaner_5.023.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Program Files (x86)\myfree codec
[-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[#] Ordner Gelöscht : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\Extensions\staged\firefoxmini@go.im.xpi
[-] Ordner Gelöscht : C:\Users\Ulla & Christian\AppData\Roaming\DesktopIconForAmazon
[-] Ordner Gelöscht : C:\Users\Ulla & Christian\AppData\Roaming\OCS

***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****

[-] Verknüpfung Desinfiziert : C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks\WorldofTanks.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk

***** [ Aufgabenplanung ] *****

[-] Aufgabenplanung Gelöscht : WOT N
[-] Aufgabenplanung Gelöscht : WOT T

***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
[-] Schlüssel Gelöscht : HKCU\Software\5f2dedae73ee414
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{405592DC-1E4A-47F9-9C3C-DCCC346655FD}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Schlüssel Gelöscht : HKCU\Software\Myfree Codec
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Softonic
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{206a7328-437f-4bd9-b53e-12bfee24d588}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldofTanks
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1837A345-0C6D-42AE-ACD6-6C4F5FF490BA}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your Software Deals_is1
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
[-] Schlüssel Gelöscht : HKU\S-1-5-21-3876800203-89553269-3656360523-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Myfree Codec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0376A5AC-5698-4CFB-BF5B-1A12FE88CE17}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2B9277F9-9AFF-4BE1-8D9F-5C47ACDE8AF9}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{471E55EA-5870-4D06-85B1-087E723116A4}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{68DA0295-7A32-4CC5-A929-A2513D7186F0}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B52B0020-6410-4905-8380-4EED9883BE80}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}

***** [ Internetbrowser ] *****

[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.LayoutId", "1");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":3}");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.adapters", "{\"get3.adobe.com\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"AdapterKey\":\"default_adapter\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"140891[...]
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"b7110a40-a16f-4a12-a411-bd0b6014905a\",\"name\":\"Superfish\",\"addonId\":2,\"url\":\"//www.superfish.com/ws/sf_main.jsp\",\"queryStri[...]
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts.iRobinHood.IROBPKG", "{\"pkgid\":\"wrPCtMK3wrHCtMK4wrbCtcK0\",\"raw_pkgid\":\"256059745\"}");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts.iRobinHood.irobsettings2", "[{\"ALERT_MESSAGES\":1,\"Analytics_code\":\"\",\"APPROVE_STRIP_COLOR\":\"4BBA42    \",\"CHARITY_URL\":\"hxxp://iminent.donation-tools.org[...]
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrPCtMK3wrHCtMK4wrbCtcK0");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent102", "1416262758803");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent109", "1416170232538");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent110", "1414520649129");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent111", "1416170231631");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent112", "1416170232608");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent122", "1416170232705");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent136", "1414609195025");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent140", "1416259266190");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts12", "1415310470837");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts14", "1415278245956");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts15", "1415309653277");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts16", "1415226049923");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts2", "1415226048960");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts3", "1415226049499");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts5", "1415226049606");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts6", "1415309640296");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts7", "1415226049713");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts8", "1415226049814");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackExternalScripts9", "1415309652970");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.version", "8.45.2.1");
[-] [C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.45.2.1\",\"InstallEventCTime\":1416178805692,\"InstallEvent\":\"True\"}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":3}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.adapters", "{\"www.google.de\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"google\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"1409337617899864[...]
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent102", "1409337619205");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.version", "8.31.1.1");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.31.1.1\",\"InstallEventCTime\":1409337604546,\"InstallEvent\":\"True\"}");
[-] [C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\7tneikau.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.versioning", "");

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [38428 Bytes] ##########
         
und dann noch die JRT-Datei:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64 
Ran by Ulla & Christian (Administrator) on 04.12.2015 at 20:51:44,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4 

Successfully deleted: C:\Users\Ulla & Christian\AppData\Local\worldoftanks (Folder) 
Successfully deleted: C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\worldoftanks.lnk (Shortcut) 
Successfully deleted: C:\Users\Ulla & Christian\AppData\Roaming\worldoftanks (Folder) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 



Registry: 1 

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{471E55EA-5870-4D06-85B1-087E723116A4} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.12.2015 at 20:53:31,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 04.12.2015, 20:06   #9
chke
 
Virus hängt an alle Dateien .vvv - Standard

Virus hängt an alle Dateien .vvv



und dann noch der Text von FRST:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
durchgeführt von Ulla & Christian (Administrator) auf PC (04-12-2015 21:04:01)
Gestartet von C:\Users\Ulla & Christian\Downloads
Geladene Profile: Ulla & Christian (Verfügbare Profile: Ulla & Christian & Jan)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(The OpenVPN Project) C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Ulla & Christian\Downloads\FRST64(1).exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard )
HKLM\...\Run: [Ocs_SM] => C:\Users\Ulla & Christian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [openvpn-gui] => C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe [436776 2013-06-14] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\Sicherheit-Ordnung\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{82DFC5A4-518D-445C-A2B1-591A6747A3D5}: [DhcpNameServer] 192.168.103.1 192.168.103.20
Tcpip\..\Interfaces\{B56279DC-0CCA-4C4C-8F65-B5B765D59070}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {F2109080-1672-4F41-BDB0-B480859F3699} URL = hxxp://www.google.de/search?q={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\Filme - Video\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Bilder\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3876800203-89553269-3656360523-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ulla & Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-10-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2010-07-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-10-12] (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.html [2015-11-29]
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.txt [2015-11-29]
FF Extension: Shrunked Image Resizer - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\extensions\shrunked@darktrojan.net.xpi [2015-09-14]
FF Extension: Avira Browser Safety - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\Extensions\abs@avira.com [2015-11-29] [ist nicht signiert]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2015\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [Datei ist nicht signiert]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
S3 OpenVPNService; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [Datei ist nicht signiert]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-12-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-04-27] () [Datei ist nicht signiert]
R2 ammntdrv; C:\windows\system32\ammntdrv.sys [151480 2013-04-27] () [Datei ist nicht signiert]
R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [17848 2013-02-06] () [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-04 20:53 - 2015-12-04 20:53 - 00001049 _____ C:\Users\Ulla & Christian\Desktop\JRT.txt
2015-12-04 20:50 - 2015-12-04 20:50 - 01599336 _____ (Malwarebytes) C:\Users\Ulla & Christian\Downloads\JRT.exe
2015-12-04 20:34 - 2015-12-04 20:36 - 00000000 ____D C:\AdwCleaner
2015-12-04 20:31 - 2015-12-04 20:31 - 01736704 _____ C:\Users\Ulla & Christian\Downloads\AdwCleaner_5.023.exe
2015-12-04 19:57 - 2015-12-04 20:46 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-12-04 19:57 - 2015-12-04 19:57 - 00001123 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-12-04 19:57 - 2015-12-04 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-12-04 19:57 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-04 19:57 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-04 19:15 - 2015-12-04 19:16 - 22908888 _____ (Malwarebytes ) C:\Users\Ulla & Christian\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-02 13:49 - 2015-12-02 13:49 - 00294272 _____ C:\WINDOWS\Minidump\120215-20734-01.dmp
2015-12-02 13:21 - 2015-12-02 13:51 - 00000000 ____D C:\Program Files\Recuva
2015-12-02 13:21 - 2015-12-02 13:21 - 00001679 _____ C:\Users\Public\Desktop\Recuva.lnk
2015-12-02 13:21 - 2015-12-02 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-12-02 13:14 - 2015-12-02 13:20 - 04426120 _____ (Piriform Ltd) C:\Users\Ulla & Christian\Downloads\rcsetup152.exe
2015-12-02 13:07 - 2015-12-02 13:07 - 00380416 _____ C:\Users\Ulla & Christian\Downloads\Gmer-19357.exe
2015-12-01 22:13 - 2015-12-01 22:16 - 00235860 _____ C:\TDSSKiller.3.1.0.7_01.12.2015_22.13.25_log.txt
2015-12-01 22:12 - 2015-12-01 22:12 - 00000560 _____ C:\TDSSKiller.3.1.0.7_01.12.2015_22.12.00_log.txt
2015-12-01 22:11 - 2015-12-01 22:11 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\Ulla & Christian\Downloads\tdsskiller.exe
2015-12-01 21:28 - 2015-12-01 21:28 - 00001093 _____ C:\Users\Ulla & Christian\Desktop\mbar.lnk
2015-12-01 21:10 - 2015-12-01 21:10 - 00001301 _____ C:\Users\Ulla & Christian\Downloads\mbar-1.09.3.1001.exe - Verknüpfung.lnk
2015-12-01 20:42 - 2015-12-01 20:42 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-01 20:37 - 2015-12-01 20:37 - 00292976 _____ C:\WINDOWS\Minidump\120115-23468-01.dmp
2015-12-01 15:44 - 2015-12-01 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-01 15:29 - 2015-12-01 15:29 - 00296856 _____ C:\WINDOWS\Minidump\120115-29140-01.dmp
2015-12-01 15:28 - 2015-12-02 13:49 - 563044145 _____ C:\WINDOWS\MEMORY.DMP
2015-12-01 11:06 - 2015-12-01 11:08 - 00001256 _____ C:\Users\Ulla & Christian\Desktop\FRST64.lnk
2015-12-01 00:11 - 2015-12-01 00:11 - 00000000 _____ C:\Users\Ulla & Christian\defogger_reenable
2015-12-01 00:10 - 2015-12-01 00:10 - 00050477 _____ C:\Users\Ulla & Christian\Downloads\Defogger.exe
2015-11-30 23:21 - 2015-12-04 20:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 23:21 - 2015-12-04 20:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-30 23:21 - 2015-12-04 19:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-30 23:19 - 2015-11-30 23:19 - 00000000 ____D C:\Malwarebytes
2015-11-30 23:19 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-30 23:18 - 2015-11-30 23:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ulla & Christian\Downloads\mbar-1.09.3.1001.exe
2015-11-30 23:06 - 2015-12-01 11:11 - 00059415 _____ C:\Users\Ulla & Christian\Downloads\Addition.txt
2015-11-30 23:05 - 2015-12-04 21:04 - 00022888 _____ C:\Users\Ulla & Christian\Downloads\FRST.txt
2015-11-30 23:05 - 2015-12-04 21:04 - 00000000 ____D C:\FRST
2015-11-30 23:04 - 2015-11-30 23:04 - 02350080 _____ (Farbar) C:\Users\Ulla & Christian\Downloads\FRST64(1).exe
2015-11-30 23:02 - 2015-11-30 23:02 - 02350080 _____ (Farbar) C:\Users\Ulla & Christian\Downloads\FRST64.exe
2015-11-30 13:54 - 2015-11-30 13:56 - 00000050 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2015-11-30 13:54 - 2015-11-30 13:55 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-29 22:45 - 2015-11-29 22:45 - 00024261 _____ C:\Users\Ulla & Christian\Downloads\RX_151129_Bestellbestaetigung_VID3_2245.pdf
2015-11-29 21:46 - 2015-11-29 21:46 - 00006921 _____ C:\WINDOWS\Tasks\how_recover+yer.html
2015-11-29 21:46 - 2015-11-29 21:46 - 00002401 _____ C:\WINDOWS\Tasks\how_recover+yer.txt
2015-11-29 21:45 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\how_recover+yer.html
2015-11-29 21:45 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:33 - 00006921 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:33 - 00002401 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.txt
2015-11-29 21:26 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.html
2015-11-29 21:26 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Downloads\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Downloads\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Documents\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Documents\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\ProgramData\how_recover+yer.txt
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-11-29 21:18 - 2015-11-29 21:18 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\7 Zip 32 Bit - CHIP-Installer.exe
2015-11-29 21:16 - 2015-11-29 21:26 - 00000670 _____ C:\Users\Ulla & Christian\Documents\recover_file_jkvrflnqu.txt.vvv
2015-11-28 23:24 - 2015-11-28 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-11-28 23:22 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-11-28 23:22 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-11-28 23:22 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-11-28 23:22 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-11-28 23:21 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-11-28 23:21 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-11-28 23:21 - 2015-10-10 19:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2015-11-28 23:21 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-11-28 23:21 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-11-28 23:21 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-11-28 23:21 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-11-28 23:21 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-28 23:21 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-11-28 23:21 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-11-28 23:21 - 2015-09-28 19:31 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-11-28 23:21 - 2015-09-28 19:24 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-11-28 23:21 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-11-28 22:23 - 2015-11-28 22:23 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(3).exe
2015-11-25 23:20 - 2015-11-25 23:23 - 88173384 _____ (Buhl Data Service GmbH) C:\Users\Ulla & Christian\Downloads\WISOFinanz2016.exe
2015-11-23 07:26 - 2015-11-29 21:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\DataDesign
2015-11-22 17:53 - 2015-11-22 17:54 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(2).exe
2015-11-18 20:20 - 2015-11-18 20:20 - 00000000 ____D C:\Users\Jan\AppData\Roaming\HpUpdate
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-10 19:37 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 19:37 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 19:37 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 19:37 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-10 19:37 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 19:37 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-10 19:37 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-10 19:37 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-10 19:37 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-10 19:37 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-10 19:37 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-10 19:35 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-10 19:35 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-10 19:35 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-10 19:35 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-10 19:35 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-10 19:35 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 19:35 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 19:35 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-10 19:35 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 19:35 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 19:35 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-10 19:35 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-10 19:35 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-10 19:35 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-10 19:35 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-10 19:35 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-10 19:35 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-10 19:35 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-10 19:35 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-10 19:35 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-10 19:35 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-10 19:35 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-10 19:35 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-10 19:35 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-10 19:35 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-10 19:35 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-10 19:30 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-10 19:30 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-10 19:30 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-10 19:30 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-10 19:30 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-07 18:17 - 2015-11-07 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-11-07 18:14 - 2015-11-07 18:14 - 07369576 _____ (Wargaming.net ) C:\Users\Ulla & Christian\Downloads\WoWS_internet_install_eu.exe
2015-11-07 15:58 - 2015-11-07 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 12:48 - 2015-11-06 12:49 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(1).exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-04 20:59 - 2013-09-12 20:04 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-04 20:57 - 2013-06-16 20:58 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1001
2015-12-04 20:52 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-04 20:45 - 2014-09-24 07:17 - 01989598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-04 20:45 - 2014-09-24 06:43 - 00844836 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-04 20:45 - 2014-09-24 06:43 - 00192568 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-04 20:45 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-04 20:38 - 2014-11-27 07:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-04 20:38 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-04 20:36 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks
2015-12-04 20:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2015-12-02 17:25 - 2014-11-27 07:27 - 00000000 ____D C:\Users\Ulla & Christian
2015-12-02 17:19 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MediaMonkey
2015-12-02 13:49 - 2015-03-08 14:44 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-01 21:12 - 2014-11-27 07:27 - 00000000 ____D C:\Users\Jan
2015-12-01 20:42 - 2014-11-17 00:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-01 15:44 - 2015-05-07 21:02 - 00002274 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-12-01 15:43 - 2013-06-23 17:57 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-12-01 15:43 - 2013-06-23 17:57 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-12-01 15:43 - 2013-06-23 17:57 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-12-01 15:43 - 2013-06-23 17:57 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-11-30 23:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-11-30 23:45 - 2013-08-22 15:44 - 00505968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-30 23:44 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-30 13:55 - 2014-11-27 07:18 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-11-29 21:45 - 2014-08-31 18:37 - 00000000 ___RD C:\Users\Ulla & Christian\SkyDrive
2015-11-29 21:45 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\VirtualStore
2015-11-29 21:34 - 2015-09-03 14:21 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner (2)
2015-11-29 21:34 - 2015-04-04 14:47 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner
2015-11-29 21:34 - 2013-10-05 10:52 - 00000000 ___RD C:\Users\Ulla & Christian\Dropbox
2015-11-29 21:34 - 2013-06-25 13:22 - 00000000 ____D C:\Users\Ulla & Christian\Mozilla Thunderbird
2015-11-29 21:33 - 2015-11-01 22:19 - 00392270 _____ C:\Users\Ulla & Christian\Downloads\10984200_908781199162434_4585968420000991718_o.jpg.vvv
2015-11-29 21:33 - 2015-10-28 22:39 - 00113870 _____ C:\Users\Ulla & Christian\Downloads\ZIAUFEIN_gquatybzpgcfmcaexqtkhxyk6abcs.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:31 - 00020558 _____ C:\Users\Ulla & Christian\Downloads\_14576829_KuendigungsbestaetigungneuerLieferant_20151027_408d6e5b9a03c91b25785313609ad7d0.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:24 - 00021150 _____ C:\Users\Ulla & Christian\Downloads\_122679474_KuendigungsbestaetigungneuerLieferant_20151027_16f7742108956c86b068dca1a61d62c6.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:20 - 00566430 _____ C:\Users\Ulla & Christian\Downloads\005056881A0F1EE59F995BDDE2AF0EF0.pdf.vvv
2015-11-29 21:33 - 2015-10-25 12:55 - 01781646 _____ C:\Users\Ulla & Christian\Downloads\Ahnenblatt-Handbuch.pdf.vvv
2015-11-29 21:33 - 2015-09-28 21:21 - 00451534 _____ C:\Users\Ulla & Christian\Downloads\320.pdf.vvv
2015-11-29 21:33 - 2015-09-20 20:07 - 00313454 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Preisinformation_20150908_005df263fe16be59a1e07e1fd8a76672.pdf.vvv
2015-11-29 21:33 - 2015-09-13 12:54 - 00122526 _____ C:\Users\Ulla & Christian\Downloads\2390_499_1.PDF.vvv
2015-11-29 21:33 - 2015-09-13 12:32 - 00114462 _____ C:\Users\Ulla & Christian\Downloads\2390_493_1.PDF.vvv
2015-11-29 21:33 - 2015-08-15 23:11 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Lacey
2015-11-29 21:33 - 2015-08-15 22:19 - 09891454 _____ C:\Users\Ulla & Christian\Downloads\freemusicdownloader_1-59.zip.vvv
2015-11-29 21:33 - 2015-05-17 20:41 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721(1).pdf.vvv
2015-11-29 21:33 - 2015-05-17 20:38 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721.pdf.vvv
2015-11-29 21:33 - 2015-04-11 15:42 - 00178222 _____ C:\Users\Ulla & Christian\Downloads\rlmpdf.pdf.vvv
2015-11-29 21:33 - 2015-03-06 20:40 - 00984990 _____ C:\Users\Ulla & Christian\Downloads\Bedarfsfeldbroschuere_Vermoegen_anlegen_VR.pdf.vvv
2015-11-29 21:33 - 2015-01-09 23:24 - 01414318 _____ C:\Users\Ulla & Christian\Downloads\Syno_QIG_2bay2_deu.pdf.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 30247390 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_110114.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 11537854 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_Utility99.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:26 - 21632238 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_v1_110825.zip.vvv
2015-11-29 21:33 - 2014-12-21 14:12 - 00027790 _____ C:\Users\Ulla & Christian\Downloads\RX_141221_Bestellbestaetigung_VID616_1412.pdf.vvv
2015-11-29 21:33 - 2014-11-23 21:39 - 00039278 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Lieferbestaetigung_20141121_df4db33247be1b6428d8ec0eb7955911.pdf.vvv
2015-11-29 21:33 - 2014-10-25 22:41 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Gameforge Live
2015-11-29 21:33 - 2014-08-03 12:06 - 00225342 _____ C:\Users\Ulla & Christian\Downloads\testresultate_farbspruehgeraete.pdf.vvv
2015-11-29 21:33 - 2014-07-28 19:47 - 00916606 _____ C:\Users\Ulla & Christian\Downloads\flexibrass.pdf.vvv
2015-11-29 21:33 - 2014-05-27 19:08 - 00342942 _____ C:\Users\Ulla & Christian\Downloads\IMM1294E.PDF.vvv
2015-11-29 21:33 - 2014-05-27 18:54 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent(1).pdf.vvv
2015-11-29 21:33 - 2014-05-10 14:46 - 00239358 _____ C:\Users\Ulla & Christian\Downloads\document.pdf.vvv
2015-11-29 21:33 - 2014-05-04 12:08 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent.pdf.vvv
2015-11-29 21:33 - 2014-02-13 22:20 - 00078174 _____ C:\Users\Ulla & Christian\Downloads\identificationAstIdent.PDF.vvv
2015-11-29 21:33 - 2013-12-21 20:55 - 00001150 _____ C:\Users\Ulla & Christian\Downloads\umsatz-5232________0800-20131221.csv.vvv
2015-11-29 21:33 - 2013-12-01 19:02 - 00000000 ____D C:\Users\Ulla & Christian\Documents\SelfMV
2015-11-29 21:33 - 2013-10-05 20:18 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister
2015-11-29 21:33 - 2013-07-25 15:22 - 00000000 ___RD C:\Users\Ulla & Christian\Documents\Scanned Documents
2015-11-29 21:33 - 2013-07-12 21:07 - 00509358 _____ C:\Users\Ulla & Christian\Downloads\15875_1373659579.pdf.vvv
2015-11-29 21:33 - 2013-07-12 21:05 - 00103934 _____ C:\Users\Ulla & Christian\Downloads\versicherungsbedingungen_indiv_praktikum.pdf.vvv
2015-11-29 21:33 - 2013-07-03 22:32 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Volition
2015-11-29 21:33 - 2013-06-30 13:26 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister Backup
2015-11-29 21:33 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\Documents\WISO Mein Geld
2015-11-29 21:33 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\Documents\samsung
2015-11-29 21:26 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Skype
2015-11-29 21:26 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\Documents\My Games
2015-11-29 21:26 - 2013-07-25 15:22 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Fax
2015-11-29 21:26 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Amazon MP3
2015-11-29 21:26 - 2013-07-05 20:19 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\vlc
2015-11-29 21:26 - 2013-07-05 20:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WebApp
2015-11-29 21:26 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\Documents\CyberLink
2015-11-29 21:26 - 2013-07-02 22:05 - 00000000 ____D C:\Users\Ulla & Christian\Documents\default
2015-11-29 21:26 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Thunderbird
2015-11-29 21:26 - 2013-06-22 08:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Wargaming.net
2015-11-29 21:26 - 2013-06-21 22:14 - 00000000 ____D C:\Users\Ulla & Christian\Bilder
2015-11-29 21:26 - 2013-06-18 01:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WinBatch
2015-11-29 21:26 - 2013-06-17 13:03 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Ahnenblatt
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.system.package.metadata
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.applications.package.appdata
2015-11-29 21:25 - 2015-11-03 13:41 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MyPhoneExplorer
2015-11-29 21:25 - 2015-10-25 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2015-11-29 21:25 - 2015-05-17 15:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Hewlett-Packard
2015-11-29 21:25 - 2015-05-17 15:42 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\HpUpdate
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\java
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\.minecraft
2015-11-29 21:25 - 2014-12-24 22:48 - 00000000 __SHD C:\Users\Ulla & Christian\AppData\LocalLow\EmieSiteList
2015-11-29 21:25 - 2014-12-13 11:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\hpqLog
2015-11-29 21:25 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera Software
2015-11-29 21:25 - 2014-09-24 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Temp
2015-11-29 21:25 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Skype
2015-11-29 21:25 - 2014-02-02 11:21 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-11-29 21:25 - 2013-12-22 18:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Sun
2015-11-29 21:25 - 2013-10-05 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ArcSoft
2015-11-29 21:25 - 2013-10-05 10:49 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-29 21:25 - 2013-10-05 10:48 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Dropbox
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\WarThunder
2015-11-29 21:25 - 2013-09-01 20:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Leadertech
2015-11-29 21:25 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ICAClient
2015-11-29 21:25 - 2013-08-26 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Sophos
2015-11-29 21:25 - 2013-08-26 19:50 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2015-11-29 21:25 - 2013-08-09 18:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2015-11-29 21:25 - 2013-08-07 20:57 - 00000000 __RHD C:\Users\Ulla & Christian\AppData\Roaming\SecuROM
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Program Files
2015-11-29 21:25 - 2013-07-10 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging
2015-11-29 21:25 - 2013-07-10 21:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Lasersoft Imaging
2015-11-29 21:25 - 2013-07-05 20:39 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Media Player Classic
2015-11-29 21:25 - 2013-07-05 20:36 - 00000462 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:25 - 2013-07-05 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\dvdcss
2015-11-29 21:25 - 2013-07-05 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Windows Live
2015-11-29 21:25 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\CyberLink
2015-11-29 21:25 - 2013-07-05 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Mozilla
2015-11-29 21:25 - 2013-07-03 22:40 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga
2015-11-29 21:25 - 2013-07-03 22:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele
2015-11-29 21:25 - 2013-07-02 22:15 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\AVS4YOU
2015-11-29 21:25 - 2013-07-02 22:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ashampoo
2015-11-29 21:25 - 2013-07-02 06:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canon
2015-11-29 21:25 - 2013-07-01 22:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Adobe
2015-11-29 21:25 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Thunderbird
2015-11-29 21:25 - 2013-06-23 20:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-11-29 21:25 - 2013-06-23 18:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Avira
2015-11-29 21:25 - 2013-06-23 17:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canneverbe Limited
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service GmbH
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service
2015-11-29 21:25 - 2013-06-19 21:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\NVIDIA
2015-11-29 21:25 - 2013-06-18 13:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft Web Folders
2015-11-29 21:25 - 2013-06-17 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Samsung
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Samsung
2015-11-29 21:25 - 2013-06-17 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ahnenblatt
2015-11-29 21:25 - 2013-06-16 21:38 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Macromedia
2015-11-29 21:25 - 2013-06-16 20:53 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Adobe
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Hewlett-Packard
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Power2Go8
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Packages
2015-11-29 21:24 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Opera Software
2015-11-29 21:24 - 2013-06-21 20:57 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Microsoft Help
2015-11-29 21:24 - 2013-06-17 22:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Mozilla
2015-11-29 21:23 - 2015-11-03 13:42 - 00000000 ____D C:\Users\Ulla & Christian\.android
2015-11-29 21:23 - 2015-06-09 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\GWX
2015-11-29 21:23 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\Visan
2015-11-29 21:23 - 2015-01-10 22:40 - 00000000 ____D C:\ProgramData\Synology
2015-11-29 21:23 - 2014-11-27 07:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-29 21:23 - 2014-11-17 00:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-29 21:23 - 2014-08-31 18:37 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-11-29 21:23 - 2014-08-17 16:22 - 00000000 ____D C:\ProgramData\Skype
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Sun
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Oracle
2015-11-29 21:23 - 2013-11-14 20:02 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-11-29 21:23 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\tmp
2015-11-29 21:23 - 2013-10-03 19:03 - 00000000 ____D C:\Users\Ulla & Christian\2013_10_03
2015-11-29 21:23 - 2013-09-25 20:16 - 00000000 ____D C:\ProgramData\WarThunder
2015-11-29 21:23 - 2013-09-25 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Gameforge4d
2015-11-29 21:23 - 2013-09-01 20:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech® Webcam-Software
2015-11-29 21:23 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Citrix
2015-11-29 21:23 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-29 21:23 - 2013-07-12 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Apps\2.0
2015-11-29 21:23 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Public\CyberLink
2015-11-29 21:23 - 2013-07-04 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\DFH
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Public\Documents\Softwrap
2015-11-29 21:23 - 2013-07-02 22:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ashampoo
2015-11-29 21:23 - 2013-07-02 06:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP
2015-11-29 21:23 - 2013-06-30 15:28 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP Quick Start
2015-11-29 21:23 - 2013-06-23 18:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ArcSoft
2015-11-29 21:23 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Buhl Data Service
2015-11-29 21:23 - 2013-06-23 11:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Macromedia
2015-11-29 21:23 - 2013-06-17 22:27 - 00000000 ____D C:\ProgramData\Mozilla
2015-11-29 21:23 - 2013-06-17 21:59 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Google
2015-11-29 21:23 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\MediaMonkey
2015-11-29 21:23 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-11-29 21:23 - 2013-06-17 21:33 - 00000000 ____D C:\ProgramData\Samsung
2015-11-29 21:23 - 2013-06-17 21:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Downloaded Installations
2015-11-29 21:23 - 2013-06-17 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Adobe
2015-11-29 21:23 - 2013-06-16 21:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Hewlett-Packard
2015-11-29 21:23 - 2013-06-16 20:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\Users\Public\Symantec
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\ProgramData\Norton
2015-11-29 21:23 - 2013-01-12 06:37 - 00000000 ____D C:\ProgramData\NortonInstaller
2015-11-29 21:23 - 2013-01-12 06:36 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2015-11-29 21:23 - 2013-01-12 06:23 - 00000000 ____D C:\ProgramData\Temp
2015-11-29 21:23 - 2013-01-12 06:14 - 00000000 ____D C:\ProgramData\SoundResearch
2015-11-29 21:23 - 2012-08-10 16:06 - 00000000 ____D C:\ProgramData\PRICache
2015-11-29 21:23 - 2010-01-25 22:35 - 00000000 ___DC C:\ProgramData\Mozilla Thunderbird
2015-11-29 21:22 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-11-29 21:22 - 2015-05-17 15:41 - 00000000 ____D C:\ProgramData\HP
2015-11-29 21:22 - 2014-12-20 16:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-11-29 21:22 - 2013-11-26 07:45 - 00000000 ____D C:\ProgramData\McAfee
2015-11-29 21:22 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\hps
2015-11-29 21:22 - 2013-09-01 21:25 - 00000000 ____D C:\ProgramData\FLEXnet
2015-11-29 21:22 - 2013-09-01 20:00 - 00000000 ____D C:\ProgramData\LogiShrd
2015-11-29 21:22 - 2013-07-03 22:32 - 00000000 ____D C:\ProgramData\InstallMate
2015-11-29 21:22 - 2013-06-23 18:07 - 00000000 ____D C:\ProgramData\eBay
2015-11-29 21:22 - 2013-06-21 22:16 - 00000000 ____D C:\ProgramData\MediaMonkey
2015-11-29 21:22 - 2013-01-12 06:25 - 00000000 ____D C:\ProgramData\install_clap
2015-11-29 21:22 - 2013-01-12 06:19 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-29 21:21 - 2015-01-10 19:07 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2015-11-29 21:21 - 2014-11-27 08:00 - 00000000 ____D C:\ProgramData\AmUStor
2015-11-29 21:21 - 2013-08-27 20:03 - 00000000 ____D C:\ProgramData\Citrix
2015-11-29 21:21 - 2013-07-02 22:20 - 00000000 ____D C:\ProgramData\AomeiBR
2015-11-29 21:21 - 2013-07-02 22:00 - 00000000 ____D C:\ProgramData\Ashampoo
2015-11-29 21:21 - 2013-07-02 06:37 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-11-29 21:21 - 2013-07-01 20:47 - 00000000 ____D C:\ProgramData\Adobe
2015-11-29 21:21 - 2013-06-23 20:30 - 00000000 ____D C:\ProgramData\AVS4YOU
2015-11-29 21:21 - 2013-06-23 18:11 - 00000000 ____D C:\ProgramData\ArcSoft
2015-11-29 21:21 - 2013-06-23 17:57 - 00000000 ____D C:\ProgramData\Avira
2015-11-29 21:21 - 2013-06-23 17:55 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-11-29 21:21 - 2013-06-23 11:35 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\Apple
2015-11-29 21:18 - 2012-10-12 04:21 - 00000000 _RSHD C:\SYSTEM.SAV
2015-11-29 21:17 - 2013-07-01 23:00 - 00000000 ____D C:\Program Files (x86)l
2015-11-29 21:17 - 2013-06-18 21:29 - 00000000 ____D C:\sources
2015-11-29 21:17 - 2012-10-12 04:24 - 00000000 ____D C:\SWSETUP
2015-11-29 21:16 - 2014-07-03 20:43 - 00000000 ____D C:\My Music
2015-11-29 21:16 - 2013-01-07 12:12 - 00000000 _RSHD C:\hp
2015-11-28 23:24 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-23 06:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-18 20:56 - 2015-10-06 19:48 - 00001048 _____ C:\Users\Jan\Desktop\nativelog.txt
2015-11-18 20:56 - 2015-10-03 14:43 - 00000000 ____D C:\Users\Jan\AppData\Roaming\.minecraft
2015-11-18 20:30 - 2015-10-01 13:15 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1003
2015-11-18 20:25 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-16 23:50 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration
2015-11-15 17:06 - 2014-12-20 16:57 - 00001959 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-13 22:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-12 23:13 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-12 21:39 - 2013-06-21 20:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 21:34 - 2013-08-27 20:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 21:29 - 2013-06-17 22:17 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 21:59 - 2014-11-29 17:24 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-08 10:34 - 2015-04-23 12:23 - 00000000 ___RD C:\Users\Ulla & Christian\Desktop\Spiele
2015-11-07 22:39 - 2013-06-17 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-07 18:16 - 2013-06-21 23:19 - 00000000 ____D C:\Program Files (x86)\Spiele

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-06-23 18:04 - 2006-07-18 08:49 - 0587249 _____ (MAGIX AG) C:\Program Files (x86)\addoninstall.exe
2013-06-23 18:04 - 2002-02-13 07:00 - 0022016 _____ (Borland Software Corporation) C:\Program Files (x86)\borlndmm.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 1500160 _____ (Borland Corporation) C:\Program Files (x86)\cc3260mt.dll
2013-06-23 18:04 - 2006-06-28 08:32 - 0004694 _____ () C:\Program Files (x86)\e-mode-upgradedialog.rtf
2013-06-23 18:04 - 2006-06-28 08:32 - 0004716 _____ () C:\Program Files (x86)\e-mode-upgradedlg-exit.rtf
2013-06-23 18:04 - 2013-06-23 18:04 - 0002885 _____ () C:\Program Files (x86)\e-mode.ini
2013-06-23 18:04 - 2006-06-28 09:55 - 0315392 _____ (MAGIX AG) C:\Program Files (x86)\eModeUpgradeDlg.dll
2013-06-23 18:04 - 2003-02-12 10:20 - 0028672 _____ () C:\Program Files (x86)\explore.exe
2013-06-23 18:04 - 2006-07-26 15:46 - 2442752 _____ (MAGIX) C:\Program Files (x86)\FotoClinic.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000707 _____ () C:\Program Files (x86)\FotoClinic.ini
2013-06-23 18:04 - 2013-06-23 18:04 - 0001138 _____ () C:\Program Files (x86)\Install.cfg
2013-06-23 18:04 - 2013-06-23 18:04 - 0040289 _____ () C:\Program Files (x86)\INSTALL.LOG
2013-06-23 18:04 - 2013-06-23 18:04 - 0006564 _____ () C:\Program Files (x86)\INSTALL1.LOG
2013-06-23 18:04 - 2006-07-17 09:58 - 0184320 _____ (MAGIX AG) C:\Program Files (x86)\instslct.exe
2013-06-23 18:04 - 2006-07-26 15:29 - 0100352 _____ () C:\Program Files (x86)\libpng.dll
2013-06-23 18:04 - 2005-06-16 08:43 - 0008980 _____ () C:\Program Files (x86)\license.txt
2013-06-23 18:04 - 2005-08-08 14:51 - 0786305 _____ () C:\Program Files (x86)\MAGIX Creation Logo.pdf
2013-06-23 18:04 - 2004-04-15 14:48 - 0032768 _____ () C:\Program Files (x86)\MagixUpdater.exe
2013-06-23 18:04 - 2006-04-25 09:27 - 0014810 _____ () C:\Program Files (x86)\order.rtf
2013-06-23 18:04 - 2005-03-04 17:51 - 0005509 _____ () C:\Program Files (x86)\pa.cnt
2013-06-23 18:04 - 2005-03-04 17:51 - 0361656 _____ () C:\Program Files (x86)\pa.hlp
2013-06-23 18:04 - 2006-07-26 15:46 - 0055296 _____ () C:\Program Files (x86)\palng.dll
2013-06-23 18:04 - 2006-07-26 15:45 - 0240128 _____ () C:\Program Files (x86)\pcomponents.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0018432 _____ () C:\Program Files (x86)\ps8bf.dll
2013-06-23 18:04 - 2013-06-23 18:04 - 0002757 _____ () C:\Program Files (x86)\register.rtf
2013-06-23 18:04 - 1999-12-10 12:00 - 0431376 _____ (Microsoft Corporation) C:\Program Files (x86)\riched20.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 0685056 _____ (Borland Software Corporation) C:\Program Files (x86)\rtl60.bpl
2013-06-23 18:04 - 2003-03-17 05:04 - 0618496 _____ () C:\Program Files (x86)\stlpmt45.dll
2013-06-23 18:04 - 2005-11-02 14:34 - 0016460 _____ () C:\Program Files (x86)\support.rtf
2013-06-23 18:04 - 2006-07-17 12:30 - 0129024 _____ () C:\Program Files (x86)\uninstall.exe
2013-06-23 18:04 - 2002-02-18 10:06 - 0006034 _____ () C:\Program Files (x86)\uninstall.ini
2013-06-23 18:04 - 2006-07-17 10:09 - 0081920 _____ (MAGIX AG) C:\Program Files (x86)\unwise.adf
2013-06-23 18:04 - 2006-07-17 10:10 - 0176128 _____ (MAGIX AG) C:\Program Files (x86)\unwise.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000723 _____ () C:\Program Files (x86)\unwise.ini
2013-06-23 18:04 - 2006-07-26 13:50 - 0139264 _____ () C:\Program Files (x86)\UpgradeInfo.exe
2013-06-23 18:04 - 2006-02-14 14:03 - 0024576 _____ (Magix AG) C:\Program Files (x86)\Validation.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000140 _____ () C:\Program Files (x86)\Validation.ini
2013-06-23 18:04 - 2002-02-13 07:00 - 1326080 _____ (Borland Software Corporation) C:\Program Files (x86)\vcl60.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0046080 _____ () C:\Program Files (x86)\zlib.dll
2015-11-30 13:54 - 2015-11-30 13:56 - 0000050 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2013-07-05 20:36 - 2015-11-29 21:25 - 0000462 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:23 - 2015-11-29 21:26 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2013-12-25 21:18 - 2015-10-20 22:01 - 0028256 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2013-12-25 21:14 - 2013-12-25 21:16 - 0028295 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
2013-10-20 11:29 - 2015-07-02 13:29 - 0005632 _____ () C:\Users\Ulla & Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-29 21:23 - 2015-11-29 21:34 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2013-12-10 20:40 - 2015-09-13 22:27 - 0007605 _____ () C:\Users\Ulla & Christian\AppData\Local\resmon.resmoncfg
2015-05-17 15:41 - 2015-05-17 15:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-29 21:21 - 2015-11-29 21:23 - 0006921 _____ () C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 0002401 _____ () C:\ProgramData\how_recover+yer.txt
2013-06-16 20:51 - 2013-06-16 20:51 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-07-10 21:31 - 2013-07-10 21:42 - 0020531 ____H () C:\ProgramData\R49LW

Einige Dateien in TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\avgnt.exe
C:\Users\Ulla & Christian\AppData\Local\Temp\avgnt.exe
C:\Users\Ulla & Christian\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-12-04 20:57

==================== Ende von FRST.txt ============================
         

Alt 05.12.2015, 21:16   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Virus hängt an alle Dateien .vvv - Standard

Virus hängt an alle Dateien .vvv




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.12.2015, 19:46   #11
chke
 
Virus hängt an alle Dateien .vvv - Standard

Virus hängt an alle Dateien .vvv



Hallo,

hier die log.txt von ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=548ce59711622748bfbd6c67bfc90ae2
# end=init
# utc_time=2015-12-06 01:52:48
# local_time=2015-12-06 02:52:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 27068
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=548ce59711622748bfbd6c67bfc90ae2
# end=updated
# utc_time=2015-12-06 02:04:49
# local_time=2015-12-06 03:04:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
         
Der Security-Check funktioniert anscheinend nicht. Schon beim Start wird gemeldet, dass das System den angegebenen Pfad nicht finden kann und ein Befehl entweder falsch geschrieben ist oder nicht gefunden werden kann.

Die abschließende checkup.txt ist leer.

Hier noch die FRST.txt:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
durchgeführt von Ulla & Christian (Administrator) auf PC (06-12-2015 20:40:37)
Gestartet von C:\Users\Ulla & Christian\Downloads
Geladene Profile: Ulla & Christian (Verfügbare Profile: Ulla & Christian & Jan)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(The OpenVPN Project) C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft) C:\Program Files (x86)\Microsoft AutoRoute 2013\StreetsOlkShim.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Wargaming St.Petersburg) C:\Program Files (x86)\Spiele\World of Warships\WorldOfWarships.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Ulla & Christian\Downloads\SecurityCheck.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard )
HKLM\...\Run: [Ocs_SM] => C:\Users\Ulla & Christian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [openvpn-gui] => C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpn-gui.exe [436776 2013-06-14] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\Sicherheit-Ordnung\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\...\RunOnce: [Adobe Speed Launcher] => 1449415797
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{82DFC5A4-518D-445C-A2B1-591A6747A3D5}: [DhcpNameServer] 192.168.103.1 192.168.103.20
Tcpip\..\Interfaces\{B56279DC-0CCA-4C4C-8F65-B5B765D59070}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-3876800203-89553269-3656360523-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {471E55EA-5870-4D06-85B1-087E723116A4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> {F2109080-1672-4F41-BDB0-B480859F3699} URL = hxxp://www.google.de/search?q={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3876800203-89553269-3656360523-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\Filme - Video\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Bilder\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3876800203-89553269-3656360523-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ulla & Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-10-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2010-07-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-10-12] (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.html [2015-11-29]
FF SearchPlugin: C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\searchplugins\how_recover+yer.txt [2015-11-29]
FF Extension: Shrunked Image Resizer - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\extensions\shrunked@darktrojan.net.xpi [2015-12-06]
FF Extension: Avira Browser Safety - C:\Users\Ulla & Christian\AppData\Roaming\Mozilla\Firefox\Profiles\7shvkqc1.default\Extensions\abs@avira.com [2015-11-29] [ist nicht signiert]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Sicherheit-Ordnung\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2015\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [Datei ist nicht signiert]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
S3 OpenVPNService; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 OpenVPNServiceInteractive; C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\bin\openvpnserv.exe [59432 2013-06-14] (The OpenVPN Project)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [Datei ist nicht signiert]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-12-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 MBAMService; "C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-04-27] () [Datei ist nicht signiert]
R2 ammntdrv; C:\windows\system32\ammntdrv.sys [151480 2013-04-27] () [Datei ist nicht signiert]
R2 amwrtdrv; C:\windows\system32\amwrtdrv.sys [17848 2013-02-06] () [Datei ist nicht signiert]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-06 20:40 - 2015-12-06 20:40 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\FRST-OlderVersion
2015-12-06 20:40 - 2015-12-06 20:40 - 00000000 ____D C:\FRST
2015-12-06 20:26 - 2015-12-06 20:26 - 00852771 _____ C:\Users\Ulla & Christian\Downloads\SecurityCheck.exe
2015-12-06 14:51 - 2015-12-06 14:51 - 02870984 _____ (ESET) C:\Users\Ulla & Christian\Downloads\esetsmartinstaller_deu.exe
2015-12-05 22:50 - 2015-12-05 22:50 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(4).exe
2015-12-04 20:53 - 2015-12-04 20:53 - 00001049 _____ C:\Users\Ulla & Christian\Desktop\JRT.txt
2015-12-04 20:50 - 2015-12-04 20:50 - 01599336 _____ (Malwarebytes) C:\Users\Ulla & Christian\Downloads\JRT.exe
2015-12-04 20:34 - 2015-12-04 20:36 - 00000000 ____D C:\AdwCleaner
2015-12-04 20:31 - 2015-12-04 20:31 - 01736704 _____ C:\Users\Ulla & Christian\Downloads\AdwCleaner_5.023.exe
2015-12-04 19:57 - 2015-12-04 19:57 - 00001123 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-12-04 19:57 - 2015-12-04 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-12-04 19:57 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-04 19:57 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-04 19:15 - 2015-12-04 19:16 - 22908888 _____ (Malwarebytes ) C:\Users\Ulla & Christian\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-02 13:49 - 2015-12-02 13:49 - 00294272 _____ C:\WINDOWS\Minidump\120215-20734-01.dmp
2015-12-02 13:21 - 2015-12-02 13:51 - 00000000 ____D C:\Program Files\Recuva
2015-12-02 13:21 - 2015-12-02 13:21 - 00001679 _____ C:\Users\Public\Desktop\Recuva.lnk
2015-12-02 13:21 - 2015-12-02 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-12-02 13:14 - 2015-12-02 13:20 - 04426120 _____ (Piriform Ltd) C:\Users\Ulla & Christian\Downloads\rcsetup152.exe
2015-12-02 13:07 - 2015-12-02 13:07 - 00380416 _____ C:\Users\Ulla & Christian\Downloads\Gmer-19357.exe
2015-12-01 22:13 - 2015-12-01 22:16 - 00235860 _____ C:\TDSSKiller.3.1.0.7_01.12.2015_22.13.25_log.txt
2015-12-01 22:12 - 2015-12-01 22:12 - 00000560 _____ C:\TDSSKiller.3.1.0.7_01.12.2015_22.12.00_log.txt
2015-12-01 22:11 - 2015-12-01 22:11 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\Ulla & Christian\Downloads\tdsskiller.exe
2015-12-01 21:28 - 2015-12-01 21:28 - 00001093 _____ C:\Users\Ulla & Christian\Desktop\mbar.lnk
2015-12-01 21:10 - 2015-12-01 21:10 - 00001301 _____ C:\Users\Ulla & Christian\Downloads\mbar-1.09.3.1001.exe - Verknüpfung.lnk
2015-12-01 20:42 - 2015-12-01 20:42 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-01 20:37 - 2015-12-01 20:37 - 00292976 _____ C:\WINDOWS\Minidump\120115-23468-01.dmp
2015-12-01 15:44 - 2015-12-01 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-01 15:29 - 2015-12-01 15:29 - 00296856 _____ C:\WINDOWS\Minidump\120115-29140-01.dmp
2015-12-01 15:28 - 2015-12-02 13:49 - 563044145 _____ C:\WINDOWS\MEMORY.DMP
2015-12-01 11:06 - 2015-12-01 11:08 - 00001256 _____ C:\Users\Ulla & Christian\Desktop\FRST64.lnk
2015-12-01 00:11 - 2015-12-01 00:11 - 00000000 _____ C:\Users\Ulla & Christian\defogger_reenable
2015-12-01 00:10 - 2015-12-01 00:10 - 00050477 _____ C:\Users\Ulla & Christian\Downloads\Defogger.exe
2015-11-30 23:21 - 2015-12-04 20:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 23:21 - 2015-12-04 20:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-30 23:21 - 2015-12-04 19:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-30 23:19 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-30 23:18 - 2015-11-30 23:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Ulla & Christian\Downloads\mbar-1.09.3.1001.exe
2015-11-30 23:06 - 2015-12-01 11:11 - 00059415 _____ C:\Users\Ulla & Christian\Downloads\Addition.txt
2015-11-30 23:05 - 2015-12-06 20:40 - 00023860 _____ C:\Users\Ulla & Christian\Downloads\FRST.txt
2015-11-30 23:02 - 2015-12-06 20:40 - 02369024 _____ (Farbar) C:\Users\Ulla & Christian\Downloads\FRST64.exe
2015-11-30 13:54 - 2015-11-30 13:56 - 00000050 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2015-11-30 13:54 - 2015-11-30 13:55 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-29 22:45 - 2015-11-29 22:45 - 00024261 _____ C:\Users\Ulla & Christian\Downloads\RX_151129_Bestellbestaetigung_VID3_2245.pdf
2015-11-29 21:46 - 2015-11-29 21:46 - 00006921 _____ C:\WINDOWS\Tasks\how_recover+yer.html
2015-11-29 21:46 - 2015-11-29 21:46 - 00002401 _____ C:\WINDOWS\Tasks\how_recover+yer.txt
2015-11-29 21:45 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\how_recover+yer.html
2015-11-29 21:45 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\Documents\how_recover+yer.txt
2015-11-29 21:33 - 2015-11-29 21:33 - 00006921 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.html
2015-11-29 21:33 - 2015-11-29 21:33 - 00002401 _____ C:\Users\Ulla & Christian\Downloads\how_recover+yer.txt
2015-11-29 21:26 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.html
2015-11-29 21:26 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:45 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:45 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00006921 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.html
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+yer.txt
2015-11-29 21:25 - 2015-11-29 21:25 - 00002401 _____ C:\Users\Ulla & Christian\AppData\LocalLow\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:34 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:26 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Downloads\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Ulla & Christian\AppData\Local\Apps\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\how_recover+yer.txt
2015-11-29 21:23 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Downloads\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\Users\Public\Documents\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00006921 _____ C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\Users\Public\Documents\how_recover+yer.txt
2015-11-29 21:21 - 2015-11-29 21:23 - 00002401 _____ C:\ProgramData\how_recover+yer.txt
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-29 21:19 - 2015-11-29 21:19 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-11-29 21:18 - 2015-11-29 21:18 - 01466656 _____ C:\Users\Ulla & Christian\Downloads\7 Zip 32 Bit - CHIP-Installer.exe
2015-11-29 21:16 - 2015-11-29 21:26 - 00000670 _____ C:\Users\Ulla & Christian\Documents\recover_file_jkvrflnqu.txt.vvv
2015-11-28 23:24 - 2015-11-28 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-11-28 23:22 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-11-28 23:22 - 2015-10-22 17:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 17:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-11-28 23:22 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-11-28 23:22 - 2015-10-22 15:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-11-28 23:22 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-11-28 23:22 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-11-28 23:22 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-11-28 23:22 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-11-28 23:21 - 2015-10-11 07:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-11-28 23:21 - 2015-10-11 07:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-11-28 23:21 - 2015-10-11 07:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-11-28 23:21 - 2015-10-10 19:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-11-28 23:21 - 2015-10-10 19:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2015-11-28 23:21 - 2015-10-10 18:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-11-28 23:21 - 2015-10-08 17:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-11-28 23:21 - 2015-10-08 16:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-11-28 23:21 - 2015-10-05 19:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-11-28 23:21 - 2015-10-05 19:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-28 23:21 - 2015-10-03 20:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-11-28 23:21 - 2015-10-03 20:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-11-28 23:21 - 2015-09-28 19:31 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-11-28 23:21 - 2015-09-28 19:24 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-11-28 23:21 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-11-28 23:21 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-11-28 22:23 - 2015-11-28 22:23 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(3).exe
2015-11-25 23:20 - 2015-11-25 23:23 - 88173384 _____ (Buhl Data Service GmbH) C:\Users\Ulla & Christian\Downloads\WISOFinanz2016.exe
2015-11-23 07:26 - 2015-11-29 21:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\DataDesign
2015-11-22 17:53 - 2015-11-22 17:54 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(2).exe
2015-11-18 20:20 - 2015-11-18 20:20 - 00000000 ____D C:\Users\Jan\AppData\Roaming\HpUpdate
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-15 17:06 - 2015-11-15 17:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-10 19:37 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 19:37 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 19:37 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-10 19:37 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 19:37 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-10 19:37 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 19:37 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 19:37 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-10 19:37 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-10 19:37 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-10 19:37 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-10 19:37 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-10 19:37 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 19:37 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-10 19:37 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-10 19:37 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 19:37 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-10 19:35 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-10 19:35 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-10 19:35 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-10 19:35 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-10 19:35 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-10 19:35 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-10 19:35 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 19:35 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 19:35 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-10 19:35 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-10 19:35 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-10 19:35 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 19:35 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 19:35 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-10 19:35 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-10 19:35 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-10 19:35 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-10 19:35 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-10 19:35 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-10 19:35 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-10 19:35 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-10 19:35 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-10 19:35 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-10 19:35 - 2015-09-29 13:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-10 19:35 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-10 19:35 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-10 19:35 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-10 19:35 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-10 19:35 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-10 19:35 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-10 19:35 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-10 19:30 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-10 19:30 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-10 19:30 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-10 19:30 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-10 19:30 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-10 19:30 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-07 18:17 - 2015-11-07 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-11-07 18:14 - 2015-11-07 18:14 - 07369576 _____ (Wargaming.net ) C:\Users\Ulla & Christian\Downloads\WoWS_internet_install_eu.exe
2015-11-07 15:58 - 2015-11-07 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 12:48 - 2015-11-06 12:49 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\Ulla & Christian\Downloads\CitrixOnlinePluginWeb(1).exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-06 20:40 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-06 19:59 - 2013-09-12 20:04 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-05 15:05 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-04 21:21 - 2013-06-21 22:06 - 00000000 ____D C:\Program Files (x86)\Sicherheit-Ordnung
2015-12-04 20:57 - 2013-06-16 20:58 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1001
2015-12-04 20:45 - 2014-09-24 07:17 - 01989598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-04 20:45 - 2014-09-24 06:43 - 00844836 _____ C:\WINDOWS\system32\perfh007.dat
2015-12-04 20:45 - 2014-09-24 06:43 - 00192568 _____ C:\WINDOWS\system32\perfc007.dat
2015-12-04 20:38 - 2014-11-27 07:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-04 20:38 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-04 20:36 - 2014-11-17 00:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks
2015-12-04 20:25 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2015-12-02 17:25 - 2014-11-27 07:27 - 00000000 ____D C:\Users\Ulla & Christian
2015-12-02 17:19 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MediaMonkey
2015-12-02 13:49 - 2015-03-08 14:44 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-01 21:12 - 2014-11-27 07:27 - 00000000 ____D C:\Users\Jan
2015-12-01 20:42 - 2014-11-17 00:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-01 15:44 - 2015-05-07 21:02 - 00002274 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-12-01 15:43 - 2013-06-23 17:57 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-12-01 15:43 - 2013-06-23 17:57 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-12-01 15:43 - 2013-06-23 17:57 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-12-01 15:43 - 2013-06-23 17:57 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-11-30 23:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-11-30 23:45 - 2013-08-22 15:44 - 00505968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-30 23:44 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-30 13:55 - 2014-11-27 07:18 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing
2015-11-29 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-11-29 21:45 - 2014-08-31 18:37 - 00000000 ___RD C:\Users\Ulla & Christian\SkyDrive
2015-11-29 21:45 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\VirtualStore
2015-11-29 21:34 - 2015-09-03 14:21 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner (2)
2015-11-29 21:34 - 2015-04-04 14:47 - 00000000 ____D C:\Users\Ulla & Christian\Neuer Ordner
2015-11-29 21:34 - 2013-10-05 10:52 - 00000000 ___RD C:\Users\Ulla & Christian\Dropbox
2015-11-29 21:34 - 2013-06-25 13:22 - 00000000 ____D C:\Users\Ulla & Christian\Mozilla Thunderbird
2015-11-29 21:33 - 2015-11-01 22:19 - 00392270 _____ C:\Users\Ulla & Christian\Downloads\10984200_908781199162434_4585968420000991718_o.jpg.vvv
2015-11-29 21:33 - 2015-10-28 22:39 - 00113870 _____ C:\Users\Ulla & Christian\Downloads\ZIAUFEIN_gquatybzpgcfmcaexqtkhxyk6abcs.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:31 - 00020558 _____ C:\Users\Ulla & Christian\Downloads\_14576829_KuendigungsbestaetigungneuerLieferant_20151027_408d6e5b9a03c91b25785313609ad7d0.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:24 - 00021150 _____ C:\Users\Ulla & Christian\Downloads\_122679474_KuendigungsbestaetigungneuerLieferant_20151027_16f7742108956c86b068dca1a61d62c6.pdf.vvv
2015-11-29 21:33 - 2015-10-28 22:20 - 00566430 _____ C:\Users\Ulla & Christian\Downloads\005056881A0F1EE59F995BDDE2AF0EF0.pdf.vvv
2015-11-29 21:33 - 2015-10-25 12:55 - 01781646 _____ C:\Users\Ulla & Christian\Downloads\Ahnenblatt-Handbuch.pdf.vvv
2015-11-29 21:33 - 2015-09-28 21:21 - 00451534 _____ C:\Users\Ulla & Christian\Downloads\320.pdf.vvv
2015-11-29 21:33 - 2015-09-20 20:07 - 00313454 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Preisinformation_20150908_005df263fe16be59a1e07e1fd8a76672.pdf.vvv
2015-11-29 21:33 - 2015-09-13 12:54 - 00122526 _____ C:\Users\Ulla & Christian\Downloads\2390_499_1.PDF.vvv
2015-11-29 21:33 - 2015-09-13 12:32 - 00114462 _____ C:\Users\Ulla & Christian\Downloads\2390_493_1.PDF.vvv
2015-11-29 21:33 - 2015-08-15 23:11 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Lacey
2015-11-29 21:33 - 2015-08-15 22:19 - 09891454 _____ C:\Users\Ulla & Christian\Downloads\freemusicdownloader_1-59.zip.vvv
2015-11-29 21:33 - 2015-05-17 20:41 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721(1).pdf.vvv
2015-11-29 21:33 - 2015-05-17 20:38 - 00030910 _____ C:\Users\Ulla & Christian\Downloads\RS9823838721.pdf.vvv
2015-11-29 21:33 - 2015-04-11 15:42 - 00178222 _____ C:\Users\Ulla & Christian\Downloads\rlmpdf.pdf.vvv
2015-11-29 21:33 - 2015-03-06 20:40 - 00984990 _____ C:\Users\Ulla & Christian\Downloads\Bedarfsfeldbroschuere_Vermoegen_anlegen_VR.pdf.vvv
2015-11-29 21:33 - 2015-01-09 23:24 - 01414318 _____ C:\Users\Ulla & Christian\Downloads\Syno_QIG_2bay2_deu.pdf.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 30247390 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_110114.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:27 - 11537854 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_V1_Utility99.zip.vvv
2015-11-29 21:33 - 2014-12-26 20:26 - 21632238 _____ C:\Users\Ulla & Christian\Downloads\TL-WN851ND_v1_110825.zip.vvv
2015-11-29 21:33 - 2014-12-21 14:12 - 00027790 _____ C:\Users\Ulla & Christian\Downloads\RX_141221_Bestellbestaetigung_VID616_1412.pdf.vvv
2015-11-29 21:33 - 2014-11-23 21:39 - 00039278 _____ C:\Users\Ulla & Christian\Downloads\_14576829_Lieferbestaetigung_20141121_df4db33247be1b6428d8ec0eb7955911.pdf.vvv
2015-11-29 21:33 - 2014-10-25 22:41 - 00000000 ____D C:\Users\Ulla & Christian\Downloads\Gameforge Live
2015-11-29 21:33 - 2014-08-03 12:06 - 00225342 _____ C:\Users\Ulla & Christian\Downloads\testresultate_farbspruehgeraete.pdf.vvv
2015-11-29 21:33 - 2014-07-28 19:47 - 00916606 _____ C:\Users\Ulla & Christian\Downloads\flexibrass.pdf.vvv
2015-11-29 21:33 - 2014-05-27 19:08 - 00342942 _____ C:\Users\Ulla & Christian\Downloads\IMM1294E.PDF.vvv
2015-11-29 21:33 - 2014-05-27 18:54 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent(1).pdf.vvv
2015-11-29 21:33 - 2014-05-10 14:46 - 00239358 _____ C:\Users\Ulla & Christian\Downloads\document.pdf.vvv
2015-11-29 21:33 - 2014-05-04 12:08 - 01053998 _____ C:\Users\Ulla & Christian\Downloads\custodian-parent.pdf.vvv
2015-11-29 21:33 - 2014-02-13 22:20 - 00078174 _____ C:\Users\Ulla & Christian\Downloads\identificationAstIdent.PDF.vvv
2015-11-29 21:33 - 2013-12-21 20:55 - 00001150 _____ C:\Users\Ulla & Christian\Downloads\umsatz-5232________0800-20131221.csv.vvv
2015-11-29 21:33 - 2013-12-01 19:02 - 00000000 ____D C:\Users\Ulla & Christian\Documents\SelfMV
2015-11-29 21:33 - 2013-10-05 20:18 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister
2015-11-29 21:33 - 2013-07-25 15:22 - 00000000 ___RD C:\Users\Ulla & Christian\Documents\Scanned Documents
2015-11-29 21:33 - 2013-07-12 21:07 - 00509358 _____ C:\Users\Ulla & Christian\Downloads\15875_1373659579.pdf.vvv
2015-11-29 21:33 - 2013-07-12 21:05 - 00103934 _____ C:\Users\Ulla & Christian\Downloads\versicherungsbedingungen_indiv_praktikum.pdf.vvv
2015-11-29 21:33 - 2013-07-03 22:32 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Volition
2015-11-29 21:33 - 2013-06-30 13:26 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Turbo Lister Backup
2015-11-29 21:33 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\Documents\WISO Mein Geld
2015-11-29 21:33 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\Documents\samsung
2015-11-29 21:26 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Skype
2015-11-29 21:26 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\Documents\My Games
2015-11-29 21:26 - 2013-07-25 15:22 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Fax
2015-11-29 21:26 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Amazon MP3
2015-11-29 21:26 - 2013-07-05 20:19 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\vlc
2015-11-29 21:26 - 2013-07-05 20:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WebApp
2015-11-29 21:26 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\Documents\CyberLink
2015-11-29 21:26 - 2013-07-02 22:05 - 00000000 ____D C:\Users\Ulla & Christian\Documents\default
2015-11-29 21:26 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Thunderbird
2015-11-29 21:26 - 2013-06-22 08:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Wargaming.net
2015-11-29 21:26 - 2013-06-21 22:14 - 00000000 ____D C:\Users\Ulla & Christian\Bilder
2015-11-29 21:26 - 2013-06-18 01:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\WinBatch
2015-11-29 21:26 - 2013-06-17 13:03 - 00000000 ____D C:\Users\Ulla & Christian\Documents\Ahnenblatt
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.system.package.metadata
2015-11-29 21:26 - 2013-06-16 20:50 - 00000000 ___HD C:\Users\Ulla & Christian\Documents\hp.applications.package.appdata
2015-11-29 21:25 - 2015-11-03 13:41 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\MyPhoneExplorer
2015-11-29 21:25 - 2015-10-25 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
2015-11-29 21:25 - 2015-05-17 15:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Hewlett-Packard
2015-11-29 21:25 - 2015-05-17 15:42 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\HpUpdate
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\java
2015-11-29 21:25 - 2014-12-25 23:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\.minecraft
2015-11-29 21:25 - 2014-12-24 22:48 - 00000000 __SHD C:\Users\Ulla & Christian\AppData\LocalLow\EmieSiteList
2015-11-29 21:25 - 2014-12-13 11:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\hpqLog
2015-11-29 21:25 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera Software
2015-11-29 21:25 - 2014-09-24 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Temp
2015-11-29 21:25 - 2014-08-17 16:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Skype
2015-11-29 21:25 - 2014-02-02 11:21 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-11-29 21:25 - 2013-12-22 18:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Sun
2015-11-29 21:25 - 2013-10-05 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ArcSoft
2015-11-29 21:25 - 2013-10-05 10:49 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-29 21:25 - 2013-10-05 10:48 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Dropbox
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2015-11-29 21:25 - 2013-09-25 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\WarThunder
2015-11-29 21:25 - 2013-09-01 20:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Leadertech
2015-11-29 21:25 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\ICAClient
2015-11-29 21:25 - 2013-08-26 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Sophos
2015-11-29 21:25 - 2013-08-26 19:50 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2015-11-29 21:25 - 2013-08-09 18:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2015-11-29 21:25 - 2013-08-07 20:57 - 00000000 __RHD C:\Users\Ulla & Christian\AppData\Roaming\SecuROM
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Amazon
2015-11-29 21:25 - 2013-07-25 12:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Program Files
2015-11-29 21:25 - 2013-07-10 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging
2015-11-29 21:25 - 2013-07-10 21:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Lasersoft Imaging
2015-11-29 21:25 - 2013-07-05 20:39 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Media Player Classic
2015-11-29 21:25 - 2013-07-05 20:36 - 00000462 _____ C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:25 - 2013-07-05 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\dvdcss
2015-11-29 21:25 - 2013-07-05 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Windows Live
2015-11-29 21:25 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\CyberLink
2015-11-29 21:25 - 2013-07-05 19:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Mozilla
2015-11-29 21:25 - 2013-07-03 22:40 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wing Commander Saga
2015-11-29 21:25 - 2013-07-03 22:24 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiele
2015-11-29 21:25 - 2013-07-02 22:15 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\AVS4YOU
2015-11-29 21:25 - 2013-07-02 22:01 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ashampoo
2015-11-29 21:25 - 2013-07-02 06:37 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canon
2015-11-29 21:25 - 2013-07-01 22:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\LocalLow\Adobe
2015-11-29 21:25 - 2013-06-23 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Thunderbird
2015-11-29 21:25 - 2013-06-23 20:27 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-11-29 21:25 - 2013-06-23 18:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Avira
2015-11-29 21:25 - 2013-06-23 17:55 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Canneverbe Limited
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service GmbH
2015-11-29 21:25 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Buhl Data Service
2015-11-29 21:25 - 2013-06-19 21:22 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\NVIDIA
2015-11-29 21:25 - 2013-06-18 13:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Microsoft Web Folders
2015-11-29 21:25 - 2013-06-17 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Opera
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Samsung
2015-11-29 21:25 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Samsung
2015-11-29 21:25 - 2013-06-17 13:02 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Ahnenblatt
2015-11-29 21:25 - 2013-06-16 21:38 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Macromedia
2015-11-29 21:25 - 2013-06-16 20:53 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Adobe
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Roaming\Hewlett-Packard
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Power2Go8
2015-11-29 21:25 - 2013-06-16 20:51 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Packages
2015-11-29 21:24 - 2014-11-17 00:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Opera Software
2015-11-29 21:24 - 2013-06-21 20:57 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Microsoft Help
2015-11-29 21:24 - 2013-06-17 22:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Mozilla
2015-11-29 21:23 - 2015-11-03 13:42 - 00000000 ____D C:\Users\Ulla & Christian\.android
2015-11-29 21:23 - 2015-06-09 21:46 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\GWX
2015-11-29 21:23 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\Visan
2015-11-29 21:23 - 2015-01-10 22:40 - 00000000 ____D C:\ProgramData\Synology
2015-11-29 21:23 - 2014-11-27 07:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-29 21:23 - 2014-11-17 00:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-29 21:23 - 2014-08-31 18:37 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-11-29 21:23 - 2014-08-17 16:22 - 00000000 ____D C:\ProgramData\Skype
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Sun
2015-11-29 21:23 - 2013-12-22 18:26 - 00000000 ____D C:\ProgramData\Oracle
2015-11-29 21:23 - 2013-11-14 20:02 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-11-29 21:23 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\tmp
2015-11-29 21:23 - 2013-10-03 19:03 - 00000000 ____D C:\Users\Ulla & Christian\2013_10_03
2015-11-29 21:23 - 2013-09-25 20:16 - 00000000 ____D C:\ProgramData\WarThunder
2015-11-29 21:23 - 2013-09-25 20:13 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Gameforge4d
2015-11-29 21:23 - 2013-09-01 20:05 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech® Webcam-Software
2015-11-29 21:23 - 2013-08-27 20:03 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Citrix
2015-11-29 21:23 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-29 21:23 - 2013-07-12 20:34 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Apps\2.0
2015-11-29 21:23 - 2013-07-05 20:06 - 00000000 ____D C:\Users\Public\CyberLink
2015-11-29 21:23 - 2013-07-04 20:16 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Logitech
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\DFH
2015-11-29 21:23 - 2013-07-03 22:25 - 00000000 ____D C:\Users\Public\Documents\Softwrap
2015-11-29 21:23 - 2013-07-02 22:00 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ashampoo
2015-11-29 21:23 - 2013-07-02 06:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP
2015-11-29 21:23 - 2013-06-30 15:28 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\HP Quick Start
2015-11-29 21:23 - 2013-06-23 18:11 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\ArcSoft
2015-11-29 21:23 - 2013-06-23 12:08 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Buhl Data Service
2015-11-29 21:23 - 2013-06-23 11:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Macromedia
2015-11-29 21:23 - 2013-06-17 22:27 - 00000000 ____D C:\ProgramData\Mozilla
2015-11-29 21:23 - 2013-06-17 21:59 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Google
2015-11-29 21:23 - 2013-06-17 21:54 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\MediaMonkey
2015-11-29 21:23 - 2013-06-17 21:43 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-11-29 21:23 - 2013-06-17 21:33 - 00000000 ____D C:\ProgramData\Samsung
2015-11-29 21:23 - 2013-06-17 21:31 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Downloaded Installations
2015-11-29 21:23 - 2013-06-17 21:30 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Adobe
2015-11-29 21:23 - 2013-06-16 21:18 - 00000000 ____D C:\Users\Ulla & Christian\AppData\Local\Hewlett-Packard
2015-11-29 21:23 - 2013-06-16 20:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\Users\Public\Symantec
2015-11-29 21:23 - 2013-01-12 06:38 - 00000000 ____D C:\ProgramData\Norton
2015-11-29 21:23 - 2013-01-12 06:37 - 00000000 ____D C:\ProgramData\NortonInstaller
2015-11-29 21:23 - 2013-01-12 06:36 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2015-11-29 21:23 - 2013-01-12 06:23 - 00000000 ____D C:\ProgramData\Temp
2015-11-29 21:23 - 2013-01-12 06:14 - 00000000 ____D C:\ProgramData\SoundResearch
2015-11-29 21:23 - 2012-08-10 16:06 - 00000000 ____D C:\ProgramData\PRICache
2015-11-29 21:23 - 2010-01-25 22:35 - 00000000 ___DC C:\ProgramData\Mozilla Thunderbird
2015-11-29 21:22 - 2015-05-17 15:43 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-11-29 21:22 - 2015-05-17 15:41 - 00000000 ____D C:\ProgramData\HP
2015-11-29 21:22 - 2014-12-20 16:57 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-11-29 21:22 - 2013-11-26 07:45 - 00000000 ____D C:\ProgramData\McAfee
2015-11-29 21:22 - 2013-11-10 17:07 - 00000000 ____D C:\ProgramData\hps
2015-11-29 21:22 - 2013-09-01 21:25 - 00000000 ____D C:\ProgramData\FLEXnet
2015-11-29 21:22 - 2013-09-01 20:00 - 00000000 ____D C:\ProgramData\LogiShrd
2015-11-29 21:22 - 2013-07-03 22:32 - 00000000 ____D C:\ProgramData\InstallMate
2015-11-29 21:22 - 2013-06-23 18:07 - 00000000 ____D C:\ProgramData\eBay
2015-11-29 21:22 - 2013-06-21 22:16 - 00000000 ____D C:\ProgramData\MediaMonkey
2015-11-29 21:22 - 2013-01-12 06:25 - 00000000 ____D C:\ProgramData\install_clap
2015-11-29 21:22 - 2013-01-12 06:19 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-29 21:21 - 2015-01-10 19:07 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2015-11-29 21:21 - 2014-11-27 08:00 - 00000000 ____D C:\ProgramData\AmUStor
2015-11-29 21:21 - 2013-08-27 20:03 - 00000000 ____D C:\ProgramData\Citrix
2015-11-29 21:21 - 2013-07-02 22:20 - 00000000 ____D C:\ProgramData\AomeiBR
2015-11-29 21:21 - 2013-07-02 22:00 - 00000000 ____D C:\ProgramData\Ashampoo
2015-11-29 21:21 - 2013-07-02 06:37 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-11-29 21:21 - 2013-07-01 20:47 - 00000000 ____D C:\ProgramData\Adobe
2015-11-29 21:21 - 2013-06-23 20:30 - 00000000 ____D C:\ProgramData\AVS4YOU
2015-11-29 21:21 - 2013-06-23 18:11 - 00000000 ____D C:\ProgramData\ArcSoft
2015-11-29 21:21 - 2013-06-23 17:57 - 00000000 ____D C:\ProgramData\Avira
2015-11-29 21:21 - 2013-06-23 17:55 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2015-11-29 21:21 - 2013-06-23 11:35 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-29 21:21 - 2013-01-12 06:26 - 00000000 ____D C:\ProgramData\Apple
2015-11-29 21:18 - 2012-10-12 04:21 - 00000000 _RSHD C:\SYSTEM.SAV
2015-11-29 21:17 - 2013-07-01 23:00 - 00000000 ____D C:\Program Files (x86)l
2015-11-29 21:17 - 2013-06-18 21:29 - 00000000 ____D C:\sources
2015-11-29 21:17 - 2012-10-12 04:24 - 00000000 ____D C:\SWSETUP
2015-11-29 21:16 - 2014-07-03 20:43 - 00000000 ____D C:\My Music
2015-11-29 21:16 - 2013-01-07 12:12 - 00000000 _RSHD C:\hp
2015-11-28 23:24 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-23 06:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-18 20:56 - 2015-10-06 19:48 - 00001048 _____ C:\Users\Jan\Desktop\nativelog.txt
2015-11-18 20:56 - 2015-10-03 14:43 - 00000000 ____D C:\Users\Jan\AppData\Roaming\.minecraft
2015-11-18 20:30 - 2015-10-01 13:15 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876800203-89553269-3656360523-1003
2015-11-18 20:25 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-16 23:50 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration
2015-11-15 17:06 - 2014-12-20 16:57 - 00001959 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-13 22:18 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-12 23:13 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-12 21:39 - 2013-06-21 20:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 21:34 - 2013-08-27 20:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-12 21:29 - 2013-06-17 22:17 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 21:59 - 2014-11-29 17:24 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-08 10:34 - 2015-04-23 12:23 - 00000000 ___RD C:\Users\Ulla & Christian\Desktop\Spiele
2015-11-07 22:39 - 2013-06-17 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-07 18:16 - 2013-06-21 23:19 - 00000000 ____D C:\Program Files (x86)\Spiele

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-06-23 18:04 - 2006-07-18 08:49 - 0587249 _____ (MAGIX AG) C:\Program Files (x86)\addoninstall.exe
2013-06-23 18:04 - 2002-02-13 07:00 - 0022016 _____ (Borland Software Corporation) C:\Program Files (x86)\borlndmm.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 1500160 _____ (Borland Corporation) C:\Program Files (x86)\cc3260mt.dll
2013-06-23 18:04 - 2006-06-28 08:32 - 0004694 _____ () C:\Program Files (x86)\e-mode-upgradedialog.rtf
2013-06-23 18:04 - 2006-06-28 08:32 - 0004716 _____ () C:\Program Files (x86)\e-mode-upgradedlg-exit.rtf
2013-06-23 18:04 - 2013-06-23 18:04 - 0002885 _____ () C:\Program Files (x86)\e-mode.ini
2013-06-23 18:04 - 2006-06-28 09:55 - 0315392 _____ (MAGIX AG) C:\Program Files (x86)\eModeUpgradeDlg.dll
2013-06-23 18:04 - 2003-02-12 10:20 - 0028672 _____ () C:\Program Files (x86)\explore.exe
2013-06-23 18:04 - 2006-07-26 15:46 - 2442752 _____ (MAGIX) C:\Program Files (x86)\FotoClinic.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000707 _____ () C:\Program Files (x86)\FotoClinic.ini
2013-06-23 18:04 - 2013-06-23 18:04 - 0001138 _____ () C:\Program Files (x86)\Install.cfg
2013-06-23 18:04 - 2013-06-23 18:04 - 0040289 _____ () C:\Program Files (x86)\INSTALL.LOG
2013-06-23 18:04 - 2013-06-23 18:04 - 0006564 _____ () C:\Program Files (x86)\INSTALL1.LOG
2013-06-23 18:04 - 2006-07-17 09:58 - 0184320 _____ (MAGIX AG) C:\Program Files (x86)\instslct.exe
2013-06-23 18:04 - 2006-07-26 15:29 - 0100352 _____ () C:\Program Files (x86)\libpng.dll
2013-06-23 18:04 - 2005-06-16 08:43 - 0008980 _____ () C:\Program Files (x86)\license.txt
2013-06-23 18:04 - 2005-08-08 14:51 - 0786305 _____ () C:\Program Files (x86)\MAGIX Creation Logo.pdf
2013-06-23 18:04 - 2004-04-15 14:48 - 0032768 _____ () C:\Program Files (x86)\MagixUpdater.exe
2013-06-23 18:04 - 2006-04-25 09:27 - 0014810 _____ () C:\Program Files (x86)\order.rtf
2013-06-23 18:04 - 2005-03-04 17:51 - 0005509 _____ () C:\Program Files (x86)\pa.cnt
2013-06-23 18:04 - 2005-03-04 17:51 - 0361656 _____ () C:\Program Files (x86)\pa.hlp
2013-06-23 18:04 - 2006-07-26 15:46 - 0055296 _____ () C:\Program Files (x86)\palng.dll
2013-06-23 18:04 - 2006-07-26 15:45 - 0240128 _____ () C:\Program Files (x86)\pcomponents.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0018432 _____ () C:\Program Files (x86)\ps8bf.dll
2013-06-23 18:04 - 2013-06-23 18:04 - 0002757 _____ () C:\Program Files (x86)\register.rtf
2013-06-23 18:04 - 1999-12-10 12:00 - 0431376 _____ (Microsoft Corporation) C:\Program Files (x86)\riched20.dll
2013-06-23 18:04 - 2003-03-17 05:04 - 0685056 _____ (Borland Software Corporation) C:\Program Files (x86)\rtl60.bpl
2013-06-23 18:04 - 2003-03-17 05:04 - 0618496 _____ () C:\Program Files (x86)\stlpmt45.dll
2013-06-23 18:04 - 2005-11-02 14:34 - 0016460 _____ () C:\Program Files (x86)\support.rtf
2013-06-23 18:04 - 2006-07-17 12:30 - 0129024 _____ () C:\Program Files (x86)\uninstall.exe
2013-06-23 18:04 - 2002-02-18 10:06 - 0006034 _____ () C:\Program Files (x86)\uninstall.ini
2013-06-23 18:04 - 2006-07-17 10:09 - 0081920 _____ (MAGIX AG) C:\Program Files (x86)\unwise.adf
2013-06-23 18:04 - 2006-07-17 10:10 - 0176128 _____ (MAGIX AG) C:\Program Files (x86)\unwise.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000723 _____ () C:\Program Files (x86)\unwise.ini
2013-06-23 18:04 - 2006-07-26 13:50 - 0139264 _____ () C:\Program Files (x86)\UpgradeInfo.exe
2013-06-23 18:04 - 2006-02-14 14:03 - 0024576 _____ (Magix AG) C:\Program Files (x86)\Validation.exe
2013-06-23 18:04 - 2013-06-23 18:04 - 0000140 _____ () C:\Program Files (x86)\Validation.ini
2013-06-23 18:04 - 2002-02-13 07:00 - 1326080 _____ (Borland Software Corporation) C:\Program Files (x86)\vcl60.bpl
2013-06-23 18:04 - 2006-07-26 15:29 - 0046080 _____ () C:\Program Files (x86)\zlib.dll
2015-11-30 13:54 - 2015-11-30 13:56 - 0000050 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u
2013-07-05 20:36 - 2015-11-29 21:25 - 0000462 _____ () C:\Users\Ulla & Christian\AppData\Roaming\AVSDVDPlayer.m3u.vvv
2015-11-29 21:23 - 2015-11-29 21:26 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:26 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Roaming\how_recover+yer.txt
2013-12-25 21:18 - 2015-10-20 22:01 - 0028256 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2013-12-25 21:14 - 2013-12-25 21:16 - 0028295 _____ () C:\Users\Ulla & Christian\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
2013-10-20 11:29 - 2015-07-02 13:29 - 0005632 _____ () C:\Users\Ulla & Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-29 21:23 - 2015-11-29 21:34 - 0006921 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.html
2015-11-29 21:23 - 2015-11-29 21:34 - 0002401 _____ () C:\Users\Ulla & Christian\AppData\Local\how_recover+yer.txt
2013-12-10 20:40 - 2015-09-13 22:27 - 0007605 _____ () C:\Users\Ulla & Christian\AppData\Local\resmon.resmoncfg
2015-05-17 15:41 - 2015-05-17 15:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-29 21:21 - 2015-11-29 21:23 - 0006921 _____ () C:\ProgramData\how_recover+yer.html
2015-11-29 21:21 - 2015-11-29 21:23 - 0002401 _____ () C:\ProgramData\how_recover+yer.txt
2013-06-16 20:51 - 2013-06-16 20:51 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-07-10 21:31 - 2013-07-10 21:42 - 0020531 ____H () C:\ProgramData\R49LW

Einige Dateien in TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\avgnt.exe
C:\Users\Ulla & Christian\AppData\Local\Temp\avgnt.exe
C:\Users\Ulla & Christian\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-12-04 20:57

==================== Ende von FRST.txt ===========================
         
Abgesehen davon, dass ich die verseuchten Dateien noch ersetzen muss, keine Probleme. Es kommt keine Erpresser-Meldung mehr.

Alt 07.12.2015, 20:36   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Virus hängt an alle Dateien .vvv - Standard

Virus hängt an alle Dateien .vvv



du meinst die verschlüsselten?

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Virus hängt an alle Dateien .vvv
.vvv-anhang, adobe, antivir, avira, bonjour, defender, desktop, dnsapi.dll, explorer, festplatte, firefox, flash player, geld, home, hängt, mozilla, neustart, prozesse, registry, security, services.exe, svchost.exe, synology, system, usb, virus, windows, wiso



Ähnliche Themen: Virus hängt an alle Dateien .vvv


  1. Virus hängt an sämtliche Dateien zusätzlich ein .vvv an
    Alles rund um Windows - 30.12.2015 (53)
  2. ROTO Virus verschlüsselt alle Dateien
    Plagegeister aller Art und deren Bekämpfung - 30.06.2015 (3)
  3. USB Virus - vsb Datei auf Stick entdeckt, alle Dateien schreibgeschützt und versteckt
    Plagegeister aller Art und deren Bekämpfung - 18.03.2015 (14)
  4. Alle Dateien durch Howdecrypt Virus verschlüsselt - Entschlüsselungsversuche bisher erfolglos!
    Plagegeister aller Art und deren Bekämpfung - 08.03.2014 (26)
  5. Fast alle exe Dateien von Virus befallen
    Plagegeister aller Art und deren Bekämpfung - 28.07.2012 (3)
  6. Smart HDD Virus hat alle Dateien und Programme versteckt
    Plagegeister aller Art und deren Bekämpfung - 25.04.2012 (1)
  7. Virus TR/Crypt.XPACK.Gen-alle Dateien unsichtbar
    Log-Analyse und Auswertung - 27.03.2012 (11)
  8. Nach Virus/Trojaner-Befall sind alle WORD-Dateien verschwunden
    Plagegeister aller Art und deren Bekämpfung - 28.11.2011 (10)
  9. Virus dank Malwarebytes weg - alle Dateien noch da, aber kein Zugriff möglich
    Plagegeister aller Art und deren Bekämpfung - 02.11.2011 (10)
  10. Virus/Trojaner hat alle Dateien versteckt
    Log-Analyse und Auswertung - 24.10.2011 (1)
  11. TR/Spy.Web.H und windows-virus w32/Indus.A, schwarzer Bildschirm, scheinbar alle Dateien weg
    Log-Analyse und Auswertung - 01.10.2011 (6)
  12. VIRUS hat alle Dateien gelöscht und task manager gesperrt
    Diskussionsforum - 11.05.2011 (3)
  13. VIRUS hat alle dateien gelöscht und task manager gesperrt
    Plagegeister aller Art und deren Bekämpfung - 10.04.2011 (17)
  14. Virus Windows Diagnostic > Alle Dateien gelöscht
    Log-Analyse und Auswertung - 22.03.2011 (1)
  15. Unbekannter Virus verseucht alle index.html/php Dateien auf dem Server!
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (4)
  16. Trojaner/Virus befällt alle .exe Dateien / AntiVir ohne Wirkung / Malware?
    Plagegeister aller Art und deren Bekämpfung - 05.09.2010 (11)
  17. Hilfe ich hab nen Virus und der löscht alle Antivirus Dateien!
    Plagegeister aller Art und deren Bekämpfung - 07.02.2007 (11)

Zum Thema Virus hängt an alle Dateien .vvv - Hallo, mich - meinen Rechner - hat ein Virus erwischt. An alle Word-, Excel- und PDF-Dateien wurde ein .vvv angehängt. Betroffene Dateien sind nicht mehr zu öffnen. jpg- und mp3-Dateien - Virus hängt an alle Dateien .vvv...
Archiv
Du betrachtest: Virus hängt an alle Dateien .vvv auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.