Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Spyhunter - wie werde ich ihn wieder los (https://www.trojaner-board.de/167299-spyhunter-ihn-los.html)

schrauber 01.06.2015 09:16
Bitte eine frische FRST.txt, nicht Addition.txt :)

Sonnen 01.06.2015 10:37
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by adriana (administrator) on SOFIA on 01-06-2015 11:25:15
Running from C:\Users\adriana\Desktop
Loaded Profiles: adriana (Available Profiles: adriana & Balou & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\adriana\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4923832 2015-05-26] (Emsisoft Ltd)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Run: [Google+ Auto Backup] => C:\Users\adriana\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1905032 2015-04-28] (TomTom)
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\adriana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\adriana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\adriana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-02-20]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4246888475-3530032447-118406061-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=de-de
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4246888475-3530032447-118406061-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {C87395B5-70D9-4E25-AB1F-FF23936613EF} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4246888475-3530032447-118406061-1002 -> {C87395B5-70D9-4E25-AB1F-FF23936613EF} URL =
SearchScopes: HKU\S-1-5-21-4246888475-3530032447-118406061-1002 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-28] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-28] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKU\S-1-5-21-4246888475-3530032447-118406061-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1140/Navigram.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default
FF Homepage: hxxp://www.griechischefellnasen.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4246888475-3530032447-118406061-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\adriana\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-08] (Apple Inc.)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2015-05-29]
FF Extension: Google Translator for Firefox - C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\Extensions\translator@zoli.bod.xpi [2014-02-21]
FF Extension: ImTranslator - C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-02-21]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-01-06]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR Profile: C:\Users\adriana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\adriana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\adriana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\adriana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-19]
CHR Extension: (Google Wallet) - C:\Users\adriana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5155576 2015-05-26] (Emsisoft Ltd)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [168448 2011-01-12] (SEIKO EPSON CORPORATION) [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-07-15] (Ellora Assets Corp.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) [File not signed]
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MSSQL$SERVEREXP2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
S4 SQLAgent$SERVEREXP2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-04] (Emsisoft GmbH)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1863720 2012-06-01] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-27] (Duplex Secure Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\adriana\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S1 SASDIFSV; \??\C:\Users\adriana\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Users\adriana\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 18:01 - 2015-05-31 18:01 - 00000000 ____D () C:\Users\adriana\Downloads\Office 2007
2015-05-31 17:50 - 2015-05-31 17:50 - 00000000 ____D () C:\Users\Balou\Downloads\Office 2007
2015-05-31 15:43 - 2015-05-31 15:44 - 00045192 _____ () C:\Users\adriana\Desktop\Addition.txt
2015-05-31 15:40 - 2015-06-01 11:25 - 00024125 _____ () C:\Users\adriana\Desktop\FRST.txt
2015-05-30 21:25 - 2015-05-30 21:25 - 00852639 _____ () C:\Users\adriana\Downloads\SecurityCheck(1).exe
2015-05-30 18:36 - 2015-05-30 18:37 - 02347384 _____ (ESET) C:\Users\adriana\Downloads\esetsmartinstaller_deu.exe
2015-05-30 15:56 - 2015-05-30 15:56 - 00001057 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-05-30 15:56 - 2015-05-30 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-05-30 15:56 - 2015-03-24 00:17 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-05-30 15:55 - 2015-06-01 11:24 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-05-30 15:51 - 2015-05-30 15:53 - 162479736 _____ (Emsisoft Ltd. ) C:\Users\adriana\Downloads\EmsisoftAntiMalwareSetup.exe
2015-05-29 22:35 - 2015-05-29 22:35 - 02108928 _____ (Farbar) C:\Users\adriana\Desktop\FRST64.exe
2015-05-29 22:23 - 2015-05-29 22:23 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SOFIA-Windows-7-Home-Premium-(64-bit).dat
2015-05-29 22:23 - 2015-05-29 22:23 - 00000000 ____D () C:\RegBackup
2015-05-29 22:22 - 2015-05-29 22:22 - 02948651 _____ (Thisisu) C:\Users\adriana\Downloads\JRT.exe
2015-05-29 22:11 - 2015-05-29 22:15 - 00000000 ____D () C:\AdwCleaner
2015-05-29 22:10 - 2015-05-29 22:10 - 02222592 _____ () C:\Users\adriana\Downloads\AdwCleaner_4.205.exe
2015-05-29 22:03 - 2015-05-29 22:03 - 00001237 _____ () C:\malewarebytes ergebnis heute.txt
2015-05-29 21:27 - 2015-05-29 21:28 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-29 21:27 - 2015-05-29 21:27 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-29 21:27 - 2015-05-29 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-29 21:27 - 2015-05-29 21:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-29 21:27 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-29 21:27 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-29 21:27 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-29 21:26 - 2015-05-29 21:26 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\adriana\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-29 00:38 - 2015-05-29 00:38 - 00037299 _____ () C:\ComboFix.txt
2015-05-28 23:57 - 2015-05-28 23:57 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\adriana\Downloads\flashplayer17_hd_install.exe
2015-05-28 23:40 - 2015-05-28 23:40 - 00561248 _____ (Oracle Corporation) C:\Users\adriana\Downloads\jxpiinstall.exe
2015-05-28 23:38 - 2015-05-28 23:38 - 01124072 _____ (Adobe Systems Incorporated) C:\Users\adriana\Downloads\readerdc_de_ha_install.exe
2015-05-28 23:37 - 2015-05-28 23:37 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\adriana\Downloads\flashplayer17_ha_install.exe
2015-05-28 23:30 - 2015-05-28 23:30 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-28 23:29 - 2015-05-28 23:29 - 00243656 _____ () C:\Users\adriana\Downloads\Firefox Setup Stub 38.0.1.exe
2015-05-28 22:26 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-28 22:26 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-28 22:26 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-28 22:26 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-28 22:26 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-28 22:26 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-28 22:26 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-28 22:26 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-28 21:52 - 2015-05-29 00:38 - 00000000 ____D () C:\Qoobox
2015-05-28 21:51 - 2015-05-29 00:36 - 00000000 ____D () C:\Windows\erdnt
2015-05-28 21:25 - 2015-05-28 21:25 - 00001230 _____ () C:\Users\adriana\Desktop\Revo Uninstaller.lnk
2015-05-28 21:25 - 2015-05-28 21:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-28 21:22 - 2015-05-28 21:23 - 05628678 ____R (Swearware) C:\Users\adriana\Downloads\ComboFix.exe
2015-05-28 21:21 - 2015-05-28 21:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\adriana\Downloads\revosetup95 (1).exe
2015-05-27 21:55 - 2015-05-27 21:55 - 00000000 ____D () C:\fe204145e4178e7dbab4700645d0aa
2015-05-27 21:49 - 2015-05-27 21:49 - 00046935 _____ () C:\Users\adriana\Downloads\Addition.txt
2015-05-27 12:21 - 2015-05-27 12:21 - 00105619 _____ () C:\Users\adriana\Downloads\neuer scan mittag.txt
2015-05-27 07:29 - 2015-05-30 18:15 - 00110627 _____ () C:\Users\adriana\Downloads\FRST.txt
2015-05-26 19:35 - 2015-05-26 19:35 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\GMX
2015-05-26 15:17 - 2015-05-27 08:33 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-05-26 14:52 - 2015-05-26 14:52 - 00034332 _____ () C:\Users\Balou\Documents\software Bedrohungen1.txt
2015-05-24 16:27 - 2015-05-24 16:27 - 00000000 ____D () C:\Users\Balou\AppData\Local\Apple
2015-05-24 15:31 - 2015-05-24 15:31 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBalou
2015-05-22 14:47 - 2015-05-30 21:31 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForBalou.job
2015-05-22 14:47 - 2015-05-27 21:39 - 00000000 ____D () C:\Users\Balou\AppData\Local\Hewlett-Packard
2015-05-22 00:30 - 2015-05-22 00:30 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-05-21 20:31 - 2015-05-22 14:31 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-05-21 20:31 - 2015-05-21 20:31 - 00000000 ____D () C:\Program Files\Trend Micro
2015-05-21 20:30 - 2015-05-21 20:30 - 00000036 _____ () C:\Users\Balou\AppData\Local\housecall.guid.cache
2015-05-21 20:21 - 2015-05-21 20:21 - 00000000 ____D () C:\Users\Balou\AppData\Local\Trend Micro
2015-05-21 19:47 - 2015-05-21 21:08 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Nico Mak Computing
2015-05-21 18:39 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\AppData\Local\Tempcab4d6f15f2003ef405f2cdaac60c63f_
2015-05-21 18:39 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\AppData\Local\Temp9d0804a4ffbc2018293c60258a7393e8_
2015-05-21 18:36 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\AppData\Local\Tempcb5f031f2fcb0b6739359a4a41301da2
2015-05-21 18:36 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\AppData\Local\Tempcab4d6f15f2003ef405f2cdaac60c63f
2015-05-21 18:36 - 2015-05-22 14:31 - 00000000 ____D () C:\Users\Balou\AppData\Local\Temp9d0804a4ffbc2018293c60258a7393e8
2015-05-21 18:36 - 2015-05-21 18:50 - 00000000 ____D () C:\Users\Balou\AppData\Local\CrashDumps
2015-05-19 23:30 - 2015-05-19 23:30 - 00000000 ____D () C:\Users\Balou\Downloads\Originals
2015-05-19 23:30 - 2015-05-19 23:30 - 00000000 ____D () C:\Users\Balou\Downloads\artmedic_advent
2015-05-19 23:20 - 2015-05-19 23:20 - 00000000 ____D () C:\Users\Balou\AppData\Local\Macromedia
2015-05-19 20:44 - 2015-05-19 20:44 - 00001048 _____ () C:\Users\Balou\Desktop\adriana - Verknüpfung.lnk
2015-05-19 20:39 - 2015-05-19 20:39 - 00000000 ____D () C:\Users\Balou\AppData\Local\Adobe
2015-05-19 20:33 - 2015-05-19 20:33 - 00000521 _____ () C:\Users\Balou\Desktop\Sichern und Wiederherstellen - Verknüpfung.lnk
2015-05-19 20:21 - 2015-05-19 20:22 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Mozilla
2015-05-19 20:21 - 2015-05-19 20:22 - 00000000 ____D () C:\Users\Balou\AppData\Local\Mozilla
2015-05-19 20:00 - 2014-11-22 01:55 - 00001859 _____ () C:\Users\Balou\Documents\Weihnachtsgeschichte_3.txt
2015-05-19 20:00 - 2014-08-18 11:05 - 00000894 _____ () C:\Users\Balou\Documents\Tierärte Pool Kastrationsflyer Xanthi.txt
2015-05-19 20:00 - 2013-11-12 18:08 - 00001287 _____ () C:\Users\Balou\Documents\umsatz verein november 2013.csv
2015-05-19 20:00 - 2012-07-16 17:13 - 00000068 _____ () C:\Users\Balou\Documents\userpatch.dat
2015-05-19 20:00 - 2012-07-16 17:13 - 00000003 _____ () C:\Users\Balou\Documents\temporary.iti
2015-05-19 20:00 - 2012-07-15 18:27 - 00002048 _____ () C:\Users\Balou\Documents\watchdogtrace.dat
2015-05-19 20:00 - 2012-04-01 23:03 - 00000023 _____ () C:\Users\Balou\Documents\start_mumble.bat
2015-05-19 20:00 - 2012-02-02 01:35 - 00023819 _____ () C:\Users\Balou\Documents\Tierschutzverein Vorlage Sofia.dotx
2015-05-19 20:00 - 2012-01-20 02:08 - 00001043 _____ () C:\Users\Balou\Documents\YouCam(Webcam).lnk
2015-05-19 20:00 - 2011-08-23 15:46 - 08225519 _____ () C:\Users\Balou\Documents\tables.dat
2015-05-19 20:00 - 2011-06-26 15:21 - 02932120 _____ () C:\Users\Balou\Documents\tmccodes.dat
2015-05-19 20:00 - 2011-06-26 15:21 - 00000088 _____ () C:\Users\Balou\Documents\traffic.dat
2015-05-19 20:00 - 2011-04-08 22:54 - 10741064 _____ () C:\Users\Balou\Documents\wz145gev.exe
2015-05-19 20:00 - 2011-03-20 21:47 - 106928002 _____ () C:\Users\Balou\Documents\Stick.wmv
2015-05-19 20:00 - 2011-03-20 21:44 - 00023310 _____ () C:\Users\Balou\Documents\Stick.mxf
2015-05-19 20:00 - 2011-02-17 19:34 - 00000000 _____ () C:\Users\Balou\Documents\unconfirmed 3480.crdownload
2015-05-19 20:00 - 2010-05-23 21:00 - 00000525 _____ () C:\Users\Balou\Documents\Tierschutz-und Pflegevertrag Athen.txt
2015-05-19 20:00 - 2009-12-15 15:59 - 00079404 _____ () C:\Users\Balou\Documents\voice.wav
2015-05-19 20:00 - 2009-12-06 14:09 - 00004270 _____ () C:\Users\Balou\Documents\winmail.dat
2015-05-19 20:00 - 2009-11-27 01:41 - 00000473 _____ () C:\Users\Balou\Documents\Stefan.vcf
2015-05-19 20:00 - 2009-11-27 01:41 - 00000397 _____ () C:\Users\Balou\Documents\Stefan.vde
2015-05-19 20:00 - 2009-10-08 12:04 - 00001451 _____ () C:\Users\Balou\Documents\sv7cli1455538443.xml
2015-05-19 20:00 - 2009-09-29 10:46 - 01167688 _____ (Microsoft Corporation) C:\Users\Balou\Documents\wlsetup-custom.exe
2015-05-19 20:00 - 2009-06-30 18:37 - 08815552 _____ (Microsoft Corporation) C:\Users\Balou\Documents\windows-kb890830-v2.11.exe
2015-05-19 20:00 - 2009-04-07 09:58 - 00400752 _____ () C:\Users\Balou\Documents\Untitled Page.mht
2015-05-19 20:00 - 2008-11-20 21:19 - 00000891 _____ () C:\Users\Balou\Documents\style.css
2015-05-19 20:00 - 2008-05-22 14:51 - 02404880 _____ (Microsoft Corporation) C:\Users\Balou\Documents\WLinstaller.exe
2015-05-19 20:00 - 2008-04-04 16:45 - 00000359 _____ () C:\Users\Balou\Documents\VolumeConfig.plist
2015-05-19 20:00 - 2008-01-31 20:31 - 02628776 _____ () C:\Users\Balou\Documents\Weitere hilfreiche Features.one
2015-05-19 20:00 - 2008-01-31 20:31 - 00113704 _____ () C:\Users\Balou\Documents\Verschiedenes.one
2015-05-19 20:00 - 2006-10-31 01:00 - 01659904 _____ () C:\Users\Balou\Documents\WordMUI.msi
2015-05-19 20:00 - 2006-10-31 01:00 - 00244936 _____ () C:\Users\Balou\Documents\word12.opa
2015-05-19 20:00 - 2006-10-31 01:00 - 00001799 _____ () C:\Users\Balou\Documents\WordMUI.xml
2015-05-19 19:59 - 2015-05-09 19:09 - 00038976 _____ () C:\Users\Balou\Documents\Selbstauskunft.odt
2015-05-19 19:59 - 2014-04-09 13:24 - 00000812 _____ () C:\Users\Balou\Documents\nestor1.txt
2015-05-19 19:59 - 2014-03-11 21:42 - 00006633 _____ () C:\Users\Balou\Documents\reise xanthi1.txt
2015-05-19 19:59 - 2013-11-11 22:48 - 03843072 _____ (Piriform Ltd) C:\Users\Balou\Documents\rcsetup148.exe
2015-05-19 19:59 - 2013-11-08 21:47 - 00000056 _____ () C:\Users\Balou\Documents\MyData.ini
2015-05-19 19:59 - 2013-10-01 01:55 - 00020992 _____ () C:\Users\Balou\Documents\spenden thaleia.xls
2015-05-19 19:59 - 2013-09-26 20:36 - 00026112 _____ () C:\Users\Balou\Documents\Spendenaufruf Alexandroupolis Futter ab 2011.xls
2015-05-19 19:59 - 2013-03-31 21:10 - 00023706 _____ () C:\Users\Balou\Documents\post von fb asutretung kostas e v.txt
2015-05-19 19:59 - 2012-10-23 02:10 - 00230912 _____ () C:\Users\Balou\Documents\Pflegestellengesuche.pub
2015-05-19 19:59 - 2012-07-17 00:36 - 00539752 _____ () C:\Users\Balou\Documents\ServerLineIndex.dat
2015-05-19 19:59 - 2012-07-17 00:36 - 00118936 _____ () C:\Users\Balou\Documents\ServerNameIndex.dat
2015-05-19 19:59 - 2012-07-17 00:36 - 00000091 _____ () C:\Users\Balou\Documents\PatchFilter.dat
2015-05-19 19:59 - 2012-07-16 17:13 - 00000965 _____ () C:\Users\Balou\Documents\settings.dat
2015-05-19 19:59 - 2012-05-12 20:39 - 00475136 _____ () C:\Users\Balou\Documents\mumble.sqlite
2015-05-19 19:59 - 2012-05-12 20:39 - 00007338 _____ () C:\Users\Balou\Documents\mumble.ini
2015-05-19 19:59 - 2012-05-12 19:51 - 00002385 _____ () C:\Users\Balou\Documents\MumbleAutomaticCertificateBackup.p12
2015-05-19 19:59 - 2012-04-01 23:03 - 04431328 _____ (Thorvald Natvig) C:\Users\Balou\Documents\mumble.exe
2015-05-19 19:59 - 2012-03-29 22:19 - 00001634 _____ () C:\Users\Balou\Documents\Read Me First.txt
2015-05-19 19:59 - 2012-03-29 22:19 - 00001127 _____ () C:\Users\Balou\Documents\release.nfo
2015-05-19 19:59 - 2012-03-29 22:18 - 00012235 _____ () C:\Users\Balou\Documents\signpost_li.txt
2015-05-19 19:59 - 2012-03-29 20:09 - 00000468 _____ () C:\Users\Balou\Documents\restart.dat
2015-05-19 19:59 - 2012-03-28 17:00 - 00121496 _____ () C:\Users\Balou\Documents\Planung.one
2015-05-19 19:59 - 2012-02-15 23:47 - 00004956 _____ () C:\Users\Balou\Documents\OKiTALK_Readme.txt
2015-05-19 19:59 - 2011-12-30 15:25 - 00000008 _____ () C:\Users\Balou\Documents\report.cam
2015-05-19 19:59 - 2011-10-31 18:30 - 00071099 _____ () C:\Users\Balou\Documents\NK Liste fortlaufend 2011 Stand 31.10.2011sofia.xlsx
2015-05-19 19:59 - 2011-09-15 20:35 - 06418238 _____ () C:\Users\Balou\Documents\SSA40032.AVI
2015-05-19 19:59 - 2011-07-22 01:37 - 02012318 _____ () C:\Users\Balou\Documents\nederland.postal
2015-05-19 19:59 - 2011-06-26 15:21 - 106676576 _____ () C:\Users\Balou\Documents\poi.dat
2015-05-19 19:59 - 2011-06-26 15:21 - 00028526 _____ () C:\Users\Balou\Documents\profiles.dat
2015-05-19 19:59 - 2011-05-16 17:23 - 12181425 _____ () C:\Users\Balou\Documents\MOV03740.MPG
2015-05-19 19:59 - 2011-05-16 17:23 - 12181425 _____ () C:\Users\Balou\Documents\MOV03740 (1).MPG
2015-05-19 19:59 - 2011-03-19 20:44 - 14271992 _____ (Google Inc.) C:\Users\Balou\Documents\picasa38-setup.exe
2015-05-19 19:59 - 2011-01-23 13:15 - 00004471 _____ () C:\Users\Balou\Documents\Schutzvertrag TSV ARGOS.txt
2015-05-19 19:59 - 2011-01-22 19:55 - 00938024 _____ () C:\Users\Balou\Documents\Nicht abgelegte Notizen.one
2015-05-19 19:59 - 2011-01-22 16:10 - 00010256 _____ () C:\Users\Balou\Documents\Re _Sofia.txt
2015-05-19 19:59 - 2010-12-19 23:12 - 03325446 _____ () C:\Users\Balou\Documents\MP3-and-WAV-Solutions-Setup.exe
2015-05-19 19:59 - 2010-12-19 18:51 - 00000038 _____ () C:\Users\Balou\Documents\playlist.txt
2015-05-19 19:59 - 2010-12-19 18:51 - 00000030 _____ () C:\Users\Balou\Documents\play.bat
2015-05-19 19:59 - 2010-12-12 21:25 - 00000000 _____ () C:\Users\Balou\Documents\Scannen0016.jpg.crdownload
2015-05-19 19:59 - 2010-09-16 01:26 - 02013568 _____ (Microsoft Corporation) C:\Users\Balou\Documents\PPTVIEW.EXE
2015-05-19 19:59 - 2010-09-05 20:30 - 53785488 _____ () C:\Users\Balou\Documents\setup_av_free_ger50594.exe
2015-05-19 19:59 - 2010-05-29 15:54 - 01959956 _____ () C:\Users\Balou\Documents\MOV02066.3GP
2015-05-19 19:59 - 2010-05-18 01:00 - 00002315 _____ () C:\Users\Balou\Documents\readme.txt
2015-05-19 19:59 - 2010-05-04 18:04 - 00001494 _____ () C:\Users\Balou\Documents\ogg-vorbis_(tremor-variable)_license.txt
2015-05-19 19:59 - 2010-03-04 20:35 - 00237712 _____ (NCH Software) C:\Users\Balou\Documents\prismsetup.exe
2015-05-19 19:59 - 2009-12-24 10:27 - 00026835 _____ () C:\Users\Balou\Documents\qt.txt
2015-05-19 19:59 - 2009-11-21 21:08 - 00836837 _____ () C:\Users\Balou\Documents\small.rar
2015-05-19 19:59 - 2009-10-08 12:04 - 00012162 _____ () C:\Users\Balou\Documents\MessageLog.xsl
2015-05-19 19:59 - 2009-07-04 22:27 - 00000497 _____ () C:\Users\Balou\Documents\server.met.gz
2015-05-19 19:59 - 2009-06-25 17:17 - 06205440 _____ () C:\Users\Balou\Documents\s7119dex.exe
2015-05-19 19:59 - 2009-06-23 12:20 - 21935408 _____ (Apple Inc.) C:\Users\Balou\Documents\QuickTimeInstaller762.exe
2015-05-19 19:59 - 2009-06-21 17:27 - 23710864 _____ (Microsoft Corporation) C:\Users\Balou\Documents\MSNOIE8_DEDE_VIS.EXE
2015-05-19 19:59 - 2009-06-06 21:01 - 01228320 _____ (Adobe Systems Incorporated) C:\Users\Balou\Documents\PRE7_TB_WWEFGJ.exe
2015-05-19 19:59 - 2009-03-22 08:08 - 00000028 _____ () C:\Users\Balou\Documents\qt.conf
2015-05-19 19:59 - 2009-03-12 14:15 - 00001774 _____ () C:\Users\Balou\Documents\speex.txt
2015-05-19 19:59 - 2008-02-13 20:57 - 05473872 _____ (Microsoft Corporation) C:\Users\Balou\Documents\msjavx86.exe
2015-05-19 19:59 - 2008-01-31 20:31 - 00198784 _____ () C:\Users\Balou\Documents\Reisen.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00132496 _____ () C:\Users\Balou\Documents\Recherche.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00112432 _____ () C:\Users\Balou\Documents\Projekt A.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00108824 _____ () C:\Users\Balou\Documents\Projekt B.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00089736 _____ () C:\Users\Balou\Documents\Persönliche Informationen.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00022824 _____ () C:\Users\Balou\Documents\Shopping.one
2015-05-19 19:59 - 2008-01-31 20:31 - 00022608 _____ () C:\Users\Balou\Documents\Rezepte.one
2015-05-19 19:59 - 2006-10-31 01:00 - 02421760 _____ () C:\Users\Balou\Documents\OfficeMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 02030080 _____ () C:\Users\Balou\Documents\OutlookMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 01658880 _____ () C:\Users\Balou\Documents\PublisherMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 01648128 _____ () C:\Users\Balou\Documents\PowerPointMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 01647616 _____ () C:\Users\Balou\Documents\OneNoteMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00847872 _____ () C:\Users\Balou\Documents\Office64WW.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00717386 _____ () C:\Users\Balou\Documents\office12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00515072 _____ () C:\Users\Balou\Documents\Proof.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00508416 _____ () C:\Users\Balou\Documents\Office64MUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00506880 _____ () C:\Users\Balou\Documents\Proofing.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00497936 _____ () C:\Users\Balou\Documents\outlk12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00463152 _____ (Microsoft Corporation) C:\Users\Balou\Documents\setup.exe
2015-05-19 19:59 - 2006-10-31 01:00 - 00202490 _____ () C:\Users\Balou\Documents\proj12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00145184 _____ (Microsoft Corporation) C:\Users\Balou\Documents\ose.exe
2015-05-19 19:59 - 2006-10-31 01:00 - 00105546 _____ () C:\Users\Balou\Documents\ppt12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00101428 _____ () C:\Users\Balou\Documents\onent12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00068096 _____ () C:\Users\Balou\Documents\ShellUI.MST
2015-05-19 19:59 - 2006-10-31 01:00 - 00057249 _____ () C:\Users\Balou\Documents\oct.chm
2015-05-19 19:59 - 2006-10-31 01:00 - 00054295 _____ () C:\Users\Balou\Documents\setup.chm
2015-05-19 19:59 - 2006-10-31 01:00 - 00049152 _____ () C:\Users\Balou\Documents\RosebudMUI.msi
2015-05-19 19:59 - 2006-10-31 01:00 - 00032972 _____ () C:\Users\Balou\Documents\pub12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00027439 _____ () C:\Users\Balou\Documents\pss10r.chm
2015-05-19 19:59 - 2006-10-31 01:00 - 00016130 _____ () C:\Users\Balou\Documents\spd12.opa
2015-05-19 19:59 - 2006-10-31 01:00 - 00005772 _____ () C:\Users\Balou\Documents\OfficeMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00002947 _____ () C:\Users\Balou\Documents\OutlookMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00002582 _____ () C:\Users\Balou\Documents\README.HTM
2015-05-19 19:59 - 2006-10-31 01:00 - 00002310 _____ () C:\Users\Balou\Documents\Office64WW.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001780 _____ () C:\Users\Balou\Documents\setup.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001554 _____ () C:\Users\Balou\Documents\PowerPointMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001470 _____ () C:\Users\Balou\Documents\PublisherMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001461 _____ () C:\Users\Balou\Documents\Proof.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001360 _____ () C:\Users\Balou\Documents\OneNoteMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00001027 _____ () C:\Users\Balou\Documents\Office64MUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00000811 _____ () C:\Users\Balou\Documents\RosebudMUI.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00000807 _____ () C:\Users\Balou\Documents\Proofing.xml
2015-05-19 19:59 - 2006-10-31 01:00 - 00000522 _____ () C:\Users\Balou\Documents\Microsoft.VC80.CRT.manifest
2015-05-19 19:59 - 2006-10-26 20:49 - 00000804 _____ () C:\Users\Balou\Documents\pptview.exe.manifest
2015-05-19 19:59 - 2006-10-05 10:52 - 00004566 _____ () C:\Users\Balou\Documents\PVREADME.HTM
2015-05-19 19:58 - 2014-05-04 20:28 - 00001646 _____ () C:\Users\Balou\Documents\ingDiba.txt
2015-05-19 19:58 - 2013-09-27 12:34 - 00019456 _____ () C:\Users\Balou\Documents\Kafetoulis spenden OP Kosten.xls
2015-05-19 19:58 - 2013-09-27 11:36 - 00021504 _____ () C:\Users\Balou\Documents\Katzen Kastrationen 2013 Spenden.xls
2015-05-19 19:58 - 2012-07-17 00:36 - 00457295 _____ () C:\Users\Balou\Documents\MapServerPatch.dat
2015-05-19 19:58 - 2012-07-17 00:35 - 00051228 _____ () C:\Users\Balou\Documents\lto.dat
2015-05-19 19:58 - 2012-07-15 18:35 - 00014286 _____ () C:\Users\Balou\Documents\mapsettings.cfg
2015-05-19 19:58 - 2012-03-29 22:19 - 00015397 _____ () C:\Users\Balou\Documents\GNU General Public License.txt
2015-05-19 19:58 - 2012-03-29 22:19 - 00000783 _____ () C:\Users\Balou\Documents\MD5_license.txt
2015-05-19 19:58 - 2012-03-29 22:19 - 00000200 _____ () C:\Users\Balou\Documents\GPL-offer.txt
2015-05-19 19:58 - 2012-03-29 22:18 - 00000212 _____ () C:\Users\Balou\Documents\mctx.dat
2015-05-19 19:58 - 2012-03-06 15:20 - 00010754 _____ () C:\Users\Balou\Documents\Logfile.odt
2015-05-19 19:58 - 2011-08-23 15:20 - 00034757 _____ () C:\Users\Balou\Documents\GQ.jar
2015-05-19 19:58 - 2011-08-23 15:20 - 00000142 _____ () C:\Users\Balou\Documents\GQ.ddf
2015-05-19 19:58 - 2011-06-26 15:21 - 00000062 _____ () C:\Users\Balou\Documents\mapinfo.dat
2015-05-19 19:58 - 2011-06-21 15:15 - 00003217 _____ () C:\Users\Balou\Documents\Kündigung Probe Homepage.txt
2015-05-19 19:58 - 2011-04-12 23:38 - 00038470 _____ () C:\Users\Balou\Documents\Kürzlich aktualisiert.mxf
2015-05-19 19:58 - 2011-04-08 23:35 - 00083966 _____ () C:\Users\Balou\Documents\getDoc.do
2015-05-19 19:58 - 2011-03-01 20:32 - 00204336 _____ () C:\Users\Balou\Documents\Max_M_ 04 2005 OK chiens et chats._jpg
2015-05-19 19:58 - 2011-01-12 00:42 - 02853988 _____ () C:\Users\Balou\Documents\GMX-11-01-2011.zip
2015-05-19 19:58 - 2010-12-19 15:13 - 11011656 _____ () C:\Users\Balou\Documents\GER_Version.zip
2015-05-19 19:58 - 2010-03-25 11:27 - 07710141 _____ () C:\Users\Balou\Documents\kynosofio dogs.zip
2015-05-19 19:58 - 2010-03-25 11:23 - 07710141 _____ () C:\Users\Balou\Documents\kynosofio+dogs.zip
2015-05-19 19:58 - 2010-03-09 16:10 - 00588532 _____ () C:\Users\Balou\Documents\Kastrationstransp.10
2015-05-19 19:58 - 2010-03-09 16:09 - 00630270 _____ () C:\Users\Balou\Documents\Kastrationstransp.9
2015-05-19 19:58 - 2010-03-09 16:09 - 00630270 _____ () C:\Users\Balou\Documents\Kastrationstransp.8
2015-05-19 19:58 - 2010-03-09 16:09 - 00597894 _____ () C:\Users\Balou\Documents\Kastrationstransp.7
2015-05-19 19:58 - 2010-03-09 16:08 - 00624584 _____ () C:\Users\Balou\Documents\Kastrationstransp.6
2015-05-19 19:58 - 2010-02-27 18:34 - 02110728 _____ (Facebook, Inc.) C:\Users\Balou\Documents\Install_Facebook_Plug-In_1.0.3.exe
2015-05-19 19:58 - 2009-11-27 01:41 - 00885890 _____ () C:\Users\Balou\Documents\LesGermanComp.txt
2015-05-19 19:58 - 2009-11-27 01:41 - 00306176 _____ () C:\Users\Balou\Documents\German.dbl
2015-05-19 19:58 - 2009-11-27 01:41 - 00004069 _____ () C:\Users\Balou\Documents\GermanTT.rex
2015-05-19 19:58 - 2009-11-27 01:41 - 00000475 _____ () C:\Users\Balou\Documents\Katrin.vcf
2015-05-19 19:58 - 2009-11-27 01:41 - 00000398 _____ () C:\Users\Balou\Documents\Katrin.vde
2015-05-19 19:58 - 2009-11-27 01:41 - 00000364 _____ () C:\Users\Balou\Documents\German.lde
2015-05-19 19:58 - 2009-11-27 01:41 - 00000193 _____ () C:\Users\Balou\Documents\German.lcf
2015-05-19 19:58 - 2009-11-27 01:41 - 00000043 _____ () C:\Users\Balou\Documents\LicenseCode7.txt
2015-05-19 19:58 - 2009-11-27 01:37 - 00348160 _____ () C:\Users\Balou\Documents\InstallTomTomHOME.exe
2015-05-19 19:58 - 2009-10-27 11:46 - 04745072 _____ (GMX GmbH) C:\Users\Balou\Documents\gmx_profifax.exe
2015-05-19 19:58 - 2009-10-02 14:12 - 00001024 _____ () C:\Users\Balou\Documents\hbedv.key
2015-05-19 19:58 - 2009-06-30 14:45 - 00207626 _____ () C:\Users\Balou\Documents\IE8-Windows6.0-KB968220-x86.msu
2015-05-19 19:58 - 2009-02-28 17:44 - 00018351 _____ () C:\Users\Balou\Documents\licence.txt
2015-05-19 19:58 - 2008-11-05 20:47 - 04486176 _____ (maxdome ) C:\Users\Balou\Documents\maxdome-setup.exe
2015-05-19 19:58 - 2008-06-19 16:26 - 00012796 _____ () C:\Users\Balou\Documents\index.php
2015-05-19 19:58 - 2008-02-12 19:00 - 01722816 _____ (1&1 Internet AG) C:\Users\Balou\Documents\gmx_sms_manager.exe
2015-05-19 19:58 - 2008-02-10 15:32 - 00382352 _____ (Sun Microsystems, Inc.) C:\Users\Balou\Documents\jre-6u3-windows-i586-p-iftw.exe
2015-05-19 19:58 - 2007-03-23 18:32 - 00022657 _____ () C:\Users\Balou\Documents\Installer.icns
2015-05-19 19:58 - 2007-03-23 18:32 - 00017546 _____ () C:\Users\Balou\Documents\Installer.data
2015-05-19 19:58 - 2007-03-23 18:32 - 00000873 _____ () C:\Users\Balou\Documents\Info.plist
2015-05-19 19:58 - 2006-11-15 08:46 - 00012576 _____ () C:\Users\Balou\Documents\hs.txt
2015-05-19 19:58 - 2006-10-31 01:00 - 02369024 _____ () C:\Users\Balou\Documents\InfoPathMUI.msi
2015-05-19 19:58 - 2006-10-31 01:00 - 01653248 _____ () C:\Users\Balou\Documents\GrooveMUI.msi
2015-05-19 19:58 - 2006-10-31 01:00 - 00132876 _____ () C:\Users\Balou\Documents\inf12.opa
2015-05-19 19:58 - 2006-10-31 01:00 - 00009172 _____ () C:\Users\Balou\Documents\ic12.opa
2015-05-19 19:58 - 2006-10-31 01:00 - 00004573 _____ () C:\Users\Balou\Documents\InfoPathMUI.xml
2015-05-19 19:58 - 2006-10-31 01:00 - 00003900 _____ () C:\Users\Balou\Documents\groove12.opa
2015-05-19 19:58 - 2006-10-31 01:00 - 00001646 _____ () C:\Users\Balou\Documents\ID_00030.DPC
2015-05-19 19:58 - 2006-10-31 01:00 - 00000914 _____ () C:\Users\Balou\Documents\GrooveMUI.xml
2015-05-19 19:58 - 2000-02-24 23:16 - 00000048 _____ () C:\Users\Balou\Documents\MapUserPatch.dat
2015-05-19 19:57 - 2013-11-07 00:40 - 00001085 _____ () C:\Users\Balou\Documents\CyberLink YouCam(Webcam).lnk
2015-05-19 19:57 - 2012-07-17 00:35 - 00000017 _____ () C:\Users\Balou\Documents\ee_meta.txt
2015-05-19 19:57 - 2012-07-15 19:27 - 00000032 _____ () C:\Users\Balou\Documents\currentmap.dat
2015-05-19 19:57 - 2012-05-12 20:37 - 00215862 _____ () C:\Users\Balou\Documents\Console.txt
2015-05-19 19:57 - 2012-04-19 20:20 - 00000669 _____ () C:\Users\Balou\Documents\derefer.htm
2015-05-19 19:57 - 2012-03-29 22:18 - 06645751 _____ () C:\Users\Balou\Documents\data.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 05119621 _____ () C:\Users\Balou\Documents\data_lim.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 03205205 _____ () C:\Users\Balou\Documents\data_lis.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 01441978 _____ () C:\Users\Balou\Documents\data_im2.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 01219120 _____ () C:\Users\Balou\Documents\data_is2.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 00347596 _____ () C:\Users\Balou\Documents\data_ts.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 00075601 _____ () C:\Users\Balou\Documents\data_ra.chk
2015-05-19 19:57 - 2012-03-29 22:18 - 00012251 _____ () C:\Users\Balou\Documents\data_sp.chk
2015-05-19 19:57 - 2011-12-30 19:04 - 00713368 _____ () C:\Users\Balou\Documents\DVSUninstall.exe
2015-05-19 19:57 - 2011-12-12 20:49 - 00000018 _____ () C:\Users\Balou\Documents\CurrentLocation.dat
2015-05-19 19:57 - 2011-10-22 21:06 - 00020531 _____ () C:\Users\Balou\Documents\Corona.qss
2015-05-19 19:57 - 2011-08-02 16:17 - 00019955 _____ () C:\Users\Balou\Documents\FreeYouTubeToMP3ConverterProfile.xml
2015-05-19 19:57 - 2011-06-26 15:21 - 30216690 _____ () C:\Users\Balou\Documents\cphoneme.dat
2015-05-19 19:57 - 2011-06-26 15:21 - 20264329 _____ () C:\Users\Balou\Documents\crpoi.dat
2015-05-19 19:57 - 2011-06-26 15:21 - 181637972 _____ () C:\Users\Balou\Documents\cnode.dat
2015-05-19 19:57 - 2011-06-26 15:21 - 165445440 _____ () C:\Users\Balou\Documents\faces.dat
2015-05-19 19:57 - 2011-06-26 15:21 - 115179727 _____ () C:\Users\Balou\Documents\cname.dat
2015-05-19 19:57 - 2011-06-26 15:21 - 00004376 _____ () C:\Users\Balou\Documents\faces.met
2015-05-19 19:57 - 2011-06-22 22:18 - 00032162 _____ () C:\Users\Balou\Documents\FreeDVDVideoConverter_setup.txt
2015-05-19 19:57 - 2011-06-12 18:33 - 05639886 _____ () C:\Users\Balou\Documents\dogs+helpe.rar
2015-05-19 19:57 - 2011-06-12 18:29 - 02037336 _____ () C:\Users\Balou\Documents\example.rar
2015-05-19 19:57 - 2011-06-11 19:32 - 05639886 _____ () C:\Users\Balou\Documents\dogs helpe.rar
2015-05-19 19:57 - 2011-02-15 18:38 - 00000000 _____ () C:\Users\Balou\Documents\fax (1).txt
2015-05-19 19:57 - 2011-02-13 16:59 - 15867904 _____ () C:\Users\Balou\Documents\EpsonStylusSX420W.exe
2015-05-19 19:57 - 2010-12-07 16:51 - 00836042 _____ () C:\Users\Balou\Documents\data02.chk
2015-05-19 19:57 - 2010-12-07 16:51 - 00829418 _____ () C:\Users\Balou\Documents\data01.chk
2015-05-19 19:57 - 2010-12-07 16:51 - 00000058 _____ () C:\Users\Balou\Documents\data01.vif
2015-05-19 19:57 - 2010-12-07 16:51 - 00000054 _____ () C:\Users\Balou\Documents\data02.vif
2015-05-19 19:57 - 2010-11-17 13:19 - 00005731 _____ () C:\Users\Balou\Documents\FreeVideoToMP3ConverterProfile.xml
2015-05-19 19:57 - 2010-05-04 18:05 - 00781411 _____ () C:\Users\Balou\Documents\data34.chk
2015-05-19 19:57 - 2010-05-04 18:05 - 00752633 _____ () C:\Users\Balou\Documents\data35.chk
2015-05-19 19:57 - 2010-05-04 18:05 - 00707939 _____ () C:\Users\Balou\Documents\data39.chk
2015-05-19 19:57 - 2010-05-04 18:05 - 00000067 _____ () C:\Users\Balou\Documents\data34.vif
2015-05-19 19:57 - 2010-05-04 18:05 - 00000061 _____ () C:\Users\Balou\Documents\data35.vif
2015-05-19 19:57 - 2010-05-04 18:05 - 00000059 _____ () C:\Users\Balou\Documents\data39.vif
2015-05-19 19:57 - 2009-12-05 18:43 - 01927168 _____ () C:\Users\Balou\Documents\FreeTranslatorSetup_1.94.msi
2015-05-19 19:57 - 2009-11-27 01:41 - 00000781 _____ () C:\Users\Balou\Documents\default7.session
2015-05-19 19:57 - 2008-04-04 16:45 - 00000258 _____ () C:\Users\Balou\Documents\Exclusions.plist
2015-05-19 19:57 - 2008-01-31 20:34 - 02546760 _____ () C:\Users\Balou\Documents\Erste Schritte mit OneNote.one
2015-05-19 19:57 - 2008-01-26 20:12 - 00287240 _____ (Microsoft Corporation) C:\Users\Balou\Documents\dxwebsetup.exe
2015-05-19 19:57 - 2008-01-26 19:52 - 67160149 _____ () C:\Users\Balou\Documents\directx_nov2007_redist.zip
2015-05-19 19:57 - 2006-10-31 01:00 - 18183680 _____ () C:\Users\Balou\Documents\EnterpriseWW.msi
2015-05-19 19:57 - 2006-10-31 01:00 - 01756160 _____ () C:\Users\Balou\Documents\ExcelMUI.msi
2015-05-19 19:57 - 2006-10-31 01:00 - 01323033 _____ () C:\Users\Balou\Documents\files12.cat
2015-05-19 19:57 - 2006-10-31 01:00 - 00813384 _____ (Microsoft Corporation) C:\Users\Balou\Documents\DW20.EXE
2015-05-19 19:57 - 2006-10-31 01:00 - 00434528 _____ (Microsoft Corporation) C:\Users\Balou\Documents\dwtrig20.exe
2015-05-19 19:57 - 2006-10-31 01:00 - 00152834 _____ () C:\Users\Balou\Documents\excel12.opa
2015-05-19 19:57 - 2006-10-31 01:00 - 00027276 _____ () C:\Users\Balou\Documents\cpao12.opa
2015-05-19 19:57 - 2006-10-31 01:00 - 00016711 _____ () C:\Users\Balou\Documents\EnterpriseWW.xml
2015-05-19 19:57 - 2006-10-31 01:00 - 00001921 _____ () C:\Users\Balou\Documents\ExcelMUI.xml
2015-05-19 19:57 - 2006-10-31 01:00 - 00000952 _____ () C:\Users\Balou\Documents\config.xml
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Youcam
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Wir gehen auf die Reise nach Alexandroupolis
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Tierheim Alexandroupolis Hilfe
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Picasa HTML Exports
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Picasa
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\OneNote-Notizbücher
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Office 2007
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Neue Spenden heute
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\neue Pakete
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\My PSP Files
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Meine empfangenen Dateien
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Freemake
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\Fax
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\auswahl
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\2011-02-10
2015-05-19 19:56 - 2015-05-19 19:56 - 00000000 ____D () C:\Users\Balou\Documents\2011-01-24
2015-05-19 19:56 - 2015-02-22 16:05 - 00000124 _____ () C:\Users\Balou\Documents\.picasa.ini
2015-05-19 19:56 - 2014-02-22 15:53 - 00000420 _____ () C:\Users\Balou\Documents\Bella Xanthi.txt
2015-05-19 19:56 - 2014-01-01 18:54 - 00004796 _____ () C:\Users\Balou\Documents\cc_20140101_175404.reg
2015-05-19 19:56 - 2013-12-11 01:53 - 00022616 _____ () C:\Users\Balou\Documents\cc_20131211_005018.reg
2015-05-19 19:56 - 2013-11-21 19:47 - 00000000 ____D () C:\Users\Balou\Documents\lt_NetrixLoadHtml_1aca60cad1b54647ba7bf39d0eaddb17_ln_src
2015-05-19 19:56 - 2012-07-17 00:37 - 00000149 _____ () C:\Users\Balou\Documents\Backup Info.ini
2015-05-19 19:56 - 2012-07-16 17:13 - 00000001 _____ () C:\Users\Balou\Documents\allowtrip.dat
2015-05-19 19:56 - 2012-07-15 19:29 - 00082264 _____ () C:\Users\Balou\Documents\cbee.cbee
2015-05-19 19:56 - 2012-06-02 21:46 - 00000081 _____ () C:\Users\Balou\Documents\a93c85dc1f57a8d92045ae622ccfdb03.tmp.meta
2015-05-19 19:56 - 2012-03-01 13:59 - 00065510 _____ () C:\Users\Balou\Documents\Alexandroupolis neu.wlmp
2015-05-19 19:56 - 2012-02-18 03:58 - 00017956 _____ () C:\Users\Balou\Documents\2_Sachzuwendungen-§-10b-§-5-Abs-1-Nr-9.odt
2015-05-19 19:56 - 2012-02-02 02:25 - 00021097 _____ () C:\Users\Balou\Documents\Annette Feldmann.dotx
2015-05-19 19:56 - 2011-07-27 14:59 - 00000051 _____ () C:\Users\Balou\Documents\bootloaderversion.txt
2015-05-19 19:56 - 2011-06-26 15:21 - 681154498 _____ () C:\Users\Balou\Documents\cline.dat
2015-05-19 19:56 - 2011-06-26 15:21 - 00364998 _____ () C:\Users\Balou\Documents\Central_Europe-386.meta
2015-05-19 19:56 - 2011-06-16 14:23 - 00065152 _____ () C:\Users\Balou\Documents\Arbeitserlaubnis GR.tif
2015-05-19 19:56 - 2011-05-26 17:11 - 00640420 _____ () C:\Users\Balou\Documents\Certificate 120 according EU directive 78-1027 from 18.12.1978.rar
2015-05-19 19:56 - 2011-05-26 17:11 - 00606978 _____ () C:\Users\Balou\Documents\Certificate 121 for good repute according EU directive 78-1027 from 18.12.1978.rar
2015-05-19 19:56 - 2011-05-26 17:11 - 00606978 _____ () C:\Users\Balou\Documents\Certificate 121 for good repute according EU directive 78-1027 from 18.12.1978 (1).rar
2015-05-19 19:56 - 2011-05-26 17:11 - 00409825 _____ () C:\Users\Balou\Documents\Certificate Member of Bulgarian veterinary union BG.pdf.rar
2015-05-19 19:56 - 2011-05-26 17:11 - 00110412 _____ () C:\Users\Balou\Documents\Certificate veterinary practice registration (1).rar
2015-05-19 19:56 - 2011-05-26 17:10 - 00110412 _____ () C:\Users\Balou\Documents\Certificate veterinary practice registration.rar
2015-05-19 19:56 - 2010-03-08 18:19 - 18491899 _____ () C:\Users\Balou\Documents\Alex.Kastr.2.rar
2015-05-19 19:56 - 2009-09-18 21:53 - 00020060 _____ () C:\Users\Balou\Documents\cc_20090918_215319.reg
2015-05-19 19:56 - 2009-06-08 20:49 - 26102774 _____ () C:\Users\Balou\Documents\ArbzWolf_bearbeitet-1.psd
2015-05-19 19:56 - 2009-06-08 20:48 - 26102696 _____ () C:\Users\Balou\Documents\AbschlBeruf_bearbeitet-1.psd
2015-05-19 19:56 - 2009-06-01 20:26 - 00146954 _____ () C:\Users\Balou\Documents\cc_20090601_202608.reg
2015-05-19 19:56 - 2008-01-31 20:38 - 00188520 _____ () C:\Users\Balou\Documents\Besprechungsnotizen.one
2015-05-19 19:56 - 2008-01-31 20:31 - 00025392 _____ () C:\Users\Balou\Documents\Bücher, Filme und Musik.one
2015-05-19 19:56 - 2008-01-31 20:31 - 00025056 _____ () C:\Users\Balou\Documents\Aufgabe.one
2015-05-19 19:56 - 2008-01-27 13:14 - 05146248 _____ () C:\Users\Balou\Documents\Card Reader TI Driver 2.0.0.6q.zip
2015-05-19 19:56 - 2008-01-26 15:42 - 02110176 _____ () C:\Users\Balou\Documents\Chipset_Intel_8.2.0.1012.zip
2015-05-19 19:56 - 2008-01-26 15:01 - 06434146 _____ () C:\Users\Balou\Documents\Card Reader TI Ver.2.0.0.8.zip
2015-05-19 19:56 - 2007-03-23 18:32 - 00000082 _____ () C:\Users\Balou\Documents\._PkgInfo
2015-05-19 19:56 - 2007-03-23 18:32 - 00000082 _____ () C:\Users\Balou\Documents\._Info.plist
2015-05-19 19:56 - 2006-10-31 01:00 - 01660416 _____ () C:\Users\Balou\Documents\AccessMUI.msi
2015-05-19 19:56 - 2006-10-31 01:00 - 00685452 _____ () C:\Users\Balou\Documents\branding.xml
2015-05-19 19:56 - 2006-10-31 01:00 - 00054216 _____ () C:\Users\Balou\Documents\access12.opa
2015-05-19 19:56 - 2006-10-31 01:00 - 00001345 _____ () C:\Users\Balou\Documents\AccessMUI.xml
2015-05-19 19:52 - 2015-05-19 19:52 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Hewlett-Packard
2015-05-19 19:50 - 2015-05-19 19:50 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\ATI
2015-05-19 19:50 - 2015-05-19 19:50 - 00000000 ____D () C:\Users\Balou\AppData\Local\ATI
2015-05-19 19:50 - 2015-05-19 19:50 - 00000000 ____D () C:\Users\Balou\AppData\Local\AMD
2015-05-19 19:49 - 2015-05-31 17:56 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9986F82E-611B-4248-B13F-93ECEC82A8FA}
2015-05-19 19:49 - 2015-05-26 19:13 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Apple Computer
2015-05-19 19:49 - 2015-05-19 20:39 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Adobe
2015-05-19 19:49 - 2015-05-19 19:49 - 00109296 _____ () C:\Users\Balou\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 19:49 - 2015-05-19 19:49 - 00001381 _____ () C:\Users\Balou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-19 19:49 - 2015-05-19 19:49 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Synaptics
2015-05-19 19:49 - 2015-05-19 19:49 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\hpqLog
2015-05-19 19:49 - 2015-05-19 19:49 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Epson
2015-05-19 19:48 - 2015-05-28 21:18 - 00000000 ____D () C:\Users\Balou
2015-05-19 19:48 - 2015-05-19 20:42 - 00000000 ____D () C:\Users\Balou\AppData\Local\Google
2015-05-19 19:48 - 2015-05-19 19:48 - 00000020 ___SH () C:\Users\Balou\ntuser.ini
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Vorlagen
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Startmenü
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Netzwerkumgebung
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Lokale Einstellungen
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Eigene Dateien
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Druckumgebung
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Documents\Eigene Musik
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Documents\Eigene Bilder
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\AppData\Local\Verlauf
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\AppData\Local\Anwendungsdaten
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 _SHDL () C:\Users\Balou\Anwendungsdaten
2015-05-19 19:48 - 2015-05-19 19:48 - 00000000 ____D () C:\Users\Balou\AppData\Local\VirtualStore
2015-05-19 19:48 - 2013-09-02 20:32 - 00000000 ____D () C:\Users\Balou\AppData\Roaming\Macromedia
2015-05-19 19:48 - 2013-06-25 15:35 - 00000000 ____D () C:\Users\Balou\AppData\LocalGoogle
2015-05-19 19:48 - 2012-05-09 01:59 - 00000000 ____D () C:\Users\Balou\AppData\Local\Microsoft Help
2015-05-19 19:48 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Balou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-19 19:48 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Balou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-19 17:12 - 2015-06-01 11:25 - 00000000 ____D () C:\FRST
2015-05-19 12:00 - 2015-05-19 12:00 - 00003328 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-05-18 17:11 - 2015-05-18 17:11 - 00604014 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_002(1).jpeg
2015-05-18 17:11 - 2015-05-18 17:11 - 00335211 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_003(1).jpeg
2015-05-18 17:10 - 2015-05-18 17:10 - 00622256 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_001(1).jpeg
2015-05-18 17:10 - 2015-05-18 17:10 - 00616423 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15(1).jpeg
2015-05-17 18:46 - 2015-05-17 18:46 - 00604014 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_002.jpeg
2015-05-17 18:45 - 2015-05-17 18:45 - 00622256 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_001.jpeg
2015-05-17 18:45 - 2015-05-17 18:45 - 00616423 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15.jpeg
2015-05-17 18:45 - 2015-05-17 18:45 - 00335211 _____ () C:\Users\adriana\Downloads\Fragebogen Albeck 16.05.15_003.jpeg
2015-05-16 13:07 - 2015-04-30 17:50 - 23308160 _____ (TomTom International B.V.) C:\Users\adriana\Downloads\InstallMyDriveConnect_4_0_2_2123.exe
2015-05-15 23:41 - 2015-05-15 23:41 - 00014573 _____ () C:\Users\adriana\Downloads\Brief Xanthi
2015-05-15 14:43 - 2015-05-28 23:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 13:08 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:08 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:25 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 09:25 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 09:25 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 09:25 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 09:24 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 09:24 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 09:24 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 09:24 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 09:24 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 09:24 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 09:24 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 09:24 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 09:24 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 09:24 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 09:24 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 09:24 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 09:24 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 09:24 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 09:24 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 09:24 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 09:24 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 09:24 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 09:24 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 09:24 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 09:24 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 09:24 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 09:24 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 09:24 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 09:24 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 09:24 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 09:24 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 09:24 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 09:24 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 09:24 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 09:24 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 09:24 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 09:24 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 09:24 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 09:24 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 09:24 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 09:24 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 09:24 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 09:24 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 09:24 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 09:24 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 09:24 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 09:24 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 09:24 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 09:24 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 09:24 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 09:24 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 09:24 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 09:24 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 09:24 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 09:24 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 09:24 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 09:24 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 09:24 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 09:24 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 09:24 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 09:24 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 09:24 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 09:24 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 09:24 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 09:24 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 09:24 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 09:24 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 09:24 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 09:24 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 09:24 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 09:24 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 09:24 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 09:24 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 09:24 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 09:24 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 09:24 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 09:24 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 09:23 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 09:23 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 09:23 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 09:23 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 09:23 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 09:23 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 09:23 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 09:23 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 09:23 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 09:23 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 09:23 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 09:23 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 09:23 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 09:23 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 09:23 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 09:23 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 09:23 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 09:23 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 09:23 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 09:23 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 09:23 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 09:23 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 09:23 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 09:23 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 09:23 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 09:23 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 09:23 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 09:23 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 09:23 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 09:23 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 09:23 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 09:23 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 09:23 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 09:23 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 09:23 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 09:23 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 09:23 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 09:23 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 09:23 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 09:23 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 09:23 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 09:23 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 09:23 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 02:09 - 2015-05-13 02:10 - 16938649 _____ () C:\Users\adriana\Downloads\11.05.2015 004.mp4
2015-05-12 23:49 - 2015-05-12 23:49 - 02007044 _____ () C:\Users\adriana\Downloads\MOV00372.MP4
2015-05-09 22:37 - 2015-05-28 23:30 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-09 22:22 - 2015-05-29 00:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-09 19:09 - 2015-05-09 19:09 - 00038976 _____ () C:\Users\adriana\Documents\Selbstauskunft.odt
2015-05-08 17:22 - 2015-06-01 11:22 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForadriana.job
2015-05-08 17:22 - 2015-06-01 08:44 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForadriana
2015-05-07 13:43 - 2015-05-07 13:43 - 00039944 _____ () C:\Users\adriana\Downloads\Pira.Fragebogen Albeck.odt
2015-05-05 14:11 - 2015-05-05 14:11 - 00026624 _____ () C:\Users\adriana\Downloads\XANTHI.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 11:26 - 2012-08-22 12:32 - 00000000 ____D () C:\Users\adriana\AppData\Roaming\Skype
2015-06-01 11:24 - 2013-04-19 15:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 11:22 - 2013-11-10 19:24 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-06-01 11:22 - 2013-08-14 10:13 - 00155244 _____ () C:\Windows\setupact.log
2015-06-01 11:22 - 2012-09-08 18:36 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-06-01 11:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 09:06 - 2012-01-20 01:50 - 01471797 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 08:47 - 2013-04-19 15:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 08:47 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 08:47 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-31 20:16 - 2012-05-09 11:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 15:31 - 2013-09-03 10:46 - 01595662 _____ () C:\Windows\PFRO.log
2015-05-31 15:15 - 2012-05-07 18:07 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2F35951E-AA2B-48D6-AB7E-DAD60F473B9C}
2015-05-29 22:23 - 2012-05-09 11:07 - 00000000 ____D () C:\Users\adriana\AppData\Local\CrashDumps
2015-05-29 00:38 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-29 00:31 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-29 00:29 - 2009-07-14 04:34 - 95682560 _____ () C:\Windows\system32\config\software.bak
2015-05-29 00:29 - 2009-07-14 04:34 - 44302336 _____ () C:\Windows\system32\config\components.bak
2015-05-29 00:29 - 2009-07-14 04:34 - 20971520 _____ () C:\Windows\system32\config\system.bak
2015-05-29 00:29 - 2009-07-14 04:34 - 01048576 _____ () C:\Windows\system32\config\default.bak
2015-05-29 00:29 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-05-29 00:29 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-05-29 00:09 - 2013-11-23 20:48 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-28 23:57 - 2013-11-07 01:35 - 95078400 ___SH () C:\Users\adriana\Downloads\Thumbs.db
2015-05-28 23:56 - 2014-06-16 23:45 - 00000000 ____D () C:\Users\adriana\AppData\Local\Adobe
2015-05-28 23:46 - 2013-10-17 18:28 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-28 23:42 - 2015-01-22 22:57 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-28 23:42 - 2013-06-24 17:06 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-28 23:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-28 22:10 - 2014-05-22 23:03 - 00000000 ____D () C:\Program Files\ESET
2015-05-28 21:53 - 2015-02-08 14:51 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-27 21:47 - 2014-09-15 21:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-27 21:44 - 2014-08-23 15:49 - 00000000 ____D () C:\Users\adriana\AppData\Roaming\Dropbox
2015-05-27 21:39 - 2015-04-05 00:11 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-27 21:39 - 2015-02-08 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-27 21:39 - 2013-10-01 17:08 - 00000000 ____D () C:\Users\DefaultAppPool
2015-05-27 21:39 - 2012-05-08 01:27 - 00000000 ____D () C:\Users\adriana\Documents\Wir gehen auf die Reise nach Alexandroupolis
2015-05-27 21:39 - 2012-05-08 01:26 - 00000000 ____D () C:\Users\adriana\Documents\Neue Spenden heute
2015-05-27 21:39 - 2012-05-08 01:26 - 00000000 ____D () C:\Users\adriana\Documents\neue Pakete
2015-05-27 21:39 - 2012-05-07 17:04 - 00000000 ____D () C:\Users\adriana\AppData\Local\Hewlett-Packard
2015-05-27 21:39 - 2012-05-07 17:01 - 00000000 ____D () C:\Users\adriana
2015-05-27 21:38 - 2015-02-17 22:38 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-05-27 21:38 - 2015-01-06 13:43 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-05-27 21:38 - 2011-10-14 22:04 - 00000000 ____D () C:\Program Files (x86)\HP Games
2015-05-27 21:37 - 2013-07-24 11:23 - 00000000 ____D () C:\Windows\Minidump
2015-05-27 21:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-27 21:36 - 2012-05-08 19:33 - 00000000 ____D () C:\Users\adriana\AppData\Roaming\Mozilla
2015-05-27 21:35 - 2014-08-16 16:16 - 00000000 ____D () C:\Program Files (x86)\T-Mobile
2015-05-27 21:35 - 2012-05-07 18:16 - 00000000 __RHD () C:\MSOCache
2015-05-27 12:44 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-05-24 20:30 - 2012-01-20 01:56 - 01863344 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-24 20:30 - 2011-10-15 07:15 - 00800654 _____ () C:\Windows\system32\perfh007.dat
2015-05-24 20:30 - 2011-10-15 07:15 - 00184550 _____ () C:\Windows\system32\perfc007.dat
2015-05-24 20:30 - 2009-07-14 07:13 - 01863344 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-24 20:23 - 2015-04-05 00:11 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-22 14:34 - 2015-03-04 21:44 - 00000000 ____D () C:\EEK
2015-05-22 14:34 - 2012-08-03 18:37 - 00000000 ____D () C:\Program Files (x86)\o.tel.o
2015-05-22 14:34 - 2012-01-20 11:40 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-21 18:50 - 2007-01-02 03:25 - 00000000 ____D () C:\Windows\Panther
2015-05-19 19:54 - 2014-01-01 20:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-19 11:22 - 2015-02-17 22:38 - 00000000 ____D () C:\Users\adriana\AppData\Roaming\Wondershare
2015-05-19 11:22 - 2012-07-02 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-05-19 11:22 - 2012-05-09 11:04 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2015-05-19 11:22 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-19 11:21 - 2012-05-08 00:52 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-19 11:21 - 2011-10-14 22:13 - 00000000 ____D () C:\ProgramData\Skype
2015-05-15 19:42 - 2013-04-19 15:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 19:42 - 2013-04-19 15:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 16:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 15:06 - 2009-07-14 06:45 - 00409832 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 15:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 14:57 - 2013-03-14 14:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 13:28 - 2012-05-07 18:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 13:27 - 2013-08-15 19:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 13:14 - 2012-05-13 18:47 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 13:08 - 2013-03-14 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 13:07 - 2013-03-14 14:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 02:07 - 2013-09-02 20:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 17:41 - 2012-05-08 18:07 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-11 18:21 - 2013-02-15 00:01 - 00000000 ____D () C:\Users\adriana\AppData\Local\Deployment
2015-05-11 18:21 - 2012-05-12 20:03 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-05-11 18:07 - 2012-12-02 18:21 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForSOFIA$.job
2015-05-11 18:07 - 2012-09-26 14:59 - 00003212 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSOFIA$
2015-05-10 23:08 - 2012-05-16 17:44 - 00035218 ____H () C:\Users\adriana\Downloads\.picasa.ini
2015-05-10 17:38 - 2013-09-26 22:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-10 17:38 - 2013-09-26 22:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-10 17:38 - 2012-05-09 11:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-08 22:42 - 2013-05-17 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-06 16:51 - 2014-01-28 18:52 - 01945694 _____ () C:\Users\adriana\Downloads\kastrationen alex 2009 2.BMP

==================== Files in the root of some directories =======

2013-08-26 11:23 - 2011-09-12 11:55 - 0336047 _____ () C:\Program Files (x86)\Ivo Lupus Kroatien.jpg
2007-03-12 18:59 - 2007-03-12 18:59 - 0299008 _____ () C:\Program Files (x86)\navigram_register.exe
2012-09-09 15:27 - 2015-01-26 15:40 - 0006656 _____ () C:\Users\adriana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-06 23:40 - 2012-10-06 23:40 - 0000852 _____ () C:\Users\adriana\AppData\Local\recently-used.xbel
2013-11-20 18:16 - 2013-11-20 18:16 - 0000017 _____ () C:\Users\adriana\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\adriana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj8wvim.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 19:32

==================== End of log ============================
Hallo Schrauber, hier ist das neue FRST.
Danke und lg Sonnen

schrauber 01.06.2015 18:00
http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Sonnen 02.06.2015 13:17
Guten Morgen Schrauber, leider lässt sich Combo Fix nicht deinstallieren, egal was ich tue, er installiert sich mit der methode wieder ständig neu. Lg Sonnen

Combofix Logfile:
Code:
ComboFix 15-05-28.01 - adriana 01.06.2015  20:37:04.3.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.5609.3510 [GMT 2:00]
ausgeführt von:: c:\users\adriana\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: / Uninstall
AV: Emsisoft Anti-Malware *Enabled/Updated* {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
SP: Emsisoft Anti-Malware *Enabled/Updated* {9425001D-A331-13F4-34E6-D05C71B96A74}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-05-01 bis 2015-06-01  ))))))))))))))))))))))))))))))
.
.
2015-06-01 19:35 . 2015-06-01 19:35        --------        d-----w-        c:\users\DefaultAppPool\AppData\Local\temp
2015-06-01 19:35 . 2015-06-01 19:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-06-01 18:23 . 2015-06-01 18:23        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E056410-8C91-4C1E-9A47-B9E6F19ED109}\offreg.3188.dll
2015-05-30 16:38 . 2015-05-30 16:38        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E056410-8C91-4C1E-9A47-B9E6F19ED109}\offreg.3372.dll
2015-05-30 13:56 . 2015-03-23 22:17        135800        ----a-w-        c:\windows\system32\drivers\epp64.sys
2015-05-30 13:55 . 2015-06-01 19:33        --------        d-----w-        c:\program files (x86)\Emsisoft Anti-Malware
2015-05-29 20:23 . 2015-05-29 20:23        --------        d-----w-        C:\RegBackup
2015-05-29 20:11 . 2015-05-29 20:15        --------        d-----w-        C:\AdwCleaner
2015-05-29 19:27 . 2015-05-29 19:28        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-29 19:27 . 2015-04-14 07:37        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-05-29 19:27 . 2015-04-14 07:37        107736        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-05-29 19:27 . 2015-04-14 07:37        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-05-29 19:27 . 2015-05-29 19:27        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2015-05-29 08:03 . 2015-05-18 02:57        12214312        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E056410-8C91-4C1E-9A47-B9E6F19ED109}\mpengine.dll
2015-05-28 21:43 . 2015-05-28 21:43        --------        d-----w-        c:\program files (x86)\Common Files\Java
2015-05-28 19:25 . 2015-05-28 19:25        --------        d-----w-        c:\program files (x86)\VS Revo Group
2015-05-27 19:55 . 2015-05-27 19:55        --------        d-----w-        C:\fe204145e4178e7dbab4700645d0aa
2015-05-26 13:17 . 2015-05-27 06:33        --------        d-----w-        c:\program files (x86)\Security Task Manager
2015-05-21 22:30 . 2015-05-21 22:30        --------        d-----w-        c:\programdata\Emsisoft
2015-05-21 18:31 . 2015-05-22 12:31        --------        d-----w-        c:\programdata\Trend Micro
2015-05-21 18:31 . 2015-05-21 18:31        --------        d-----w-        c:\program files\Trend Micro
2015-05-21 18:09 . 2015-05-21 22:05        --------        d-----w-        c:\programdata\Trend Micro Installer
2015-05-19 17:48 . 2015-05-28 19:18        --------        d-----w-        c:\users\Balou
2015-05-19 15:12 . 2015-06-01 09:31        --------        d-----w-        C:\FRST
2015-05-13 11:08 . 2015-05-01 13:17        124112        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 11:08 . 2015-05-01 13:16        102608        ----a-w-        c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 07:25 . 2015-05-05 01:29        342016        ----a-w-        c:\windows\system32\schannel.dll
2015-05-13 07:25 . 2015-05-05 01:12        248832        ----a-w-        c:\windows\SysWow64\schannel.dll
2015-05-13 07:25 . 2015-04-18 03:10        460800        ----a-w-        c:\windows\system32\certcli.dll
2015-05-13 07:25 . 2015-04-18 02:56        342016        ----a-w-        c:\windows\SysWow64\certcli.dll
2015-05-13 07:23 . 2015-04-27 19:23        113664        ----a-w-        c:\windows\system32\sechost.dll
2015-05-09 20:22 . 2015-05-28 22:29        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-28 21:42 . 2015-01-22 20:57        97888        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-13 11:14 . 2012-05-13 16:47        140425016        ----a-w-        c:\windows\system32\MRT.exe
2015-05-10 15:38 . 2013-09-26 20:23        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-10 15:38 . 2013-09-26 20:23        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-27 19:04 . 2015-05-13 07:23        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-03-25 03:24 . 2015-04-15 10:24        98304        ----a-w-        c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 10:24        37376        ----a-w-        c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 10:24        35328        ----a-w-        c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 10:24        3298816        ----a-w-        c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 10:24        2553856        ----a-w-        c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 10:24        191488        ----a-w-        c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 10:24        696320        ----a-w-        c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 10:24        60416        ----a-w-        c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 10:24        12288        ----a-w-        c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 10:24        36864        ----a-w-        c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 10:24        135168        ----a-w-        c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 10:24        92672        ----a-w-        c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 10:24        566784        ----a-w-        c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 10:24        29696        ----a-w-        c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 10:24        173056        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 10:24        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 10:24        726528        ----a-w-        c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 10:24        769536        ----a-w-        c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 10:24        419840        ----a-w-        c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 10:24        957952        ----a-w-        c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 10:24        30720        ----a-w-        c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 10:24        192000        ----a-w-        c:\windows\system32\aepic.dll
2015-03-23 03:24 . 2015-04-15 10:24        227328        ----a-w-        c:\windows\system32\aepdu.dll
2015-03-23 03:17 . 2015-04-15 10:24        1111552        ----a-w-        c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 10:24        1882624        ----a-w-        c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 10:24        2048        ----a-w-        c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 10:24        1237504        ----a-w-        c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 10:24        2048        ----a-w-        c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 10:24        404480        ----a-w-        c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 10:24        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 10:18        367552        ----a-w-        c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 10:18        79360        ----a-w-        c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 07:23        103424        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:41 . 2015-05-13 07:23        309248        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:10 . 2015-04-15 10:18        58880        ----a-w-        c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 07:23        470528        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 07:23        2178560        ----a-w-        c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 07:23        2560        ----a-w-        c:\windows\apppatch\AcRes.dll
2007-03-12 16:59 . 2007-03-12 16:59        299008        ----a-w-        c:\program files (x86)\navigram_register.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        131480        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        131480        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        131480        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        131480        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        131480        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        131480        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        131480        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        131480        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google+ Auto Backup"="c:\users\adriana\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" [2014-01-06 3619096]
"MyDriveConnect.exe"="c:\program files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe" [2015-04-28 1905032]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-03-25 31682144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
c:\users\adriana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\adriana\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-3-29 36414752]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R1 SASDIFSV;SASDIFSV;c:\users\adriana\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS;c:\users\adriana\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\adriana\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS;c:\users\adriana\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
R3 cpuz134;cpuz134;c:\users\adriana\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\adriana\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbser.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$SERVEREXP2008;SQL Server-Agent (SERVEREXP2008);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 epp64;epp64;c:\windows\system32\DRIVERS\epp64.sys;c:\windows\SYSNATIVE\DRIVERS\epp64.sys [x]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MSSQL$SERVEREXP2008;SQL Server (SERVEREXP2008);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-28 19:50        986440        ----a-w-        c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-26 15:38]
.
2015-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19 13:51]
.
2015-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19 13:51]
.
2015-06-01 c:\windows\Tasks\HPCeeScheduleForadriana.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 02:43]
.
2015-06-01 c:\windows\Tasks\HPCeeScheduleForBalou.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 02:43]
.
2015-05-11 c:\windows\Tasks\HPCeeScheduleForSOFIA$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 02:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\adriana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-04-28 09:34        774984        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-04-28 09:34        774984        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-04-28 09:34        774984        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-04-28 09:34        774984        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-04-28 09:34        774984        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-04-28 09:34        774984        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\adriana\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\adriana\AppData\Roaming\Mozilla\Firefox\Profiles\egj2scfg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.griechischefellnasen.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Wondershare\Wondershare Helper Compact\1634887535\m Files (x86)*ProgramFiles(x86)=c:\program files (x86)*programw6432=c:\Program Files*PSModulePath=c:\windows\system32\WindowsPowerShell\v1.0\Modules\PUBLIC=c:\users\Public*SystemDrive=C:*SystemRoot=c:\windows*temp=c:\Users\adriana\AppData\Local\Temp*TMP=C]
"JoinUserExperience"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-06-01  22:54:23
ComboFix-quarantined-files.txt  2015-06-01 20:54
ComboFix2.txt  2015-05-28 22:38
.
Vor Suchlauf: 25 Verzeichnis(se), 557.183.209.472 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 556.727.758.848 Bytes frei
.
- - End Of File - - 9E6FBA9A13A2656DF177C7E66A2BE2B1
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

# DelFix v1.010 - Datei am 02/06/2015 um 00:57:30 erstellt
# Aktualisiert am 26/04/2015 von Xplode
# Benutzer : adriana - SOFIA
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\Qoobox
Gelöscht : C:\Combofix
Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\RegBackup
Gelöscht : C:\Users\adriana\Desktop\Addition.txt
Gelöscht : C:\Users\adriana\Desktop\Fixlog.txt
Gelöscht : C:\Users\adriana\Desktop\FRST.txt
Gelöscht : C:\Users\adriana\Desktop\FRST64.exe
Gelöscht : C:\Users\adriana\Downloads\Addition.txt
Gelöscht : C:\Users\adriana\Downloads\AdwCleaner_4.205.exe
Gelöscht : C:\Users\adriana\Downloads\ComboFix.exe
Gelöscht : C:\Users\adriana\Downloads\esetsmartinstaller_deu.exe
Gelöscht : C:\Users\adriana\Downloads\FRST.txt
Gelöscht : C:\Users\adriana\Downloads\JRT.exe
Gelöscht : C:\Users\adriana\Downloads\log-2014-07-13-16-09-27.txt
Gelöscht : C:\Users\adriana\Downloads\SecurityCheck(1).exe
Gelöscht : C:\Users\adriana\Downloads\SecurityCheck.exe
Gelöscht : C:\Windows\grep.exe
Gelöscht : C:\Windows\PEV.exe
Gelöscht : C:\Windows\NIRCMD.exe
Gelöscht : C:\Windows\MBR.exe
Gelöscht : C:\Windows\SED.exe
Gelöscht : C:\Windows\SWREG.exe
Gelöscht : C:\Windows\SWSC.exe
Gelöscht : C:\Windows\SWXCACLS.exe
Gelöscht : C:\Windows\Zip.exe
Gelöscht : HKCU\console_combofixbackup
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware
Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #659 [Geplanter Prüfpunkt | 06/01/2015 18:15:51]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########

Hallo Schrauber, die Spende ist schon auf dem Weg vorab. Also nachdem gestern das entfernen von ombofix nicht funktioniert hat, habe ich es mit Delfix entfernen können. ich habe dir alles hier gepostet. Falls ich noch etwas unternehmen muss, bitte gib mir hier Bescheid. Lg Sonnen und Danke für deine Unterstützung.

schrauber 03.06.2015 06:21
passt :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:46 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131