Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Teslacrypt v8 Infection, possible private Key


  • This topic is locked This topic is locked
6 replies to this topic

#1 eddyerpel

eddyerpel

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 03 December 2015 - 03:11 AM

Hello everybody,

 

some days ago a friend of mine got infected with some ransomware.

Unfortunately, I was not the first who checked the PC, somebody did some things before me...

 

About me: I'm a professional programmer, I use 90% C#, 10% C++...

 

 

 

THE PROBLEM

All private files (pictures, documents...) are encrypted.

The filename is: "originalName.originalEnding.vvv".

Scanning with "malwareBytes Anti Malware" only showed a registry startup entry, marked as "TeslaCrypt"-infection.

"Shadow-Explorer" can't recover the files as old shadow copies are deleted.

"Photo_rec" scanned the whole harddisc but only restored deleted files, none of the encrypted.

 

THE WAY TO THE SOLUTION

I tried to find a "key.dat" or a "storage.bin". 

I tried to look in "appdata/microsoft/crypto", but nothing from the time when the malware started.

But I found something:

Checking the system logs showed following timeline:

14:21:06 - Applicationpopup: 1.exe - Invalid pictureBild: C:\Users\Familie\AppData\Local\Temp\PROPSYS.dll ... (I think thats the moment when it started...)

17:55:02 - System reboot

 

Shadow explorer can restore only from 21:57:00, but in this shadow copy I found a file in

"appdata/microsoft/crypto/machine keys", timestamp 17:57:02

 

MY IDEA

I think, the malware started encrypting at 14:21:06 and deleted the shadow copies.

At 17:55:02 the user rebooted the system.

At 17:57:02, I think the malware created a new key for encryption, this key remained in shadow copy from 21:57:00.

The malware deleted the key after using, but did not delete the shadow copy again.

 

THE QUESTION

I'm not that fit in crypto programming, so my question to you:

Can the file I found help decrypting files?

 

FRST.TXT

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015

durchgeführt von Familie (Administrator) auf FAMILIENPC (03-12-2015 07:51:25)
Gestartet von C:\Users\Familie\Desktop
Geladene Profile: Familie &  (Verfügbare Profile: Familie & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
 
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
() C:\Users\Familie\AppData\Roaming\Hub Timer\hub.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
 
 
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [TaskTray] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [220704 2015-09-14] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\BROCKH~1.SCR [2572288 2006-05-10] (Brockhaus Duden Neue Medien GmbH)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\...\Run: [Polar Sync] => [X]
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-27] (Google Inc.)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\...\Run: [Polar FlowSync] => [X]
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\...\Run: [hgjuy78gfh] => C:\Users\Familie\AppData\Roaming\pkijm-a.exe
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\...\RunOnce: [Uninstall C:\Users\Familie\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Familie\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Polar Sync] => [X]
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-27] (Google Inc.)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Polar FlowSync] => [X]
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [hgjuy78gfh] => C:\Users\Familie\AppData\Roaming\pkijm-a.exe
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Familie\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Familie\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\BROCKH~1.SCR [2572288 2006-05-10] (Brockhaus Duden Neue Medien GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-01-09]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-11-27]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+ncd.html [2015-11-28] ()
Startup: C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+ncd.txt [2015-11-28] ()
Startup: C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+rbq.html [2015-11-28] ()
Startup: C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+rbq.txt [2015-11-28] ()
Startup: C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk [2012-11-01]
ShortcutTarget: Picture Motion Browser Medien-Prüfung.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
 
==================== Internet (Nicht auf der Ausnahmeliste) ====================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254 192.168.0.254 213.33.99.70
Tcpip\..\Interfaces\{15739730-D86A-4D63-93E2-B059CE68B6CD}: [DhcpNameServer] 192.168.0.254 192.168.0.254 213.33.99.70
Tcpip\..\Interfaces\{C5F12494-B5CF-4B67-90CA-F3FF67392BBA}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130932285026950209&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130932285027050209&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130932285027050209&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1333667730-964872253-1153639665-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130932285027050209&GUID=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1333667730-964872253-1153639665-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1333667730-964872253-1153639665-1000 -> {1A1CE7BD-6B41-460C-B6E2-7732AC7508CB} URL = hxxps://at.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1333667730-964872253-1153639665-1000 -> {50D396EC-AE27-4DB5-BA74-B95918925292} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1333667730-964872253-1153639665-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1333667730-964872253-1153639665-1000 -> {E0796F3C-CC37-4A5B-A51E-0AEAFB61C693} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {1A1CE7BD-6B41-460C-B6E2-7732AC7508CB} URL = hxxps://at.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {50D396EC-AE27-4DB5-BA74-B95918925292} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E0796F3C-CC37-4A5B-A51E-0AEAFB61C693} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-27] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-11-27] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-27] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Keine Datei
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-04-01] (Yahoo! Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-11-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-04-01] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1333667730-964872253-1153639665-1000 -> Kein Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  Keine Datei
Toolbar: HKU\S-1-5-21-1333667730-964872253-1153639665-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Kein Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  Keine Datei
Toolbar: HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-27] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_10_3_162.dll [2011-07-02] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> c:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1333667730-964872253-1153639665-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-05-22] ()
FF Plugin HKU\S-1-5-21-1333667730-964872253-1153639665-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-05-22] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP29EB91B9-0ED4-458C-9C1F-275A673B3D2D&SSPV=
CHR DefaultSearchURL: Default -> hxxp://dts.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Ask Search
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => Keine Datei
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => Keine Datei
CHR Profile: C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-28]
CHR Extension: (Google-Suche) - C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-28]
CHR Extension: (Avira SafeSearch) - C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2015-11-28]
CHR Extension: (Avira Browserschutz) - C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-11-28]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-30]
CHR Extension: (Yahoo Web) - C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2015-11-28]
CHR Extension: (Google Mail) - C:\Users\Familie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-28]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
R2 HubService; C:\Users\Familie\AppData\Roaming\Hub Timer\hub.exe [536576 2014-07-30] () [Datei ist nicht signiert]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [Datei ist nicht signiert]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-05-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-05-23] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] ()
S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2012-10-16] (Windows ® 2000 DDK provider) [Datei ist nicht signiert]
S2 wntpport; kein ImagePath
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)
 
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 
==================== Ein Monat: Erstellte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2015-12-03 07:51 - 2015-12-03 07:51 - 00034663 _____ C:\Users\Familie\Desktop\FRST.txt
2015-12-03 07:51 - 2015-12-03 07:51 - 00000000 ____D C:\FRST
2015-12-03 07:50 - 2015-12-03 07:48 - 02350080 _____ (Farbar) C:\Users\Familie\Desktop\FRST64.exe
2015-12-02 17:32 - 2015-12-02 17:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12d1efe2d6f1b.job
2015-12-02 16:08 - 2015-12-02 23:04 - 00000000 ____D C:\Users\Familie\AppData\Local\OfficeBSCache-MyComputer
2015-12-02 10:30 - 2015-12-02 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Encryption Package 2015
2015-12-02 10:30 - 2015-12-02 10:30 - 00000000 ____D C:\Program Files (x86)\AEP
2015-12-01 17:03 - 2015-12-01 17:03 - 00003172 _____ C:\Users\Familie\photorec.cfg
2015-12-01 16:41 - 2015-12-01 16:03 - 12444088 _____ C:\Users\Familie\Documents\testdisk-7.0.win.zip
2015-11-30 16:10 - 2015-11-30 16:15 - 00000000 ____D C:\Decrypt_test
2015-11-30 14:58 - 2015-11-30 14:58 - 00000000 ____D C:\Users\Familie\Desktop\exp
2015-11-30 11:22 - 2015-11-30 11:23 - 22908888 _____ (Malwarebytes ) C:\Users\Familie\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-30 11:09 - 2015-11-30 12:29 - 00000000 ____D C:\Windows\pss
2015-11-30 10:31 - 2015-11-30 10:31 - 00000000 ____D C:\Users\Familie\Documents\versuch
2015-11-29 22:46 - 2015-11-30 11:10 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-11-29 22:46 - 2015-11-29 23:06 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-11-29 22:46 - 2015-11-29 23:06 - 00001035 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-11-29 22:46 - 2015-11-29 22:46 - 00000000 ____D C:\Users\Familie\AppData\Roaming\TeamViewer
2015-11-29 22:39 - 2015-11-29 22:40 - 08202040 _____ (TeamViewer GmbH) C:\Users\Familie\Desktop\TeamViewer_Setup_de.exe
2015-11-29 21:58 - 2015-11-29 23:05 - 00380734 _____ C:\Windows\ntbtlog.txt
2015-11-29 21:47 - 2015-11-29 21:54 - 00002370 _____ C:\CoinVaultDecryptor.1.0.0.2_29.11.2015_21.47.46_log.txt
2015-11-29 21:27 - 2015-11-29 21:27 - 00001889 _____ C:\Users\Familie\Desktop\ShadowExplorer.lnk
2015-11-29 21:27 - 2015-11-29 21:27 - 00000000 ____D C:\Users\Familie\AppData\Roaming\www.shadowexplorer.com
2015-11-29 21:27 - 2015-11-29 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2015-11-29 21:27 - 2015-11-29 21:27 - 00000000 ____D C:\Program Files (x86)\ShadowExplorer
2015-11-29 20:54 - 2015-11-29 21:06 - 00002050 _____ C:\CoinVaultDecryptor.1.0.0.2_29.11.2015_20.54.50_log.txt
2015-11-29 20:54 - 2015-11-29 20:54 - 00002050 _____ C:\CoinVaultDecryptor.1.0.0.2_29.11.2015_20.54.10_log.txt
2015-11-29 20:53 - 2015-11-29 20:53 - 00000000 ____D C:\Users\Familie\Documents\CoinVaultDecryptor
2015-11-29 01:09 - 2015-11-28 15:55 - 00016894 _____ C:\Users\Familie\Desktop\ANGEL 2 COLOR CHART.JPG.vvv
2015-11-28 22:35 - 2015-11-28 22:35 - 00000000 ____D C:\Users\Familie\Documents\ransom_file_unlocker
2015-11-28 21:57 - 2015-12-01 12:53 - 00000000 ____D C:\Users\Familie\AppData\LocalLow\Adblock Plus for IE
2015-11-28 21:57 - 2015-11-28 21:57 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2015-11-28 20:18 - 2015-11-28 20:18 - 03452054 _____ C:\Users\Familie\Desktop\Howto_RESTORE_FILES.bmp
2015-11-28 20:18 - 2015-11-28 20:18 - 00006921 _____ C:\Users\Familie\Desktop\Howto_RESTORE_FILES.html
2015-11-28 20:18 - 2015-11-28 20:18 - 00002401 _____ C:\Users\Familie\Desktop\Howto_RESTORE_FILES.txt
2015-11-28 20:08 - 2015-11-28 20:18 - 00006921 _____ C:\Users\UpdatusUser.FamilienPC\how_recover+rbq.html
2015-11-28 20:08 - 2015-11-28 20:18 - 00006921 _____ C:\Users\UpdatusUser.FamilienPC\Downloads\how_recover+rbq.html
2015-11-28 20:08 - 2015-11-28 20:18 - 00006921 _____ C:\Users\UpdatusUser.FamilienPC\Documents\how_recover+rbq.html
2015-11-28 20:08 - 2015-11-28 20:18 - 00006921 _____ C:\Users\UpdatusUser.FamilienPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+rbq.html
2015-11-28 20:08 - 2015-11-28 20:18 - 00006921 _____ C:\Users\UpdatusUser.FamilienPC\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+rbq.html
2015-11-28 20:08 - 2015-11-28 20:18 - 00006921 _____ C:\Users\UpdatusUser.FamilienPC\AppData\Roaming\how_recover+rbq.html
2015-11-28 20:08 - 2015-11-28 20:18 - 00006921 _____ C:\Users\UpdatusUser.FamilienPC\AppData\LocalLow\how_recover+rbq.html
2015-11-28 20:08 - 2015-11-28 20:18 - 00006921 _____ C:\Users\UpdatusUser.FamilienPC\AppData\Local\how_recover+rbq.html
2015-11-28 20:08 - 2015-11-28 20:18 - 00006921 _____ C:\Users\UpdatusUser.FamilienPC\AppData\how_recover+rbq.html
2015-11-28 20:08 - 2015-11-28 20:18 - 00006921 _____ C:\Users\Public\how_recover+rbq.html
2015-11-28 20:08 - 2015-11-28 20:18 - 00006921 _____ C:\Users\Public\Downloads\how_recover+rbq.html
2015-11-28 20:08 - 2015-11-28 20:18 - 00006921 _____ C:\Users\Familie\how_recover+rbq.html
2015-11-28 20:08 - 2015-11-28 20:18 - 00002401 _____ C:\Users\UpdatusUser.FamilienPC\how_recover+rbq.txt
2015-11-28 20:08 - 2015-11-28 20:18 - 00002401 _____ C:\Users\UpdatusUser.FamilienPC\Downloads\how_recover+rbq.txt
2015-11-28 20:08 - 2015-11-28 20:18 - 00002401 _____ C:\Users\UpdatusUser.FamilienPC\Documents\how_recover+rbq.txt
2015-11-28 20:08 - 2015-11-28 20:18 - 00002401 _____ C:\Users\UpdatusUser.FamilienPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+rbq.txt
2015-11-28 20:08 - 2015-11-28 20:18 - 00002401 _____ C:\Users\UpdatusUser.FamilienPC\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+rbq.txt
2015-11-28 20:08 - 2015-11-28 20:18 - 00002401 _____ C:\Users\UpdatusUser.FamilienPC\AppData\Roaming\how_recover+rbq.txt
2015-11-28 20:08 - 2015-11-28 20:18 - 00002401 _____ C:\Users\UpdatusUser.FamilienPC\AppData\LocalLow\how_recover+rbq.txt
2015-11-28 20:08 - 2015-11-28 20:18 - 00002401 _____ C:\Users\UpdatusUser.FamilienPC\AppData\Local\how_recover+rbq.txt
2015-11-28 20:08 - 2015-11-28 20:18 - 00002401 _____ C:\Users\UpdatusUser.FamilienPC\AppData\how_recover+rbq.txt
2015-11-28 20:08 - 2015-11-28 20:18 - 00002401 _____ C:\Users\Public\how_recover+rbq.txt
2015-11-28 20:08 - 2015-11-28 20:18 - 00002401 _____ C:\Users\Public\Downloads\how_recover+rbq.txt
2015-11-28 20:08 - 2015-11-28 20:18 - 00002401 _____ C:\Users\Familie\how_recover+rbq.txt
2015-11-28 19:32 - 2015-11-28 20:16 - 00006921 _____ C:\Users\Familie\Downloads\how_recover+rbq.html
2015-11-28 19:32 - 2015-11-28 20:16 - 00002401 _____ C:\Users\Familie\Downloads\how_recover+rbq.txt
2015-11-28 19:32 - 2015-11-28 20:15 - 00006921 _____ C:\Users\Familie\AppData\how_recover+rbq.html
2015-11-28 19:32 - 2015-11-28 20:15 - 00002401 _____ C:\Users\Familie\AppData\how_recover+rbq.txt
2015-11-28 19:31 - 2015-11-28 20:13 - 00006921 _____ C:\Users\Familie\AppData\LocalLow\how_recover+rbq.html
2015-11-28 19:31 - 2015-11-28 20:13 - 00002401 _____ C:\Users\Familie\AppData\LocalLow\how_recover+rbq.txt
2015-11-28 19:26 - 2015-11-28 20:08 - 00006921 _____ C:\Users\Familie\AppData\Local\Apps\how_recover+rbq.html
2015-11-28 19:26 - 2015-11-28 20:08 - 00002401 _____ C:\Users\Familie\AppData\Local\Apps\how_recover+rbq.txt
2015-11-28 18:02 - 2015-11-28 20:15 - 00006921 _____ C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+rbq.html
2015-11-28 18:02 - 2015-11-28 20:15 - 00002401 _____ C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+rbq.txt
2015-11-28 18:01 - 2015-11-28 20:18 - 00006921 _____ C:\Users\Public\Documents\how_recover+rbq.html
2015-11-28 18:01 - 2015-11-28 20:18 - 00002401 _____ C:\Users\Public\Documents\how_recover+rbq.txt
2015-11-28 18:01 - 2015-11-28 20:16 - 00006921 _____ C:\Users\Familie\Documents\how_recover+rbq.html
2015-11-28 18:01 - 2015-11-28 20:16 - 00002401 _____ C:\Users\Familie\Documents\how_recover+rbq.txt
2015-11-28 18:01 - 2015-11-28 20:15 - 00006921 _____ C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+rbq.html
2015-11-28 18:01 - 2015-11-28 20:15 - 00006921 _____ C:\Users\Familie\AppData\Roaming\how_recover+rbq.html
2015-11-28 18:01 - 2015-11-28 20:15 - 00002401 _____ C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+rbq.txt
2015-11-28 18:01 - 2015-11-28 20:15 - 00002401 _____ C:\Users\Familie\AppData\Roaming\how_recover+rbq.txt
2015-11-28 18:01 - 2015-11-28 20:13 - 00006921 _____ C:\Users\Familie\AppData\Local\how_recover+rbq.html
2015-11-28 18:01 - 2015-11-28 20:13 - 00002401 _____ C:\Users\Familie\AppData\Local\how_recover+rbq.txt
2015-11-28 18:00 - 2015-11-28 19:26 - 00006921 _____ C:\ProgramData\how_recover+rbq.html
2015-11-28 18:00 - 2015-11-28 19:26 - 00002401 _____ C:\ProgramData\how_recover+rbq.txt
2015-11-28 17:56 - 2015-11-28 19:32 - 00000670 _____ C:\Users\Familie\Documents\recover_file_sblygqxvj.txt.vvv
2015-11-28 16:02 - 2015-11-28 16:02 - 00006921 _____ C:\Users\Familie\Downloads\how_recover+ncd.html
2015-11-28 16:02 - 2015-11-28 16:02 - 00002401 _____ C:\Users\Familie\Downloads\how_recover+ncd.txt
2015-11-28 15:41 - 2015-11-28 15:41 - 00006921 _____ C:\Users\Familie\AppData\how_recover+ncd.html
2015-11-28 15:41 - 2015-11-28 15:41 - 00002401 _____ C:\Users\Familie\AppData\how_recover+ncd.txt
2015-11-28 15:38 - 2015-11-28 15:38 - 00006921 _____ C:\Users\Familie\AppData\LocalLow\how_recover+ncd.html
2015-11-28 15:38 - 2015-11-28 15:38 - 00002401 _____ C:\Users\Familie\AppData\LocalLow\how_recover+ncd.txt
2015-11-28 15:13 - 2015-11-28 15:13 - 00006921 _____ C:\Users\Familie\AppData\Local\Apps\how_recover+ncd.html
2015-11-28 15:13 - 2015-11-28 15:13 - 00002401 _____ C:\Users\Familie\AppData\Local\Apps\how_recover+ncd.txt
2015-11-28 14:56 - 2015-11-28 15:41 - 00006921 _____ C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+ncd.html
2015-11-28 14:56 - 2015-11-28 15:41 - 00002401 _____ C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\how_recover+ncd.txt
2015-11-28 14:28 - 2015-11-28 16:02 - 00006921 _____ C:\Users\Familie\Documents\how_recover+ncd.html
2015-11-28 14:28 - 2015-11-28 16:02 - 00002401 _____ C:\Users\Familie\Documents\how_recover+ncd.txt
2015-11-28 14:27 - 2015-11-28 15:41 - 00006921 _____ C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+ncd.html
2015-11-28 14:27 - 2015-11-28 15:41 - 00002401 _____ C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\how_recover+ncd.txt
2015-11-28 14:22 - 2015-11-28 16:02 - 00006921 _____ C:\Users\Familie\AppData\Local\how_recover+ncd.html
2015-11-28 14:22 - 2015-11-28 16:02 - 00002401 _____ C:\Users\Familie\AppData\Local\how_recover+ncd.txt
2015-11-28 14:22 - 2015-11-28 15:41 - 00006921 _____ C:\Users\Familie\AppData\Roaming\how_recover+ncd.html
2015-11-28 14:22 - 2015-11-28 15:41 - 00002401 _____ C:\Users\Familie\AppData\Roaming\how_recover+ncd.txt
2015-11-28 14:22 - 2015-11-28 15:13 - 00006921 _____ C:\Users\Public\Documents\how_recover+ncd.html
2015-11-28 14:22 - 2015-11-28 15:13 - 00006921 _____ C:\ProgramData\how_recover+ncd.html
2015-11-28 14:22 - 2015-11-28 15:13 - 00002401 _____ C:\Users\Public\Documents\how_recover+ncd.txt
2015-11-28 14:22 - 2015-11-28 15:13 - 00002401 _____ C:\ProgramData\how_recover+ncd.txt
2015-11-28 14:21 - 2015-11-28 16:01 - 00000670 _____ C:\Users\Familie\Documents\recover_file_wrvgytsnw.txt.vvv
2015-11-27 16:47 - 2015-11-28 19:32 - 00000000 ____D C:\Users\Familie\Documents\OneNote-Notizbücher
2015-11-27 10:21 - 2015-11-28 19:33 - 00000000 ___RD C:\Users\Familie\OneDrive
2015-11-27 10:21 - 2015-11-28 18:01 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-11-27 10:21 - 2015-11-27 17:10 - 00002188 _____ C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-11-27 10:21 - 2015-11-27 10:21 - 00002124 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-11-27 10:21 - 2015-11-27 10:21 - 00002124 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-11-27 10:21 - 2015-11-27 10:21 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2015-11-27 10:00 - 2015-11-27 10:00 - 00002510 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-11-27 10:00 - 2015-11-27 10:00 - 00002506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-11-27 10:00 - 2015-11-27 10:00 - 00002485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-11-27 10:00 - 2015-11-27 10:00 - 00002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-11-27 10:00 - 2015-11-27 10:00 - 00002427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-11-27 10:00 - 2015-11-27 10:00 - 00002424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-11-27 10:00 - 2015-11-27 10:00 - 00002396 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-11-27 10:00 - 2015-11-27 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2015-11-27 09:52 - 2015-11-28 18:01 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-27 09:45 - 2015-11-27 09:45 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-25 08:59 - 2015-11-25 08:59 - 00002190 _____ C:\Users\Public\Desktop\Silhouette Studio.lnk
2015-11-25 08:59 - 2015-11-25 08:59 - 00000000 ____D C:\Program Files (x86)\Silhouette America
2015-11-25 08:58 - 2015-11-25 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silhouette Studio
2015-11-19 17:05 - 2015-11-19 17:05 - 00002665 _____ C:\Users\Public\Desktop\Microsoft Word 2010.lnk
2015-11-16 07:28 - 2015-11-16 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-16 07:28 - 2015-11-16 07:28 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-12 09:47 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 12:39 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 12:39 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 12:39 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 12:39 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 12:39 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 12:39 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 12:39 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 12:39 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 12:39 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 12:39 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 12:39 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 12:39 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 12:39 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 12:39 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 12:39 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 12:39 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 12:38 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 12:38 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 12:38 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 12:38 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 12:38 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 12:38 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 12:38 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 12:38 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 12:38 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 12:38 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 12:38 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 12:38 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 12:38 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 12:38 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 12:38 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 12:38 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 12:38 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 12:38 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 12:38 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 12:38 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 12:38 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 12:38 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 12:38 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 12:38 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 12:38 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 12:38 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 12:38 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 12:38 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 12:38 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 12:38 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 12:38 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 12:38 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 12:38 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 12:38 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 12:38 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 12:38 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 12:38 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 12:38 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 12:38 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 12:38 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 12:38 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 12:38 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 12:38 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 12:38 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 12:38 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 12:38 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 12:38 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 12:38 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 12:38 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 12:38 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 12:38 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 12:38 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 12:38 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 12:38 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 12:38 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 12:38 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 12:38 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 12:38 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 12:38 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 12:38 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 12:38 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 12:38 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 12:38 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 12:38 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 12:36 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 12:36 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 12:36 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 12:36 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 12:36 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 12:36 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 12:36 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 12:36 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 12:36 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 12:36 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 12:36 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 12:36 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 12:36 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 12:36 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 12:36 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 12:36 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 12:36 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 12:36 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 12:36 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 12:36 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 12:36 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 12:36 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 12:36 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 12:36 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 12:36 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 12:36 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 12:36 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 12:36 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 12:36 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 12:36 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 12:36 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 12:36 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 12:36 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 12:36 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 12:36 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 12:36 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 12:36 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 12:36 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 12:36 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 12:36 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 12:36 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 12:36 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 12:36 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 12:36 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 12:36 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 12:36 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 12:36 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 12:35 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 12:35 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 12:35 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 12:35 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 12:35 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 12:35 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 12:35 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 12:35 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 12:35 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 12:35 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 12:35 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 12:35 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 12:35 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-04 08:55 - 2015-11-28 19:26 - 00000000 ____D C:\Users\Familie\AppData\Local\Apple Inc
2015-11-04 08:36 - 2015-11-04 08:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-11-04 08:34 - 2015-11-04 08:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-04 07:12 - 2015-11-28 15:41 - 00095918 _____ C:\Users\Familie\Documents\FormularEntschuldigung.pdf.vvv
 
==================== Ein Monat: Geänderte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2015-12-03 07:51 - 2012-08-17 06:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-03 07:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-03 07:31 - 2011-07-27 19:15 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-03 06:09 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-03 06:09 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-02 22:58 - 2011-07-03 19:49 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{592897A3-C159-459E-887B-18E826516366}
2015-12-02 17:32 - 2011-07-27 19:15 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-01 18:29 - 2010-05-12 09:18 - 00702980 _____ C:\Windows\system32\perfh007.dat
2015-12-01 18:29 - 2010-05-12 09:18 - 00150620 _____ C:\Windows\system32\perfc007.dat
2015-12-01 18:29 - 2009-07-14 06:13 - 01629508 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-01 18:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-01 17:03 - 2011-07-01 13:20 - 00000000 ____D C:\Users\Familie
2015-12-01 16:52 - 2014-04-05 09:59 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-01 16:42 - 2015-02-28 13:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-01 11:05 - 2012-11-03 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-01 11:04 - 2013-05-07 12:25 - 00075472 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-12-01 11:04 - 2013-03-25 14:21 - 00162072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-12-01 11:04 - 2013-03-25 14:21 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-11-30 14:53 - 2011-07-01 16:19 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-30 14:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-30 11:24 - 2015-02-28 13:14 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-30 11:24 - 2015-02-28 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-30 11:24 - 2015-02-28 13:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-30 08:54 - 2011-07-01 18:12 - 00115776 _____ C:\Users\Familie\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-30 08:52 - 2009-07-14 05:45 - 00451992 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-29 23:02 - 2014-11-13 21:16 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-29 23:02 - 2014-10-22 15:08 - 00000000 ____D C:\Users\Familie\AppData\Roaming\com.aspexsoftware.Silhouette_Studio
2015-11-29 22:02 - 2011-07-14 17:33 - 00000000 ____D C:\Users\Familie\AppData\Local\ElevatedDiagnostics
2015-11-29 11:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-29 01:22 - 2013-09-21 19:19 - 00000000 ____D C:\Users\Familie\AppData\Local\DEAE5509-7AE6-4CE0-A068-CBB9CFBA587B.aplzod
2015-11-29 01:22 - 2012-11-07 18:11 - 00000000 ____D C:\Users\Familie\Documents\Outlook-Dateien
2015-11-28 22:48 - 2014-04-16 20:01 - 00001607 _____ C:\Users\Familie\Desktop\Eigene Bilder - Verknüpfung.lnk
2015-11-28 22:01 - 2013-06-07 09:34 - 00000494 _____ C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2015-11-28 20:08 - 2013-01-09 14:43 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2015-11-28 20:08 - 2011-10-21 17:04 - 00000000 ____D C:\Users\Public\Polar ProTrainer
2015-11-28 20:08 - 2011-07-18 08:23 - 00000000 ____D C:\Users\Public\CyberLink
2015-11-28 20:08 - 2011-07-01 17:08 - 00000000 ____D C:\Users\UpdatusUser.FamilienPC\AppData\Roaming\Media Center Programs
2015-11-28 20:08 - 2011-07-01 17:08 - 00000000 ____D C:\Users\UpdatusUser.FamilienPC
2015-11-28 20:08 - 2009-07-14 08:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-28 20:08 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-28 19:32 - 2015-08-28 22:10 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Sun
2015-11-28 19:32 - 2015-05-23 13:54 - 00000000 ____D C:\Users\Familie\Documents\Anno 1404
2015-11-28 19:32 - 2015-05-23 11:48 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Ubisoft
2015-11-28 19:32 - 2015-05-22 17:14 - 00000000 ____D C:\Users\Familie\Documents\Settlers7
2015-11-28 19:32 - 2015-01-09 15:17 - 00000000 ____D C:\Users\Familie\AppData\Roaming\inkscape
2015-11-28 19:32 - 2014-11-21 17:09 - 00000000 ____D C:\Users\Familie\AppData\Roaming\java
2015-11-28 19:32 - 2014-11-19 20:27 - 00000000 ____D C:\Users\Familie\AppData\Roaming\hps-install
2015-11-28 19:32 - 2014-11-13 21:16 - 00000000 ____D C:\Users\Familie\AppData\Roaming\com.aspexsoftware.studio_helper
2015-11-28 19:32 - 2014-11-13 21:15 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Silhouette America
2015-11-28 19:32 - 2014-10-22 15:03 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Aspex Research & Technology
2015-11-28 19:32 - 2014-10-15 15:20 - 00000000 ____D C:\Users\Familie\Documents\oebv
2015-11-28 19:32 - 2014-09-10 15:23 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Google
2015-11-28 19:32 - 2014-09-07 14:46 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Hub Timer
2015-11-28 19:32 - 2014-08-26 19:49 - 00000000 ____D C:\Users\Familie\Documents\PE-DESIGN NEXT
2015-11-28 19:32 - 2014-04-05 13:14 - 00000000 ____D C:\Users\Familie\Documents\My Games
2015-11-28 19:32 - 2014-04-05 11:11 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-28 19:32 - 2014-03-04 22:39 - 00000000 ____D C:\Users\Familie\Documents\AdobeStockPhotos
2015-11-28 19:32 - 2014-02-22 12:46 - 00000000 ____D C:\Users\Familie\AppData\Roaming\NVIDIA
2015-11-28 19:32 - 2014-02-07 09:59 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Opera
2015-11-28 19:32 - 2013-11-09 15:23 - 00000000 ____D C:\Users\Familie\Documents\Pia - Kopie
2015-11-28 19:32 - 2013-11-09 15:21 - 00000000 ____D C:\Users\Familie\Documents\PIPIdesign
2015-11-28 19:32 - 2013-10-06 19:10 - 00000000 ____D C:\Users\Familie\AppData\Roaming\RavensburgerTipToi
2015-11-28 19:32 - 2013-10-06 19:07 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
2015-11-28 19:32 - 2013-08-15 22:24 - 00000000 ____D C:\Users\Familie\AppData\Roaming\IsolatedStorage
2015-11-28 19:32 - 2013-08-15 21:52 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Solvusoft
2015-11-28 19:32 - 2013-06-09 16:27 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Dropbox
2015-11-28 19:32 - 2013-06-07 09:29 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Yahoo!
2015-11-28 19:32 - 2013-06-02 16:48 - 00000000 ____D C:\Users\Familie\Documents\Sony
2015-11-28 19:32 - 2013-03-28 11:11 - 00000000 ____D C:\Users\Familie\Documents\Maximilian
2015-11-28 19:32 - 2013-03-11 22:13 - 00000000 ____D C:\Users\Familie\AppData\Roaming\TuneUp Software
2015-11-28 19:32 - 2013-01-16 13:17 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flug-Model-Simulator
2015-11-28 19:32 - 2013-01-09 14:52 - 00000000 ____D C:\Users\Familie\Documents\Updater
2015-11-28 19:32 - 2013-01-04 09:48 - 00000000 ___RD C:\Users\Familie\Documents\Scanned Documents
2015-11-28 19:32 - 2013-01-04 09:48 - 00000000 ____D C:\Users\Familie\Documents\Fax
2015-11-28 19:32 - 2012-11-03 15:17 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Avira
2015-11-28 19:32 - 2011-12-29 10:56 - 00000000 ____D C:\Users\Familie\Documents\Franziskus
2015-11-28 19:32 - 2011-12-01 16:51 - 00000000 ____D C:\Users\Familie\Documents\Attachments_2011_12_1
2015-11-28 19:32 - 2011-11-04 16:28 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Garmin
2015-11-28 19:32 - 2011-10-29 18:04 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Apple Computer
2015-11-28 19:32 - 2011-08-17 16:00 - 00000000 ____D C:\Users\Familie\BMM
2015-11-28 19:32 - 2011-08-15 16:06 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brockhaus Themenwissen
2015-11-28 19:32 - 2011-07-29 16:33 - 00000000 ____D C:\Users\Familie\Documents\Picture Motion Browser
2015-11-28 19:32 - 2011-07-29 16:33 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Sony Corporation
2015-11-28 19:32 - 2011-07-29 16:25 - 00000000 ____D C:\Users\Familie\AppData\Roaming\InstallShield
2015-11-28 19:32 - 2011-07-25 09:00 - 00000000 ____D C:\Users\Familie\Documents\Umbau
2015-11-28 19:32 - 2011-07-18 08:23 - 00000000 ____D C:\Users\Familie\AppData\Roaming\CyberLink
2015-11-28 19:32 - 2011-07-14 17:46 - 00000000 ____D C:\Users\Familie\Documents\DriverDoc
2015-11-28 19:32 - 2011-07-12 20:13 - 00000000 ____D C:\Users\Familie\Documents\Georg
2015-11-28 19:32 - 2011-07-12 20:12 - 00000000 ____D C:\Users\Familie\Documents\Pia
2015-11-28 19:32 - 2011-07-12 20:12 - 00000000 ____D C:\Users\Familie\Documents\Gemeinsame Dokumente
2015-11-28 19:32 - 2011-07-12 20:12 - 00000000 ____D C:\Users\Familie\Documents\E-Mails
2015-11-28 19:32 - 2011-07-01 19:41 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Windows Live Writer
2015-11-28 19:32 - 2011-07-01 17:03 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Macromedia
2015-11-28 19:32 - 2011-07-01 13:20 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Media Center Programs
2015-11-28 19:31 - 2015-04-07 11:52 - 00000000 ____D C:\Users\Familie\AppData\Roaming\.technic
2015-11-28 19:31 - 2014-11-11 20:08 - 00000000 ____D C:\Users\Familie\AppData\LocalLow\Oracle
2015-11-28 19:31 - 2014-10-15 15:20 - 00000000 __SHD C:\Users\Familie\AppData\Roaming\.#
2015-11-28 19:31 - 2014-09-07 14:46 - 00000000 ____D C:\Users\Familie\AppData\LocalLow\Internet Explorer BHO
2015-11-28 19:31 - 2014-02-22 12:23 - 00000000 ____D C:\Users\Familie\AppData\Roaming\.minecraft
2015-11-28 19:31 - 2014-02-22 12:20 - 00000000 ____D C:\Users\Familie\AppData\LocalLow\IAC
2015-11-28 19:31 - 2013-06-07 09:29 - 00000000 ____D C:\Users\Familie\AppData\LocalLow\Yahoo! Companion
2015-11-28 19:31 - 2013-06-07 09:29 - 00000000 ____D C:\Users\Familie\AppData\LocalLow\Yahoo!
2015-11-28 19:31 - 2012-10-07 11:59 - 00000000 ____D C:\Users\Familie\AppData\LocalLow\Google
2015-11-28 19:31 - 2011-07-01 17:03 - 00000000 ____D C:\Users\Familie\AppData\Roaming\Adobe
2015-11-28 19:31 - 2011-07-01 16:55 - 00000000 ____D C:\Users\Familie\AppData\LocalLow\Sun
2015-11-28 19:30 - 2015-08-28 22:13 - 00000000 ____D C:\Users\Familie\AppData\Local\YSearchUtil
2015-11-28 19:30 - 2015-08-19 16:41 - 00000000 ____D C:\Users\Familie\AppData\Local\{8F2A4A0E-4F46-4738-B94C-A27AC2F81066}
2015-11-28 19:30 - 2015-05-20 11:56 - 00000000 ____D C:\Users\Familie\AppData\Local\{79BCB554-BE2B-4712-BB17-F75A8F42F4FB}
2015-11-28 19:30 - 2015-04-09 12:55 - 00000000 ____D C:\Users\Familie\AppData\Local\{D046E930-DB5B-4153-80C1-4CE2CF5FE0EA}
2015-11-28 19:30 - 2015-02-28 13:18 - 00000000 ____D C:\Users\Familie\AppData\Local\{802961E3-1A12-4F8B-BC27-8B7B4EA8868A}
2015-11-28 19:30 - 2015-02-05 15:28 - 00000000 ____D C:\Users\Familie\AppData\Local\{89996ACC-FA9E-4CC0-8D8E-5FD9118BA3DD}
2015-11-28 19:30 - 2015-01-26 09:27 - 00000000 ____D C:\Users\Familie\AppData\Local\{70EA4BA9-BEDD-456D-9B76-8A5885949B32}
2015-11-28 19:30 - 2015-01-21 17:02 - 00000000 ____D C:\Users\Familie\AppData\Local\{47C9FB43-937D-4C49-B1BB-9EF9BC3FC518}
2015-11-28 19:30 - 2015-01-15 16:24 - 00000000 ____D C:\Users\Familie\AppData\Local\{199AF73A-DE66-4871-AA1B-E4A26088EEB4}
2015-11-28 19:30 - 2014-12-30 10:21 - 00000000 ____D C:\Users\Familie\AppData\Local\{D38750FB-0C4D-4554-A1A0-4095D1C0FE28}
2015-11-28 19:30 - 2014-12-13 20:02 - 00000000 ____D C:\Users\Familie\AppData\Local\{819DF644-83BB-4BFD-A924-393E133913BB}
2015-11-28 19:30 - 2014-11-12 17:40 - 00000000 __SHD C:\Users\Familie\AppData\LocalLow\EmieBrowserModeList
2015-11-28 19:30 - 2014-11-12 09:04 - 00000000 ____D C:\Users\Familie\AppData\Local\{A7A29F18-77CF-4354-89C0-A4B12ABB4A8E}
2015-11-28 19:30 - 2014-11-10 19:21 - 00000000 ____D C:\Users\Familie\AppData\Local\{B49164C3-3E93-438B-A7A8-F72673B9C088}
2015-11-28 19:30 - 2014-10-29 15:38 - 00000000 ____D C:\Users\Familie\AppData\Local\{F939BF27-0D4E-4BC4-88D8-AB1E4A3F28BB}
2015-11-28 19:30 - 2014-10-02 14:18 - 00000000 ____D C:\Users\Familie\AppData\Local\{D1D0A465-E203-4932-9298-CFAAE632D5F0}
2015-11-28 19:30 - 2014-09-27 18:43 - 00000000 ____D C:\Users\Familie\AppData\Local\{F8429F71-1A8C-460E-BD38-8EC9F82004A3}
2015-11-28 19:30 - 2014-08-23 07:11 - 00000000 ____D C:\Users\Familie\AppData\Local\{96766EE4-0457-42DF-9A84-FD3033F10ACA}
2015-11-28 19:30 - 2014-08-13 11:17 - 00000000 ____D C:\Users\Familie\AppData\Local\{5E50C96D-F402-4B11-8967-EC47BB77A93A}
2015-11-28 19:30 - 2014-06-10 10:47 - 00000000 ____D C:\Users\Familie\AppData\Local\{2673E3FB-E033-4FF3-A112-4F9A7E126B50}
2015-11-28 19:30 - 2014-05-20 19:48 - 00000000 ____D C:\Users\Familie\AppData\Local\{6F2AE858-796E-49DF-B4AB-8E4D4C337DC7}
2015-11-28 19:30 - 2014-05-03 16:11 - 00000000 ____D C:\Users\Familie\AppData\Local\{7D872D24-64DE-476D-A23A-7E2D72F87752}
2015-11-28 19:30 - 2014-04-29 12:29 - 00000000 __SHD C:\Users\Familie\AppData\LocalLow\EmieUserList
2015-11-28 19:30 - 2014-04-29 12:22 - 00000000 __SHD C:\Users\Familie\AppData\LocalLow\EmieSiteList
2015-11-28 19:30 - 2014-04-18 09:30 - 00000000 ____D C:\Users\Familie\AppData\Local\{C15D0899-1870-4A6C-86C0-455DFA442268}
2015-11-28 19:30 - 2014-03-04 22:33 - 00000000 ____D C:\Users\Familie\AppData\Local\{6C765760-7424-4844-9D50-4BF8CB5E8EE8}
2015-11-28 19:30 - 2014-02-24 18:40 - 00000000 ____D C:\Users\Familie\AppData\Local\{DF9AF7EC-FF72-4938-9E10-78207DF5CB2B}
2015-11-28 19:30 - 2014-02-23 18:13 - 00000000 ____D C:\Users\Familie\AppData\Local\{D5DA3FD0-26AB-429C-A2F8-9E07E9B32350}
2015-11-28 19:30 - 2014-02-22 14:05 - 00000000 ____D C:\Users\Familie\AppData\Local\{05AEA8C6-E28A-45C8-9CB6-B857D61C2207}
2015-11-28 19:30 - 2014-01-06 10:52 - 00000000 ____D C:\Users\Familie\AppData\Local\{D7054E2E-79C8-440E-B7E4-B25E450676D5}
2015-11-28 19:30 - 2013-12-30 16:01 - 00000000 ____D C:\Users\Familie\AppData\Local\{9C457343-1DB6-4200-94FF-6DA6E0197A0A}
2015-11-28 19:30 - 2013-12-22 15:41 - 00000000 ____D C:\Users\Familie\AppData\Local\{876D04CF-F151-434D-B597-A7A123643F06}
2015-11-28 19:30 - 2013-12-05 17:47 - 00000000 ____D C:\Users\Familie\AppData\Local\{9935D6BA-420B-48AE-8E67-ABEFCCBAB734}
2015-11-28 19:30 - 2013-11-26 19:16 - 00000000 ____D C:\Users\Familie\AppData\Local\{B7741DE1-4E40-47F1-926D-67E43DFC0055}
2015-11-28 19:30 - 2013-11-18 17:47 - 00000000 ____D C:\Users\Familie\AppData\Local\{CA03464E-241B-40D2-9EE3-7A7733D1D868}
2015-11-28 19:30 - 2013-11-11 17:03 - 00000000 ____D C:\Users\Familie\AppData\Local\{DD5D8737-580D-4C4B-BD6B-1A474D5C8495}
2015-11-28 19:30 - 2013-09-28 13:39 - 00000000 ____D C:\Users\Familie\AppData\Local\{399CE5E7-1E70-4FC9-9A58-128ACBCF6F3C}
2015-11-28 19:30 - 2013-09-17 13:04 - 00000000 ____D C:\Users\Familie\AppData\Local\{E1665F19-6384-48E9-BED3-498AC562F315}
2015-11-28 19:30 - 2013-09-16 20:02 - 00000000 ____D C:\Users\Familie\AppData\Local\{B3140F47-9C8D-4F60-88F2-D1B8DBAB8BCE}
2015-11-28 19:30 - 2013-08-16 19:13 - 00000000 ____D C:\Users\Familie\AppData\Local\{A635E478-EC89-43FE-B2DC-983DF8994A4A}
2015-11-28 19:30 - 2013-07-27 12:53 - 00000000 ____D C:\Users\Familie\AppData\Local\{54E57509-83F9-48FF-B8B3-3316CED79EBD}
2015-11-28 19:30 - 2013-05-11 14:43 - 00000000 ____D C:\Users\Familie\AppData\Local\{A6DB7BFB-776B-4505-9F8B-480DB06290A2}
2015-11-28 19:30 - 2013-04-15 10:50 - 00000000 ____D C:\Users\Familie\AppData\Local\{871C090B-3D53-4BF4-A4D3-FD84D812A0EA}
2015-11-28 19:30 - 2013-04-05 09:18 - 00000000 ____D C:\Users\Familie\AppData\Local\{7C6E3C9B-3D0B-4439-B4FA-B89D84EDA182}
2015-11-28 19:30 - 2013-03-22 01:00 - 00000000 ____D C:\Users\Familie\AppData\Local\{51109BE8-AD40-427C-B687-AA0E29297F80}
2015-11-28 19:30 - 2013-03-06 12:59 - 00000000 ____D C:\Users\Familie\AppData\Local\{BE0E4F3F-1A46-41E6-9F0D-F69609F39F4F}
2015-11-28 19:30 - 2013-03-04 19:55 - 00000000 ____D C:\Users\Familie\AppData\Local\{4A87F02E-6A88-4724-A948-9C9C2B97188A}
2015-11-28 19:30 - 2013-02-24 15:13 - 00000000 ____D C:\Users\Familie\AppData\Local\{71B3F230-7AFC-4263-99EE-CD95D9D81DCB}
2015-11-28 19:30 - 2013-02-17 16:03 - 00000000 ____D C:\Users\Familie\AppData\Local\{24F98DE9-7D90-4E99-861F-BFE5E9CA7F42}
2015-11-28 19:30 - 2013-02-15 10:21 - 00000000 ____D C:\Users\Familie\AppData\Local\{CD5C62CA-75D3-4A18-A4F8-F3C31CE886FF}
2015-11-28 19:30 - 2012-12-02 09:19 - 00000000 ____D C:\Users\Familie\AppData\Local\{8944B99A-A9BC-4BB3-A27B-0D776046A1E6}
2015-11-28 19:30 - 2012-11-03 15:14 - 00000000 ____D C:\Users\Familie\AppData\LocalLow\CallingID
2015-11-28 19:30 - 2012-11-02 12:08 - 00000000 ____D C:\Users\Familie\AppData\Local\{849F8C44-FFCD-49B8-BD6A-D0F2B4CE3787}
2015-11-28 19:30 - 2012-11-01 11:39 - 00000000 ____D C:\Users\Familie\AppData\Local\{9A083724-EA14-4580-9B48-0F27B098A2BA}
2015-11-28 19:30 - 2012-10-16 19:04 - 00000000 ____D C:\Users\Familie\AppData\Local\{6CF91CC9-957E-4E2B-AE52-48D82CD9A29B}
2015-11-28 19:30 - 2012-10-12 13:32 - 00000000 ____D C:\Users\Familie\AppData\Local\{C3F05391-8CFF-454A-B3FE-5BA9E07643B0}
2015-11-28 19:30 - 2012-09-05 14:20 - 00000000 ____D C:\Users\Familie\AppData\Local\{515E7A98-4D17-4E13-8A5A-DA8EB431B0A1}
2015-11-28 19:30 - 2012-08-28 07:52 - 00000000 ____D C:\Users\Familie\AppData\Local\{AC83B1E8-5468-42C7-9D23-5BB8D3193114}
2015-11-28 19:30 - 2012-08-17 07:03 - 00000000 ____D C:\Users\Familie\AppData\Local\{AD3CDE0E-5C62-4187-B61E-BC67B790A5FB}
2015-11-28 19:30 - 2012-08-17 07:02 - 00000000 ____D C:\Users\Familie\AppData\Local\{3D5AD656-5771-4018-A380-22C490E9F137}
2015-11-28 19:30 - 2012-06-09 09:44 - 00000000 ____D C:\Users\Familie\AppData\Local\{F448992C-9CC2-492E-B817-740F00088A62}
2015-11-28 19:30 - 2012-06-09 09:42 - 00000000 ____D C:\Users\Familie\AppData\Local\{40C67421-5D80-497E-B64A-E478CCFCC47C}
2015-11-28 19:30 - 2012-06-09 09:17 - 00000000 ____D C:\Users\Familie\AppData\Local\{0016A9BA-D965-41E6-933C-330176D55A3C}
2015-11-28 19:30 - 2012-06-08 15:37 - 00000000 ____D C:\Users\Familie\AppData\Local\{02C9F754-6CF5-4484-A8D7-F5EDF197AEF2}
2015-11-28 19:30 - 2012-06-08 11:20 - 00000000 ____D C:\Users\Familie\AppData\Local\{8B04BA94-5E0C-4115-9962-1B566F26A1F0}
2015-11-28 19:30 - 2012-06-08 11:18 - 00000000 ____D C:\Users\Familie\AppData\Local\{56992B6B-90DA-402B-8128-FA8705472E6F}
2015-11-28 19:30 - 2012-06-07 08:31 - 00000000 ____D C:\Users\Familie\AppData\Local\{8F404E3A-B974-40BA-A15E-D346C0885B94}
2015-11-28 19:30 - 2012-06-07 08:30 - 00000000 ____D C:\Users\Familie\AppData\Local\{91C960B3-8DDE-4D15-BBA4-66D4F44BF85A}
2015-11-28 19:30 - 2012-05-20 21:03 - 00000000 ____D C:\Users\Familie\AppData\Local\{7FDE058D-7E4C-4DBD-86D9-A17F0D062F36}
2015-11-28 19:30 - 2012-01-28 11:48 - 00000000 ____D C:\Users\Familie\AppData\Local\{55091203-FACC-47F5-A013-DAE7FD9EAF49}
2015-11-28 19:30 - 2012-01-28 11:48 - 00000000 ____D C:\Users\Familie\AppData\Local\{166189D7-3D91-40BA-8C47-9AA6F806A909}
2015-11-28 19:30 - 2012-01-27 18:16 - 00000000 ____D C:\Users\Familie\AppData\Local\{E549F2E3-BA81-4DA3-8499-CDEA2032ADB8}
2015-11-28 19:30 - 2012-01-27 18:15 - 00000000 ____D C:\Users\Familie\AppData\Local\{C0005B9D-C871-4482-A247-EB3073283F6B}
2015-11-28 19:30 - 2012-01-17 15:14 - 00000000 ____D C:\Users\Familie\AppData\Local\{A2A4DCD3-A428-4841-B3B5-8DDF4DE03211}
2015-11-28 19:30 - 2012-01-17 15:14 - 00000000 ____D C:\Users\Familie\AppData\Local\{0A635D41-1C19-4E53-AD5F-8D540ABD278F}
2015-11-28 19:30 - 2011-12-08 09:13 - 00000000 ____D C:\Users\Familie\AppData\Local\{886F9176-9FA2-4226-A9A3-CA8EAFAEC751}
2015-11-28 19:30 - 2011-12-08 09:13 - 00000000 ____D C:\Users\Familie\AppData\Local\{80B6E7CF-F6E3-4E11-A875-5D04AE316476}
2015-11-28 19:30 - 2011-12-07 09:52 - 00000000 ____D C:\Users\Familie\AppData\Local\{6947F434-4E99-41D5-9BE0-E45BEBB0B022}
2015-11-28 19:30 - 2011-12-07 09:52 - 00000000 ____D C:\Users\Familie\AppData\Local\{27585A92-8458-4F8C-98D6-0AD4FEA7B6FB}
2015-11-28 19:30 - 2011-12-06 12:38 - 00000000 ____D C:\Users\Familie\AppData\Local\{8C48F8CE-FD15-4888-B3A4-7F023B15E449}
2015-11-28 19:30 - 2011-12-06 12:38 - 00000000 ____D C:\Users\Familie\AppData\Local\{24A141FE-4EC7-4FA3-9262-E7F8CCE118D0}
2015-11-28 19:30 - 2011-12-05 21:54 - 00000000 ____D C:\Users\Familie\AppData\Local\{C0C6A2B5-B44B-42E2-8804-48EF8FCD4A4B}
2015-11-28 19:30 - 2011-12-05 21:53 - 00000000 ____D C:\Users\Familie\AppData\Local\{DCA84B71-262A-4666-8405-9F0AF28F7DDD}
2015-11-28 19:30 - 2011-12-01 15:45 - 00000000 ____D C:\Users\Familie\AppData\Local\{816AF1B6-5232-4C26-BF15-D7271E3DA4F5}
2015-11-28 19:30 - 2011-12-01 15:45 - 00000000 ____D C:\Users\Familie\AppData\Local\{80334B87-899F-4D9E-B63B-A7C976E71828}
2015-11-28 19:30 - 2011-11-30 20:09 - 00000000 ____D C:\Users\Familie\AppData\Local\{980C3510-2FDC-40CE-A33A-3F491C333E52}
2015-11-28 19:30 - 2011-11-30 20:09 - 00000000 ____D C:\Users\Familie\AppData\Local\{2EF33B30-51DE-45F8-A305-6CFAC93BFE63}
2015-11-28 19:30 - 2011-11-30 20:08 - 00000000 ____D C:\Users\Familie\AppData\Local\{F0B5B94D-509A-4948-AF31-8300BE8A8DF9}
2015-11-28 19:30 - 2011-11-30 20:08 - 00000000 ____D C:\Users\Familie\AppData\Local\{715E0D86-A7C5-4DED-BA46-C8F0F74C3E8D}
2015-11-28 19:30 - 2011-11-17 22:41 - 00000000 ____D C:\Users\Familie\AppData\Local\{A6B1DFD3-7CA0-419C-87C6-2EEE4577E3FA}
2015-11-28 19:30 - 2011-11-17 22:41 - 00000000 ____D C:\Users\Familie\AppData\Local\{36FED583-8ED1-4F21-ABD5-09BACDA7D1EF}
2015-11-28 19:30 - 2011-11-07 10:53 - 00000000 ____D C:\Users\Familie\AppData\Local\{CFD8623B-1CB6-46B3-A76A-87E5F1413DC9}
2015-11-28 19:30 - 2011-10-31 08:15 - 00000000 ____D C:\Users\Familie\AppData\Local\{9A4DEA26-020E-4199-BA27-6F2BDCD29B85}
2015-11-28 19:30 - 2011-10-31 08:12 - 00000000 ____D C:\Users\Familie\AppData\Local\{EE8CBA42-A242-4639-ABC7-5D93E4381120}
2015-11-28 19:30 - 2011-10-31 08:00 - 00000000 ____D C:\Users\Familie\AppData\Local\{8165444E-450E-4ECB-AD3C-6677829E4ADC}
2015-11-28 19:30 - 2011-10-05 06:18 - 00000000 ____D C:\Users\Familie\AppData\Local\{A180BD97-1CF6-41A7-9B8B-A20DA23D4ACA}
2015-11-28 19:30 - 2011-10-05 06:16 - 00000000 ____D C:\Users\Familie\AppData\Local\{6FF1EDA9-E654-472D-A79C-106BD4C4FCDD}
2015-11-28 19:30 - 2011-08-05 16:49 - 00000000 ____D C:\Users\Familie\AppData\LocalLow\Apple Computer
2015-11-28 19:30 - 2011-07-24 12:00 - 00000000 ____D C:\Users\Familie\AppData\Local\{C3ECAEA6-2666-49D4-94B5-CAB1C3FDC0E6}
2015-11-28 19:30 - 2011-07-07 19:13 - 00000000 ____D C:\Users\Familie\AppData\Local\{251193D3-DDFC-4D1D-B599-4DA15B37C9BB}
2015-11-28 19:30 - 2011-07-07 19:13 - 00000000 ____D C:\Users\Familie\AppData\Local\{04F6B89F-AC2F-4D16-982B-CEA4F4C22CE5}
2015-11-28 19:30 - 2011-07-02 18:48 - 00000000 ____D C:\Users\Familie\AppData\LocalLow\Adobe
2015-11-28 19:30 - 2011-07-01 19:41 - 00000000 ____D C:\Users\Familie\AppData\Local\Windows Live Writer
2015-11-28 19:30 - 2011-07-01 19:41 - 00000000 ____D C:\Users\Familie\AppData\Local\{07E750A2-2DF5-4F5C-906C-8CF3DC1D3652}
2015-11-28 19:30 - 2011-07-01 18:55 - 00000000 ____D C:\Users\Familie\AppData\Local\{958EEAAE-4C37-43F9-B08B-DF134C22AF46}
2015-11-28 19:30 - 2011-07-01 18:13 - 00000000 ____D C:\Users\Familie\AppData\Local\Windows Live
2015-11-28 19:30 - 2011-07-01 13:20 - 00000000 ____D C:\Users\Familie\AppData\Local\VirtualStore
2015-11-28 19:29 - 2015-05-22 17:15 - 00000000 ____D C:\Users\Familie\AppData\Local\Ubisoft Game Launcher
2015-11-28 19:27 - 2015-02-23 09:07 - 00000000 ____D C:\Users\Familie\AppData\Local\Steam
2015-11-28 19:27 - 2014-04-05 13:14 - 00000000 ____D C:\Users\Familie\AppData\Local\My Games
2015-11-28 19:27 - 2014-02-05 19:09 - 00000000 ____D C:\Users\Familie\AppData\Local\PDF24
2015-11-28 19:27 - 2013-03-29 09:24 - 00000000 ____D C:\Users\Familie\AppData\Local\Sony
2015-11-28 19:27 - 2011-10-30 10:04 - 00000000 ____D C:\Users\Familie\AppData\Local\Microsoft Games
2015-11-28 19:27 - 2011-07-02 07:12 - 00000000 ____D C:\Users\Familie\AppData\Local\Power2Go
2015-11-28 19:27 - 2011-07-01 17:07 - 00000000 ____D C:\Users\Familie\AppData\Local\Microsoft Help
2015-11-28 19:26 - 2015-08-28 22:10 - 00000000 ____D C:\Users\Familie\.oracle_jre_usage
2015-11-28 19:26 - 2015-07-27 11:22 - 00000000 ____D C:\Users\Familie\AppData\Local\CEF
2015-11-28 19:26 - 2015-06-10 17:24 - 00000000 ____D C:\Users\Familie\AppData\Local\GWX
2015-11-28 19:26 - 2014-11-12 17:41 - 00000000 __SHD C:\Users\Familie\AppData\Local\EmieBrowserModeList
2015-11-28 19:26 - 2014-04-29 12:29 - 00000000 __SHD C:\Users\Familie\AppData\Local\EmieUserList
2015-11-28 19:26 - 2014-04-29 12:29 - 00000000 __SHD C:\Users\Familie\AppData\Local\EmieSiteList
2015-11-28 19:26 - 2013-12-04 11:06 - 00000000 ____D C:\Users\Familie\AppData\Local\jZip
2015-11-28 19:26 - 2013-08-15 22:25 - 00000000 ____D C:\Users\Familie\AppData\Local\FileViewPro
2015-11-28 19:26 - 2012-11-03 15:14 - 00000000 ____D C:\Users\Familie\AppData\Local\DoNotTrackPlus
2015-11-28 19:26 - 2012-11-03 15:11 - 00000000 ____D C:\Users\Familie\AppData\Local\APN
2015-11-28 19:26 - 2011-10-29 18:04 - 00000000 ____D C:\Users\Familie\AppData\Local\Apple Computer
2015-11-28 19:26 - 2011-08-05 16:49 - 00000000 ____D C:\Users\Familie\AppData\Local\Apple
2015-11-28 19:26 - 2011-07-02 18:48 - 00000000 ____D C:\Users\Familie\AppData\Local\Adobe
2015-11-28 19:26 - 2011-07-02 08:28 - 00000000 ____D C:\Users\Familie\AppData\Local\Google
2015-11-28 19:26 - 2011-07-02 08:28 - 00000000 ____D C:\Users\Familie\AppData\Local\Deployment
2015-11-28 19:26 - 2011-07-02 08:28 - 00000000 ____D C:\Users\Familie\AppData\Local\Apps\2.0
2015-11-28 19:24 - 2013-08-15 22:17 - 00000000 ____D C:\Samples - TrueSizer e3.0
2015-11-28 19:24 - 2013-08-15 21:51 - 00000000 ____D C:\Spacekace
2015-11-28 19:24 - 2013-01-09 14:40 - 00000000 ____D C:\PS_CS2_Gr_NonRet
2015-11-28 18:10 - 2011-07-01 17:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-28 18:02 - 2015-02-28 12:10 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2015-11-28 18:02 - 2011-04-28 21:03 - 00000000 ____D C:\NVIDIA
2015-11-28 18:02 - 2011-04-20 00:21 - 00000000 ____D C:\Intel
2015-11-28 18:01 - 2015-02-28 13:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-28 18:01 - 2014-11-11 20:05 - 00000000 ____D C:\ProgramData\Oracle
2015-11-28 18:01 - 2014-10-22 15:08 - 00000000 ____D C:\ProgramData\com.aspexsoftware.Silhouette_Studio.license
2015-11-28 18:01 - 2014-10-22 15:08 - 00000000 ____D C:\ProgramData\com.aspexsoftware.Silhouette_Studio.8
2015-11-28 18:01 - 2014-08-26 19:49 - 00000000 ____D C:\ProgramData\Brother
2015-11-28 18:01 - 2013-12-04 11:36 - 00000000 ____D C:\ProgramData\BrowserProtect
2015-11-28 18:01 - 2013-12-04 11:36 - 00000000 ____D C:\ProgramData\Browser Manager
2015-11-28 18:01 - 2013-10-12 13:15 - 00000000 ____D C:\ProgramData\GPS Master
2015-11-28 18:01 - 2013-10-06 19:07 - 00000000 ____D C:\ProgramData\RavensburgerTipToi
2015-11-28 18:01 - 2013-08-15 22:24 - 00000000 ____D C:\ProgramData\IsolatedStorage
2015-11-28 18:01 - 2013-06-07 09:29 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2015-11-28 18:01 - 2013-06-07 09:29 - 00000000 ____D C:\ProgramData\Yahoo!
2015-11-28 18:01 - 2013-05-03 18:26 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-11-28 18:01 - 2013-05-03 18:26 - 00000000 ____D C:\ProgramData\McAfee
2015-11-28 18:01 - 2013-03-29 08:49 - 00000000 ____D C:\ProgramData\Sony Ericsson
2015-11-28 18:01 - 2013-03-29 08:47 - 00000000 ____D C:\ProgramData\Sony
2015-11-28 18:01 - 2013-03-11 22:17 - 00000000 ____D C:\ProgramData\Sun
2015-11-28 18:01 - 2013-03-11 22:13 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2015-11-28 18:01 - 2013-03-11 22:13 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-11-28 18:01 - 2012-11-03 15:10 - 00000000 ____D C:\ProgramData\Avira
2015-11-28 18:01 - 2011-11-14 08:33 - 00000000 ____D C:\ProgramData\tmp
2015-11-28 18:01 - 2011-11-14 08:33 - 00000000 ____D C:\ProgramData\hps
2015-11-28 18:01 - 2011-08-16 15:49 - 00000000 ____D C:\ProgramData\BIFAB
2015-11-28 18:01 - 2011-08-15 17:50 - 00000000 ____D C:\ProgramData\brockhaus multimedia
2015-11-28 18:01 - 2011-07-29 16:27 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-11-28 18:01 - 2011-07-27 19:15 - 00000000 ____D C:\ProgramData\Google
2015-11-28 18:01 - 2011-07-14 18:58 - 00000000 ____D C:\ProgramData\HP
2015-11-28 18:01 - 2011-07-01 18:24 - 00000000 ____D C:\ProgramData\Temp
2015-11-28 18:01 - 2011-07-01 18:24 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-28 18:01 - 2011-07-01 16:18 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-28 18:01 - 2011-07-01 16:15 - 00000000 ____D C:\ProgramData\Downloaded Installations
2015-11-28 18:00 - 2013-03-11 22:17 - 00000000 ____D C:\ProgramData\Ask
2015-11-28 18:00 - 2011-08-07 16:16 - 00000000 ____D C:\ProgramData\Apple Computer
2015-11-28 18:00 - 2011-08-05 16:49 - 00000000 ____D C:\ProgramData\Apple
2015-11-28 18:00 - 2011-07-01 16:56 - 00000000 ____D C:\ProgramData\Adobe
2015-11-28 17:55 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-11-28 16:02 - 2015-07-10 20:28 - 00678590 _____ C:\Users\Familie\Downloads\Moritz Vollmacht Reise.pdf.vvv
2015-11-28 16:02 - 2015-07-10 19:24 - 00014014 _____ C:\Users\Familie\Documents\reisevollmacht_deutsch.pdf.vvv
2015-11-28 16:02 - 2015-05-18 17:46 - 01709726 _____ C:\Users\Familie\Downloads\111AnniNannichekcermütze.pdf.vvv
2015-11-28 16:02 - 2015-01-30 20:42 - 00885438 _____ C:\Users\Familie\Downloads\20150130_153919.jpg.vvv
2015-11-28 16:02 - 2015-01-28 19:27 - 00006222 _____ C:\Users\Familie\Downloads\Suchergebnis_webgis.doc.vvv
2015-11-28 16:02 - 2014-12-16 18:09 - 00536366 _____ C:\Users\Familie\Downloads\Stickdatei_Schulkind_Bube_10_x_10.zip.vvv
2015-11-28 16:02 - 2014-12-12 20:28 - 02232942 _____ C:\Users\Familie\Downloads\Ostern 107.jpg.vvv
2015-11-28 16:02 - 2014-10-28 15:51 - 00246974 _____ C:\Users\Familie\Documents\Türkei 2014.pdf.vvv
2015-11-28 16:02 - 2014-10-05 14:59 - 00006062 _____ C:\Users\Familie\Downloads\ergebnis.xls.vvv
2015-11-28 16:02 - 2014-06-24 07:08 - 00426238 _____ C:\Users\Familie\Downloads\horse-3.zip.vvv
2015-11-28 16:02 - 2014-05-13 18:02 - 00013534 _____ C:\Users\Familie\Documents\Schoko Cookies.docx.vvv
2015-11-28 16:02 - 2014-02-26 14:16 - 00078574 _____ C:\Users\Familie\Downloads\396073_10150467424743954_1646670481_n.jpg.vvv
2015-11-28 16:02 - 2014-01-27 11:07 - 00034782 _____ C:\Users\Familie\Downloads\1607075_10201126937046697_1534779815_n.jpg.vvv
2015-11-28 16:02 - 2014-01-21 23:09 - 00098142 _____ C:\Users\Familie\Downloads\1525762_625496897499769_586547215_n.jpg.vvv
2015-11-28 16:02 - 2014-01-09 10:23 - 00052030 _____ C:\Users\Familie\Downloads\1536500_10152123720113954_1902810440_n.jpg.vvv
2015-11-28 16:02 - 2014-01-08 07:55 - 00053134 _____ C:\Users\Familie\Downloads\1525417_10151930429196985_1198407603_n.jpg.vvv
2015-11-28 16:02 - 2013-11-15 16:44 - 00336158 _____ C:\Users\Familie\Downloads\LITTLE_PONNIES_8.zip.vvv
2015-11-28 16:02 - 2013-02-06 13:54 - 00979310 _____ C:\Users\Familie\Downloads\823567_524740364237739_706580171_o.jpg.vvv
2015-11-28 16:02 - 2012-12-08 13:32 - 00072366 _____ C:\Users\Familie\Downloads\282744_10150973726438954_926174638_n.jpg.vvv
2015-11-28 16:02 - 2012-12-08 11:43 - 00035598 _____ C:\Users\Familie\Downloads\Foto0517.jpg.vvv
2015-11-28 16:02 - 2012-12-02 21:27 - 01149454 _____ C:\Users\Familie\Downloads\Attachments_2012_12_2.zip.vvv
2015-11-28 16:02 - 2012-09-05 22:11 - 00089102 _____ C:\Users\Familie\Downloads\523607_10151142339142208_270571082_n.jpg.vvv
2015-11-28 16:02 - 2012-09-05 22:10 - 00061150 _____ C:\Users\Familie\Downloads\578460_10151142338532208_485052215_n.jpg.vvv
2015-11-28 16:02 - 2012-08-17 07:11 - 00063838 _____ C:\Users\Familie\Downloads\ostansicht.jpg.vvv
2015-11-28 16:02 - 2011-12-01 17:03 - 01200046 _____ C:\Users\Familie\Downloads\IMG_1921.JPG.vvv
2015-11-28 16:02 - 2011-11-09 16:04 - 00153230 _____ C:\Users\Familie\Downloads\Document (1).pdf.vvv
2015-11-28 16:01 - 2013-11-09 15:20 - 00058222 _____ C:\Users\Familie\Documents\Rechnung13146-13152.xlsx.vvv
2015-11-28 16:01 - 2013-11-05 16:25 - 00239790 _____ C:\Users\Familie\Documents\Rechnung13151.pdf.vvv
2015-11-28 16:01 - 2013-11-05 16:24 - 00058302 _____ C:\Users\Familie\Documents\Rechnungsvorlage PIPIdesign.xlsx.vvv
2015-11-28 16:01 - 2013-10-24 09:43 - 00181134 _____ C:\Users\Familie\Documents\Rechnung13146.pdf.vvv
2015-11-28 15:44 - 2015-03-15 17:53 - 00017022 _____ C:\Users\Familie\Documents\Omama Gedanken.docx.vvv
2015-11-28 15:44 - 2013-12-16 14:55 - 00218862 _____ C:\Users\Familie\Documents\onkel andi.docx.vvv
2015-11-28 15:44 - 2013-05-12 11:13 - 00113598 _____ C:\Users\Familie\Documents\Parte-P-Hermann-Sporrer.pdf.vvv
2015-11-28 15:43 - 2015-10-29 18:33 - 00111886 _____ C:\Users\Familie\Documents\let_her_go_-_passenger_tabs.pdf.vvv
2015-11-28 15:43 - 2015-06-16 07:42 - 00034734 _____ C:\Users\Familie\Documents\Kopie von Familiensonntag Anmeldungen 2014-15.xlsx.vvv
2015-11-28 15:43 - 2015-06-16 07:32 - 00034702 _____ C:\Users\Familie\Documents\Kopie von Familiensonntag Anmeldungen 2014-15 2.xlsx.vvv
2015-11-28 15:43 - 2015-05-09 21:22 - 00105230 _____ C:\Users\Familie\Documents\muttertag.docx.vvv
2015-11-28 15:43 - 2013-11-18 21:59 - 00039342 _____ C:\Users\Familie\Documents\Kopie von 2013-11.Elternsprechtag Buffet.xls.vvv
2015-11-28 15:43 - 2013-06-11 21:11 - 00014702 _____ C:\Users\Familie\Documents\Mirela Adili.docx.vvv
2015-11-28 15:43 - 2013-05-07 20:11 - 00014366 _____ C:\Users\Familie\Documents\Hallo Katharina.docx.vvv
2015-11-28 15:41 - 2015-07-07 18:14 - 00017326 _____ C:\Users\Familie\Documents\cro bye bye.docx.vvv
2015-11-28 15:41 - 2015-06-24 15:41 - 00231998 _____ C:\Users\Familie\Documents\11.docx.vvv
2015-11-28 15:41 - 2015-03-16 14:56 - 00013726 _____ C:\Users\Familie\Documents\Gedicht Beerdigung.docx.vvv
2015-11-28 15:41 - 2015-03-16 09:23 - 00013998 _____ C:\Users\Familie\Documents\Fürbitten Omama.docx.vvv
2015-11-28 15:41 - 2013-12-11 17:53 - 00168670 _____ C:\Users\Familie\Documents\eine weihnachtsgeschichte.docx.vvv
2015-11-28 15:41 - 2013-11-18 22:02 - 00039342 _____ C:\Users\Familie\Documents\2013-11.Elternsprechtag Buffet.xls.vvv
2015-11-28 15:41 - 2013-08-31 21:52 - 00014862 _____ C:\Users\Familie\Documents\Bewertung E.docx.vvv
2015-11-28 15:41 - 2013-07-07 12:58 - 00013246 _____ C:\Users\Familie\Documents\B C.docx.vvv
2015-11-28 15:28 - 2008-02-05 12:28 - 00000478 _____ C:\Users\Familie\AppData\Local\setup.txt.vvv
2015-11-27 19:56 - 2011-07-01 20:53 - 00000000 ____D C:\Windows\Panther
2015-11-27 19:21 - 2015-07-10 18:28 - 00000000 ___HD C:\$Windows.~BT
2015-11-27 10:21 - 2011-07-01 17:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-27 09:44 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-11-26 10:07 - 2015-10-15 15:58 - 00002030 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-11-26 10:07 - 2013-03-29 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-11-26 10:07 - 2011-07-01 16:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-20 08:09 - 2015-09-09 15:26 - 00001159 _____ C:\Users\Public\Desktop\Polar FlowSync.lnk
2015-11-19 17:05 - 2011-07-01 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-11-19 17:05 - 2009-07-14 08:45 - 00000000 ____D C:\Windows\ShellNew
2015-11-16 07:28 - 2013-05-03 18:26 - 00001936 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-12 08:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-11-12 08:18 - 2012-10-07 11:58 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 18:51 - 2012-08-17 06:59 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 18:51 - 2012-08-17 06:59 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 18:51 - 2011-07-01 17:02 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 18:32 - 2015-09-09 17:36 - 00001142 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-11-11 18:32 - 2014-08-22 21:18 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-11 18:12 - 2013-08-14 17:01 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 18:07 - 2011-07-02 08:44 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 18:01 - 2009-07-14 08:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 12:38 - 2013-03-06 12:53 - 01602852 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-04 08:34 - 2012-10-01 12:08 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-04 08:34 - 2012-01-17 15:13 - 00000000 ____D C:\Program Files\iTunes
2015-11-04 08:33 - 2012-01-17 15:13 - 00000000 ____D C:\Program Files\iPod
2015-11-04 08:33 - 2012-01-17 15:13 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-04 08:33 - 2011-10-29 18:02 - 00000000 ____D C:\Program Files\Common Files\Apple
 
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
 
2015-11-28 14:22 - 2015-11-28 15:41 - 0006921 _____ () C:\Users\Familie\AppData\Roaming\how_recover+ncd.html
2015-11-28 14:22 - 2015-11-28 15:41 - 0002401 _____ () C:\Users\Familie\AppData\Roaming\how_recover+ncd.txt
2015-11-28 18:01 - 2015-11-28 20:15 - 0006921 _____ () C:\Users\Familie\AppData\Roaming\how_recover+rbq.html
2015-11-28 18:01 - 2015-11-28 20:15 - 0002401 _____ () C:\Users\Familie\AppData\Roaming\how_recover+rbq.txt
2015-11-28 14:22 - 2015-11-28 16:02 - 0006921 _____ () C:\Users\Familie\AppData\Local\how_recover+ncd.html
2015-11-28 14:22 - 2015-11-28 16:02 - 0002401 _____ () C:\Users\Familie\AppData\Local\how_recover+ncd.txt
2015-11-28 18:01 - 2015-11-28 20:13 - 0006921 _____ () C:\Users\Familie\AppData\Local\how_recover+rbq.html
2015-11-28 18:01 - 2015-11-28 20:13 - 0002401 _____ () C:\Users\Familie\AppData\Local\how_recover+rbq.txt
2015-01-09 15:29 - 2015-01-09 15:29 - 0001289 _____ () C:\Users\Familie\AppData\Local\recently-used.xbel
2008-02-05 12:28 - 2015-11-28 15:28 - 0000478 _____ () C:\Users\Familie\AppData\Local\setup.txt.vvv
2015-11-28 14:22 - 2015-11-28 15:13 - 0006921 _____ () C:\ProgramData\how_recover+ncd.html
2015-11-28 14:22 - 2015-11-28 15:13 - 0002401 _____ () C:\ProgramData\how_recover+ncd.txt
2015-11-28 18:00 - 2015-11-28 19:26 - 0006921 _____ () C:\ProgramData\how_recover+rbq.html
2015-11-28 18:00 - 2015-11-28 19:26 - 0002401 _____ () C:\ProgramData\how_recover+rbq.txt
2011-07-14 18:58 - 2011-07-14 19:02 - 0001783 _____ () C:\ProgramData\hpzinstall.log
 
Einige Dateien in TEMP:
====================
C:\Users\Familie\AppData\Local\Temp\AskSLib.dll
C:\Users\Familie\AppData\Local\Temp\avgnt.exe
C:\Users\Familie\AppData\Local\Temp\propsys.dll
 
 
==================== Bamital & volsnap =================
 
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
 
 
LastRegBack: 2015-11-30 23:25
 
==================== Ende von FRST.txt ============================
 
Thank you!
 
UPDATE
Sorry, I forgot some important information:
Nearly "everywhere" on the PC are the following files:
 
how_recover+ncd.txt
how_recover+ncd.html
-both created 16:02:00
 
how_recover+rbq.txt
how_recover+rbq.html
-both created 20:16:00

 

I can't download the files from the infected PC without my Windows Defender alerting me about "Tesla.D".

I added a screenshot of the content.

 

These files are located even at the places where you would search for Teslacrypt data, e.g. "appdata/microsoft/crypto/machine keys"...

Attached Files


Edited by eddyerpel, 03 December 2015 - 10:55 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:58 PM

Posted 06 December 2015 - 09:46 PM

Greetings eddyerpel and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Are you simply trying to find out if the file can be used for decryption or are you looking to clean the computer, or both?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 eddyerpel

eddyerpel
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 07 December 2015 - 02:12 AM

Hi Gary,

 

my name is Rudi.

Thank you for your help.

 

It's not my computer where the malware is, but the computer of a friend.

I am allowed to do anything to get her files back, and thats what I want to try:

 

Decrypt the files.

 

The problem is, I was not the first who connected to her computer.

One day before, somebody else tried to remove the malware from it and I don't know exactly what happened on the computer.

 

What I did until now:

- Scanning with "malwareBytes Anti Malware" only showed a registry startup entry, marked as "TeslaCrypt"-infection. -> removed

- searched for "key.dat", "storage.bin" -> nothing found

- used "photo_rec" to restore deleted files on an external HDD -> none of the decrypted files

- used "shadow-explorer" to restore one file in "appdata/microsoft/crypto"

 

I can't say what happened "before me", but as my scan with "malwareBytes Anti Malware" only found a startup entry, I think there was a removal of the malware.

 

I found a registry key under "Software->'Bitcoin-address-of-the-recover-me-doc' containing 328 Byte of data...


Edited by eddyerpel, 07 December 2015 - 03:36 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:58 PM

Posted 07 December 2015 - 11:35 AM

Greetings Rudi,

I don't think there is anything you can do to decrypt the files. If you would like you can post in the Cryptolocker Suppport Topic which is monitored by those most intimately familiar with crypto issues. If you want to start a topic there let me know because I will need to immediately close this Topic. Other Forums prefer not to have an open malware topic before assisting.

If there is anything else I can assist you with please let me know.

Edited by Oh My!, 07 December 2015 - 11:35 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 eddyerpel

eddyerpel
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:58 PM

Posted 08 December 2015 - 08:53 AM

Hi Gary,

thank you for your help.

I will open a thread in the Cryptolocker Support Topic, so you can close this one.

 

Have a nice day!

 

Rudi



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:58 PM

Posted 08 December 2015 - 09:12 AM

Thanks Rudi.

Good luck.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,132 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:58 PM

Posted 08 December 2015 - 09:12 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users