| |
| |||||||
Log-Analyse und Auswertung: Aus Email Anhang von DHL TR/Emotet.A.92 installiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.05.2015, 10:03
| #1 |
 |  Aus Email Anhang von DHL TR/Emotet.A.92 installiert Ich habe versehentlich den Anhang (eine .zip Datei) aus der Email geöffnet (voll dumm. ich weiß) Als mir klar wurde, dass die DHL Mail gefälscht war habe ich einen System Scan mit Antivir laufen lassen und Antivir hat in dem Emailanhang den oben genannten Trojaner gefunden und ihn in Quarantäne verschoben. Das ist erst wenige Tage her und ich kann bisher nicht erkennen, dass der Trojaner aktiv geworden ist, aber das heißt ja nichts. Es handelt sich um ein Windows 7 32bit System. Ich hab mit FRST einen Scan ausgeführt. Der FRST.txt Logfile ist: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2015
Ran by Volker Henkels (administrator) on DESKTOP on 03-05-2015 10:42:12
Running from C:\Users\Volker Henkels\Documents\Downloads
Loaded Profiles: Volker Henkels (Available profiles: Volker Henkels & Uta)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\srvany.exe
() C:\Windows\KMService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccsvchst.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FNet Co., Ltd.) C:\Program Files\XFastUsb\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Creative Technology Ltd) C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Windows\LOGI_MWX.EXE
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Jumping Bytes) C:\Program Files\PureSync\PureSyncTray.exe
() C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
() C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
(Dropbox, Inc.) C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Macrovision Europe Ltd.) C:\Users\Volker Henkels\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\ace_update.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\diagtrackrunner.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Temp\C67CE35B-983E-483D-98BA-2CFC59C1C79B\DismHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [XFastUsb] => C:\Program Files\XFastUsb\XFastUsb.exe [4942336 2011-10-22] (FNet Co., Ltd.)
HKLM\...\Run: [CTSyncService] => C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Logitech Utility] => C:\Windows\Logi_MwX.Exe [19968 2003-12-17] (Logitech Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2010-10-26] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [312320 2007-06-26] (shbox.de)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11734240 2012-12-13] (Realtek Semiconductor)
HKLM\...\Run: [ZyngaGamesAgent] => C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)
HKLM\...\Run: [STCAgent] => C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-01-21] (Splashtop Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2622296 2008-04-21] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [911168 2008-04-21] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [136472 2008-04-21] (Acronis)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-05-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [ISUSPM] => -scheduler
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [PureSync] => C:\Program Files\PureSync\PureSyncTray.exe [915120 2014-08-25] (Jumping Bytes)
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [AceStream] => C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe [23984 2014-12-07] ()
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [AceWebException] => C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] ()
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk [2014-01-02]
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)
Startup: C:\Users\Uta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-06-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Volker Henkels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-03-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
BootExecute: autocheck autochk /k:C *
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2498879569-601166142-2179082399-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
SearchScopes: HKU\S-1-5-21-2498879569-601166142-2179082399-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2014-12-03] (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll [2013-05-31] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\IPS\IPSBHO.DLL [2013-04-09] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-11] (Oracle Corporation)
BHO: Media Player -> {86c47305-d478-4eba-baf4-1e6c48b01195} -> C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha460\ie\MediaPlayerV1alpha460.dll No File
BHO: Video Player -> {8f2263fe-d363-40e0-9538-52bd78d36ed8} -> C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ie\VideoPlayerV3beta821.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-11] (Oracle Corporation)
BHO: Media Watch -> {e5978446-df5c-4ffe-b126-cc9f04d8bcbb} -> C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ie\MediaWatchV1home3705.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll [2013-05-31] (Symantec Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-05-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2498879569-601166142-2179082399-1000: @acestream.net/acestreamplugin,version=3.0.2 -> C:\Users\Volker Henkels\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-07] (Innovative Digital Technologies)
FF Extension: AS Magic Player - C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\Extensions\magicplayer@acestream.org [2015-03-01]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2015-01-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-15]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn [2013-09-02]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn [2013-05-07]
FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta821.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha460.net] - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha460\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home3705.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ff
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-01-15]
Chrome:
=======
CHR Profile: C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-12]
CHR Extension: (Google Drive) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-12]
CHR Extension: (YouTube) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-12]
CHR Extension: (Google Search) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-12]
CHR Extension: (BetaFish Adblocker) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-27]
CHR Extension: (Bookmark Manager) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (No Name) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-10-25]
CHR Extension: (Google Wallet) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-12]
CHR Extension: (Gmail) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-12]
CHR HKLM\...\Chrome\Extension: [ggkcbejnocbilhflhkfinpglppngccom] - C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ch\MediaWatchV1home3705.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jkfdofagjlgcljcjibmembhbjnpbalip] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ch\VideoPlayerV3beta821.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\Exts\Chrome.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [431384 2008-04-21] (Acronis)
R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-05-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-05-01] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-10-22] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-10-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-10-22] (Creative Labs) [File not signed]
R2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498952 2008-04-21] ()
R2 WCUService_STC_IE; C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [497480 2011-03-22] (Splashtop Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 asahci32; C:\Windows\System32\DRIVERS\asahci32.sys [32352 2011-03-23] (Asmedia Technology)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [95720 2010-12-29] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [293352 2010-12-29] (ASMedia Technology Inc)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [13832 2010-06-11] (Windows (R) Win 7 DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-04-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-04-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-14] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2012-03-03] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-04-28] (Avira Operations GmbH & Co. KG)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R2 DLPortIO; C:\Windows\system32\DRIVERS\DLPortIO.SYS [3584 1999-01-10] () [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-27] (Symantec Corporation)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29248 2011-10-22] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2011-10-22] (FNet Co., Ltd.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130830.001\IDSvix86.sys [392792 2013-08-21] (Symantec Corporation)
S3 L8042pr2; C:\Windows\System32\DRIVERS\L8042pr2.Sys [51729 2003-12-17] (Logitech, Inc.)
S3 Ltn_hyd7700pc; C:\Windows\System32\Drivers\Ltn_hyd7700pc.sys [374144 2007-05-18] (Liteon)
S3 Ltn_rc; C:\Windows\System32\Drivers\Ltn_rc.sys [11520 2006-12-27] (Liteon)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130901.019\NAVENG.SYS [93272 2013-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130901.019\NAVEX15.SYS [1612376 2013-08-29] (Symantec Corporation)
S3 npf; C:\Windows\System32\drivers\npf.sys [34064 2009-02-08] (CACE Technologies)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2011-11-30] (Sonic Solutions) [File not signed]
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2010-11-16] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2010-11-16] (RapidSolution Software AG)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [629760 2010-08-10] (Realtek Semiconductor Corporation )
R2 ScopeItPort; C:\SCOPE-IT\ScopeIt.sys [5231 2012-03-28] () [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2010-11-16] (RapidSolution Software AG)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2013-05-07] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2013-05-07] (Acronis)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-03 10:41 - 2015-05-03 10:42 - 00000000 ____D () C:\FRST
2015-04-28 19:50 - 2015-04-28 19:51 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\{C3DB041C-1E63-4A95-ABED-B741677EE872}
2015-04-28 15:47 - 2015-04-28 15:47 - 00001138 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-28 15:41 - 2015-04-28 15:41 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\{AE544530-74CF-41C2-9CE6-4BA80E6B3A40}
2015-04-28 15:40 - 2015-05-01 18:00 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\Avira
2015-04-28 15:39 - 2015-05-01 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-28 15:39 - 2015-05-01 17:59 - 00000000 ____D () C:\ProgramData\Avira
2015-04-28 15:39 - 2015-04-28 15:46 - 00000000 ____D () C:\Program Files\Avira
2015-04-28 15:39 - 2015-04-28 15:41 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-28 15:39 - 2015-04-28 15:41 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-28 15:39 - 2015-04-28 15:41 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-28 15:39 - 2014-02-14 11:00 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-28 15:39 - 2014-02-14 11:00 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-04-27 11:26 - 2015-04-27 11:26 - 00000000 ____D () C:\Users\Uta\AppData\Local\{BFD7934C-2205-4CAC-9226-B1B1F6DF58FD}
2015-04-26 08:06 - 2015-04-26 08:07 - 00000000 ____D () C:\Users\Uta\AppData\Local\{E9D9B646-E08B-41F7-BC93-585011053EBC}
2015-04-20 14:02 - 2015-04-20 14:02 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\{BB557B0C-47D7-4BFC-B874-C5E70A9B36CB}
2015-04-19 18:19 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-19 18:19 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-18 20:57 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-18 20:57 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-18 20:57 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-18 20:57 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-18 20:57 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-18 20:57 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-18 20:57 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-18 20:57 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-18 20:57 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-18 20:57 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-18 20:57 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-18 20:57 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-18 20:57 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-18 20:57 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-18 20:57 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-18 20:57 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-18 20:57 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-18 20:57 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-18 20:57 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-18 20:57 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-18 20:57 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-18 20:57 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-18 20:57 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-18 20:57 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-18 20:57 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-18 20:57 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-18 20:57 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-18 20:57 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-18 20:57 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-18 20:57 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-18 20:57 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-18 20:57 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-18 20:57 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-18 20:57 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-18 20:57 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-18 20:57 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-18 20:57 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-18 20:57 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-18 20:57 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-18 20:57 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-18 20:57 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-18 20:57 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-18 20:57 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-18 20:57 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-18 20:57 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-18 20:57 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-18 20:56 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-18 20:56 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-18 20:56 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-13 10:56 - 2015-04-13 10:57 - 00000000 ____D () C:\Users\Uta\AppData\Local\{0FE4FDFF-C807-4FB4-B922-0E48C4512D86}
2015-04-04 16:01 - 2015-04-04 16:01 - 00000000 ___SD () C:\Windows\system32\GWX
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-03 10:30 - 2014-03-16 10:25 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\Dropbox
2015-05-03 10:30 - 2011-10-19 14:36 - 01740154 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 10:29 - 2014-02-12 19:10 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-03 10:29 - 2012-10-05 12:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 13:49 - 2014-02-12 19:10 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 10:49 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 10:49 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 10:37 - 2014-03-16 10:29 - 00000000 ___RD () C:\Users\Volker Henkels\Dropbox
2015-05-02 10:35 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 10:34 - 2013-05-07 16:27 - 00073261 _____ () C:\Windows\setupact.log
2015-05-01 21:04 - 2014-03-22 14:42 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\KeePass
2015-05-01 20:05 - 2014-07-20 13:13 - 00017182 _____ () C:\Users\Volker Henkels\Passwort Datenbank.kdbx
2015-05-01 20:05 - 2011-10-19 14:38 - 00000000 ____D () C:\Users\Volker Henkels
2015-05-01 18:50 - 2014-02-12 19:13 - 00002166 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-01 18:36 - 2011-11-28 15:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-01 17:52 - 2013-05-07 21:05 - 00189186 _____ () C:\Windows\PFRO.log
2015-04-28 19:54 - 2011-10-20 11:00 - 00001861 _____ () C:\Windows\Alltag.ini
2015-04-28 19:45 - 2014-09-08 17:10 - 00000000 ____D () C:\Program Files\Free Easy CD DVD Burner
2015-04-28 16:34 - 2011-10-20 11:01 - 00000086 _____ () C:\Windows\Kontext.ini
2015-04-28 15:47 - 2015-02-03 14:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-28 15:35 - 2013-06-09 19:04 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\CrashDumps
2015-04-27 14:52 - 2014-06-22 13:05 - 00000000 ____D () C:\Users\Uta\AppData\Roaming\Dropbox
2015-04-25 11:08 - 2014-03-16 10:28 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-23 12:13 - 2011-10-20 10:27 - 00000000 ____D () C:\Users\Volker Henkels\Documents\Steuerfälle
2015-04-22 16:13 - 2011-12-19 11:34 - 00000000 ____D () C:\Users\Volker Henkels\Documents\Stabliste
2015-04-21 13:04 - 2014-08-15 13:25 - 00002220 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2015-04-20 13:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-19 18:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-19 18:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-19 18:09 - 2014-12-12 12:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-19 18:09 - 2014-05-08 20:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-19 18:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-19 03:22 - 2011-10-19 15:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-19 03:20 - 2011-10-19 14:37 - 01602556 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 03:16 - 2009-07-14 04:04 - 00000478 _____ () C:\Windows\win.ini
2015-04-18 22:22 - 2012-03-31 17:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-18 22:22 - 2011-10-25 09:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-08 13:23 - 2014-11-05 18:57 - 00002220 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-04-07 10:07 - 2011-10-20 10:17 - 00000000 ____D () C:\Users\Volker Henkels\Documents\Arbeitsamt
==================== Files in the root of some directories =======
2011-12-02 14:30 - 2015-01-28 00:08 - 0000649 _____ () C:\Users\Volker Henkels\AppData\Roaming\burnaware.ini
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Volker Henkels\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Volker Henkels\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Volker Henkels\AppData\Local\CDRip.dll
2013-05-13 14:41 - 2015-02-03 14:04 - 0006144 _____ () C:\Users\Volker Henkels\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-19 18:23 - 2011-10-19 18:23 - 0000749 _____ () C:\Users\Volker Henkels\AppData\Local\error.log
2007-08-13 18:46 - 2007-08-13 18:46 - 0155136 _____ () C:\Users\Volker Henkels\AppData\Local\lame_enc.dll
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Volker Henkels\AppData\Local\No23 Recorder.exe
2005-08-23 23:34 - 2005-08-23 23:34 - 0029184 _____ () C:\Users\Volker Henkels\AppData\Local\no23xwrapper.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0015872 _____ () C:\Users\Volker Henkels\AppData\Local\ogg.dll
2011-10-19 18:23 - 2011-10-19 18:23 - 0001955 _____ () C:\Users\Volker Henkels\AppData\Local\process.log
2013-01-30 20:11 - 2013-01-30 20:11 - 0001506 _____ () C:\Users\Volker Henkels\AppData\Local\RecConfig.xml
2012-03-08 20:24 - 2012-03-08 20:24 - 0000017 _____ () C:\Users\Volker Henkels\AppData\Local\resmon.resmoncfg
2006-10-26 02:06 - 2006-10-26 02:06 - 0143872 _____ () C:\Users\Volker Henkels\AppData\Local\vorbis.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0064000 _____ () C:\Users\Volker Henkels\AppData\Local\vorbisenc.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0019456 _____ () C:\Users\Volker Henkels\AppData\Local\vorbisfile.dll
Files to move or delete:
====================
C:\Users\Volker Henkels\adw24cleaner.exe
Some content of TEMP:
====================
C:\Users\Uta\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphpp_8f.dll
C:\Users\Uta\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Volker Henkels\AppData\Local\Temp\avgnt.exe
C:\Users\Volker Henkels\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbq30gl.dll
C:\Users\Volker Henkels\AppData\Local\Temp\ose00000.exe
C:\Users\Volker Henkels\AppData\Local\Temp\Uni000.exe
C:\Users\Volker Henkels\AppData\Local\Temp\Updater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-24 13:28
==================== End Of Log ============================
--- --- --- Der ADDITION.txt Logfile ist:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-05-2015
Ran by Volker Henkels at 2015-05-03 10:43:39
Running from C:\Users\Volker Henkels\Documents\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2498879569-601166142-2179082399-500 - Administrator - Disabled)
Gast (S-1-5-21-2498879569-601166142-2179082399-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2498879569-601166142-2179082399-1005 - Limited - Enabled)
Uta (S-1-5-21-2498879569-601166142-2179082399-1003 - Limited - Enabled) => C:\Users\Uta
Volker Henkels (S-1-5-21-2498879569-601166142-2179082399-1000 - Administrator - Enabled) => C:\Users\Volker Henkels
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security CBE (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security CBE (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security CBE (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Ace Stream Media 3.0.2 (HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\AceStream) (Version: 3.0.2 - Ace Stream Media) <==== ATTENTION!
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acronis*True*Image*Home (HKLM\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8105 - Acronis)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Alltags-Adressen (HKLM\...\Adressen_is1) (Version: - Heiko Prueß / Alltags-Programme)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.7.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.2.2.000 - Asmedia Technology)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)
ASRock eXtreme Tuner v0.1.56 (HKLM\...\ASRock eXtreme Tuner_is1) (Version: - )
ASRock InstantBoot v1.26 (HKLM\...\ASRock InstantBoot_is1) (Version: - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-7460DN (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
BurnAware Free 5.3 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware Technologies)
calibre (HKLM\...\{C354D7E2-C1F3-45AB-A547-BF500F2E0814}) (Version: 1.45.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivxToDVD 0.5.2b (HKLM\...\VSO DivxToDVD_is1) (Version: 0.5.2b - VSO-Software SARL)
Dropbox (HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
fotokasten comfort 5.3 (HKLM\...\fotokasten comfort_is1) (Version: - )
Free Easy Burner V 5.1 (HKLM\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
FreePDF XP (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
GIMP 2.6.12 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
iExplorer 2.2.1.3 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant, LLC)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
JPEG-EXIF_autorotate (HKLM\...\JPEG-EXIF_autorotate) (Version: - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.25 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)
K-Lite Codec Pack 5.2.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 5.2.0 - )
Leawo Video Converter 2012 Version 4.1.0.0 (HKLM\...\{E0A8AB05-5217-4D9E-AE90-2BA8B9FB8496}_is1) (Version: 4.1.0.0 - Leawo Software)
Logitech MouseWare 9.79.1 (HKLM\...\{5809E7CF-4DCF-11D4-9875-00105ACE7734}) (Version: - )
MAGIX Foto Designer 7 (HKLM\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\MX.{0860A3E3-E2BA-485C-8D98-1144A494D167}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 (32-Bit-Version) (HKLM\...\MX.{7571AD6B-E8C3-462E-92B4-020A2CF69B90}) (Version: 14.0.1.21 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 (32-Bit-Version) (Version: 14.0.1.21 - MAGIX Software GmbH) Hidden
Media Player (HKLM\...\MediaPlayerV1alpha460) (Version: 1.1 - Media Player) <==== ATTENTION
Mediaport (HKLM\...\Mediaport) (Version: - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Encarta Enzyklopädie 2000 (HKLM\...\Encarta Encyclopedia 2000 D) (Version: - )
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NetObjects Fusion 10.0 (HKLM\...\{6BCC67CF-BABD-4456-B95C-E6431C8FBC18}) (Version: 10.0 German - )
NetObjects Fusion 10.0 (HKLM\...\{EB280D0C-E8F7-4EA6-907B-4CD72122E904}) (Version: 10.0 German - )
No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
Norton Internet Security CBE (HKLM\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Overlook Fing (HKLM\...\Overlook Fing 1.4) (Version: 1.4 - Overlook)
PaperPort 8.0 SE (HKLM\...\{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}) (Version: 1.0.0.0000 - ScanSoft, Inc.)
Passbild-Generator v4.0a (HKLM\...\Passbild-Generator_is1) (Version: - Passbild-Generator)
PC Inspector smart recovery (HKLM\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
PixiePack Codec Pack (HKLM\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
PureSync (Version: 3.8.1 - Jumping Bytes) Hidden
PureSync 3.8.1 (HKLM\...\PureSync) (Version: 3.8.1 - Jumping Bytes)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Schachtrainer (HKLM\...\Schachtrainer_is1) (Version: - Tivola Development GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version: - )
Sound Blaster X-Fi MB (HKLM\...\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}) (Version: 1.0 - Creative Technology Limited)
Splashtop Connect IE (HKLM\...\{F9F5EF72-18CF-4DCF-A721-EC86B94DAC46}) (Version: 1.1.12.1 - Splashtop Inc.)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.13.97 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.32.155 - Akademische Arbeitsgemeinschaft)
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version: - )
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunebite (HKLM\...\{DDED1469-A08D-4043-9661-7FF914BD8F99}) (Version: 7.2.13700.0 - RapidSolution Software AG)
Video DVD Maker v3.30.0.75 (HKLM\...\{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}) (Version: - )
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VR-NetWorld (HKLM\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version: - )
WaveAgent (HKLM\...\InstallShield_{053C7D32-3566-452B-9A37-D42B4F4C5379}) (Version: 1.20 - Sound Devices LLC)
WaveAgent (Version: 1.20 - Sound Devices LLC) Hidden
WBFS Manager 4.0 (HKLM\...\{825E9A84-1E03-4526-9F8E-45015C938A7C}) (Version: 4.0 - WBFS)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
winpcap-overlook 4.02 (HKLM\...\winpcap-overlook) (Version: - )
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
XFastUsb (HKLM\...\XFastUsb) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\VOLKER~1\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{9000834c-c6c7-43ac-b8ee-dc9668f39a81}\localserver32 -> C:\Users\VOLKER~1\AppData\Local\Temp\{91814ec0-b5f0-11d2-80b9-00104b1f6cea}\IDriver.NonElevated.exe (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0FCA4127-6BEC-4515-A7ED-28FA9EC00057} - System32\Tasks\{794DB57D-7EB9-4BA0-A3C7-7EBE3D028F00} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {131B0445-BC6F-4F53-89A5-ECE9C0788863} - System32\Tasks\{6180D768-68E5-4B2C-BC04-3DADEB1A14CF} => E:\Setup.EXE
Task: {18511FD6-6A77-4351-B0D0-9C2C8AC88BD0} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe
Task: {289D24C2-79EB-41D2-86B3-5F6EA8D4353E} - System32\Tasks\{91AC768C-5270-4F3C-BCDE-8F60AB0134B4} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {34BA2C71-F71B-46CF-B102-0BAF3B01F302} - System32\Tasks\{EFA2BC6B-098A-4F69-B8EF-EF7449585CEF} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {42E35F47-810C-49A7-A66F-76431EE90E5C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18] (Adobe Systems Incorporated)
Task: {4415D302-A36C-4D4A-94AF-0941DE55A4B0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {4A8EBBBF-76D7-44D7-B968-BB19D9DF4DA5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4DE13AC1-7A5E-48F4-95EF-DC8D12BF3434} - System32\Tasks\{5AEADBF5-2266-4CB2-902F-EAC4ECA10BA0} => E:\Setup.EXE
Task: {51786A54-D505-400B-914B-EE751D94E89F} - System32\Tasks\{D7B08E1E-9FF0-4729-AC7B-3C277597F92C} => C:\Users\Volker Henkels\Documents\Downloads\Torpark\Torpark.exe
Task: {51907D83-A567-478B-B71A-2FCB53F8797D} - System32\Tasks\{EABA05C3-2F74-4BB5-99F7-072C20501280} => pcalua.exe -a E:\paperport\PP12Installer.exe -d E:\paperport
Task: {63023C49-3575-4105-85A5-A7DFBE1FC3DC} - System32\Tasks\{18C65823-8B94-4B01-9F15-CE2A1DDA68F7} => pcalua.exe -a "C:\Program Files\Microsoft Encarta\Encarta Enzyklopädie 2000\unee2000.exe" -c /uninstall
Task: {6687E89E-0EA9-4C7B-80B3-7588D16BCAEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {74FB5C52-6DA4-4ADB-916D-4597ED057F61} - System32\Tasks\{5B67CB8B-964C-4C8E-8D41-04ECF755E104} => pcalua.exe -a "C:\Users\Volker Henkels\Downloads\jxpiinstall.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {81640940-9D5D-4FA7-9B36-331EC2DC8C92} - System32\Tasks\{C5EF75EB-2831-46AD-A4DC-01370676B696} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {822638D8-6F93-490D-93D7-4D4C3DE1972E} - System32\Tasks\{DAFCD1C1-7C64-4B97-A21C-7405D7E6AE6C} => C:\Program Files\Emme\Kleiner Eisbär 2\UNWISE.EXE
Task: {8A541488-06D3-429D-A2A0-B003FCF2B597} - System32\Tasks\{8132B927-E965-487E-98DD-29905D7B89D2} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {90CDF918-1746-4F25-A79C-A9F6CCEFC876} - System32\Tasks\{ADBEB609-D22B-4CD5-99E4-F7412357DC7C} => pcalua.exe -a C:\PROGRA~1\TECHNI~1\MEDIAP~1\UNWISE.EXE -c C:\PROGRA~1\TECHNI~1\MEDIAP~1\INSTALL.LOG
Task: {9421D7AE-F5E5-4AED-9BA2-F3561670E9C3} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9B2DCD82-E459-41CE-B203-40E75D93BB5F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {A5AA510D-F9CA-48B6-A886-E83FFC87583D} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {B3420DD3-EEBA-4A85-A10F-3E13A2DC79DD} - System32\Tasks\{BD137A0E-0F87-485C-A8F9-C89BC4224A9F} => pcalua.exe -a "C:\Program Files\IncrediMail\Bin\ImSetup.exe" -c /uninstallProduct /addon:incredimail
Task: {B49F145D-3B72-4BC7-A6FA-E8818EB845C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {BFA0BDF5-B1B2-4176-8E0F-DF5002D6C903} - System32\Tasks\{CAEC5C14-DA68-494B-9656-F43CB49E0684} => C:\Users\Volker Henkels\Documents\Downloads\Torpark\Torpark.exe
Task: {C2E434F7-9077-4EAC-A430-0368EC4A3407} - System32\Tasks\{EDF60F3E-89B0-4DE1-BF0C-85462ABD839D} => msiexec.exe /package "E:\Setup\Löwenzahn 5.msi"
Task: {C61680E4-97EE-40A4-A841-A88EA1691CB7} - System32\Tasks\{8E92A3C3-8295-42C5-8836-72DD9552015B} => pcalua.exe -a "C:\Users\Volker Henkels\Documents\Downloads\VRNetWorldSW_51012.exe" -d "C:\Users\Volker Henkels\Documents\Downloads"
Task: {C81CDF8E-6421-4F24-84BD-E468FC949571} - System32\Tasks\{77D564C7-808F-4AB7-A975-D95CE6069C90} => pcalua.exe -a "C:\Users\Volker Henkels\Download\Maus\mw9791deu.exe" -d "C:\Users\Volker Henkels\Download\Maus"
Task: {DAECB3EA-C5FA-4B4F-A00C-C6925395EB1D} - System32\Tasks\{981E4BC2-CA6D-4C07-834A-C23786137ED9} => C:\Users\Volker Henkels\Documents\Downloads\torpark-2.4.1-ff3.exe
Task: {DBDF02DB-5EF7-4BA4-B2EE-567E629571E8} - System32\Tasks\{14A5D1A3-3B6D-40FD-B989-C55CBD9CC488} => C:\Users\Volker Henkels\Documents\Downloads\torpark-2.4.1-ff3.exe
Task: {E4297023-2DAB-4DD9-BD10-534216F1718B} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {E8B4FED2-D186-4C9F-BE0E-07BDB3E8FA65} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {F8B6E8F8-4D0E-41F9-88A6-5968D7843E96} - System32\Tasks\{2CCE7FD9-AB71-4537-B279-25FE075D821F} => pcalua.exe -a E:\EE\SETUP.EXE -d E:\EE
Task: {FBBD6DDF-74A3-4123-A987-14C93C0FD596} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FE781653-1136-40F3-848A-71AB4B3A5F07} - System32\Tasks\{BEB0EF88-0D0B-4128-B0A5-C8FF2E0C65C2} => pcalua.exe -a "C:\Users\Volker Henkels\Documents\Downloads\pci_de_smartrecovery45.exe" -d "C:\Program Files\Mozilla Firefox"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2011-12-02 11:33 - 2001-10-28 18:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-10-20 10:56 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2006-09-14 08:56 - 2006-09-14 08:56 - 00102400 _____ () C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-04 09:29 - 2003-04-18 19:06 - 00008192 _____ () C:\Windows\system32\srvany.exe
2014-06-04 09:29 - 2010-04-10 09:03 - 00077824 _____ () C:\Windows\KMService.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-11-13 15:10 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2008-04-21 23:27 - 2008-04-21 23:27 - 00498952 _____ () C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-05-02 10:36 - 2015-05-02 10:36 - 00697884 _____ () C:\Users\Volker Henkels\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.1065\~df394b.tmp
2015-05-02 10:36 - 2015-05-02 10:36 - 00592896 _____ () C:\Users\Volker Henkels\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.1065\~de6248.tmp
2011-10-22 12:04 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2011-10-22 12:04 - 2009-04-20 11:55 - 00148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2008-04-21 22:43 - 2008-04-21 22:43 - 01336600 _____ () C:\Program Files\Acronis\TrueImageHome\fox.dll
2014-10-13 11:44 - 2014-12-07 13:33 - 00023984 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
2014-10-13 11:44 - 2015-03-30 09:42 - 00268800 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2013-11-27 17:50 - 2013-11-27 17:50 - 00018944 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2015-01-19 17:42 - 2015-02-17 15:59 - 02386432 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd
2014-10-13 11:42 - 2015-03-30 09:42 - 02029056 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00106496 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\select.pyd
2014-01-23 13:37 - 2014-01-23 13:37 - 00036352 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2013-12-21 15:20 - 2013-12-21 15:20 - 00053248 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2013-12-21 15:20 - 2013-12-21 15:20 - 00040448 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2011-02-13 17:02 - 2011-02-13 17:02 - 00031232 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2014-10-13 11:57 - 2015-03-30 09:42 - 03035648 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-07 18:36 - 2012-02-07 18:36 - 00111616 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-07 18:36 - 2012-02-07 18:36 - 00024064 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2010-10-11 00:23 - 2010-10-11 00:23 - 00723968 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-29 18:20 - 2013-01-29 18:20 - 00082944 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-07-15 21:37 - 2011-07-15 21:37 - 00981504 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00746496 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00670720 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00966144 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00674816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00688128 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2013-12-21 15:02 - 2013-12-21 15:02 - 00061952 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2013-01-29 18:20 - 2013-01-29 18:20 - 00066048 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2015-03-01 11:17 - 2015-02-28 04:23 - 00022824 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
2015-03-01 11:17 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_socket.pyd
2015-03-01 11:17 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_ssl.pyd
2015-03-01 11:17 - 2014-01-23 14:37 - 00036352 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_psutil_mswindows.pyd
2015-03-01 11:17 - 2012-02-07 19:37 - 00098816 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\win32api.pyd
2015-03-01 11:17 - 2012-02-07 19:35 - 00110080 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\pywintypes27.dll
2015-03-01 11:17 - 2012-02-07 19:38 - 00358912 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\pythoncom27.dll
2015-03-01 11:17 - 2012-02-07 19:42 - 00266240 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\win32com.shell.shell.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_hashlib.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00106496 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_ctypes.pyd
2015-03-01 11:17 - 2010-10-11 00:23 - 00723968 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\apsw.pyd
2015-03-01 11:17 - 2011-01-19 00:56 - 00334336 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\select.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\pyexpat.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00688128 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\unicodedata.pyd
2015-05-02 10:36 - 2015-05-02 10:36 - 00043008 _____ () c:\Users\Volker Henkels\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbq30gl.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-01 18:37 - 2014-10-01 18:37 - 00022824 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\ace_update.exe
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-15 21:37 - 2011-07-15 21:37 - 00981504 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00746496 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00670720 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00966144 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00674816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-07 18:36 - 2012-02-07 18:36 - 00111616 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-07 18:36 - 2012-02-07 18:36 - 00024064 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
2015-05-01 18:50 - 2015-04-28 04:07 - 01252680 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-05-01 18:50 - 2015-04-28 04:07 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Volker Henkels\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: IndexSearch => C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
MSCONFIG\startupreg: PaperPort PTD => C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
MSCONFIG\startupreg: PP8 SE Reminder => "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{B37FBAC1-8C0F-4168-91B8-F39952115DBE}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2F692203-1DB0-4D3B-B001-F4197354EA7D}] => (Allow) LPort=2869
FirewallRules: [{C3AA16F4-F657-431B-840D-67338D188046}] => (Allow) LPort=1900
FirewallRules: [{D6FC6651-0E7C-44B5-9591-AB5328E138B1}] => (Allow) C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{2677B019-5FAF-4218-94FD-5AD974B99E7D}] => (Allow) C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{A1790FAE-BF64-4E6B-95D2-2B1F6B3D9ECE}] => (Allow) LPort=54925
FirewallRules: [{54F3DB20-4D53-4A49-B3EF-F2524D3D7D59}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{5A5C99AC-8FB6-4D87-824E-0193BE27042A}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{9854BE86-E71A-41AF-8E33-4CBA3552D207}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{26F9458A-FB63-4507-89BD-9A17235A5279}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{F0C0E574-8614-4289-8F83-987C96BD5D34}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{ABEE847B-4764-4802-94EF-4A20880DFE7F}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{5974B080-77EC-461C-9A28-D71C28373024}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CC034879-5FB8-4C61-A8CC-C2A1529C5A59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8D86D336-FBED-447F-B1C0-26032749444B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{447F0785-5634-4EFC-85F1-484B39FA1710}] => (Allow) C:\Program Files\Microsoft Office\Office14\outlook.exe
FirewallRules: [{8E97D5B6-2B3A-43B3-B8F8-E036D0B48DDC}] => (Allow) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{6422E443-A10A-4BE2-A818-356978AB0DAA}] => (Allow) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{19A36E4D-E61A-413A-A3F8-2BAEF6CD642B}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E6FDE045-88E8-4474-ACB9-5CCCA8D0D3B3}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6F5E31D1-BFCD-4E87-8887-8C4A33E3E314}] => (Allow) C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BDD3FCEE-C823-4A50-88E2-3FBA7BCB1EF4}] => (Allow) C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7675CFF5-2E9E-4EFA-BA6C-06C0F863A867}C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1ECDA62E-ABD3-45BD-BA05-6511837BCCB0}C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{D3A78000-8D4A-412F-8B0D-126975DFC77E}C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F19E5006-6BC2-4255-9223-5E3A88D26C02}C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{F3C2C1AA-99B4-4142-BF01-D0EEA4F36B6A}C:\program files\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [UDP Query User{DA7C87AA-40D6-4370-A2BD-743F9A22C0C3}C:\program files\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [{2E511D02-9252-473B-AF20-85B473A191C5}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{0B4FAA86-1D43-4FB3-8897-4A883287B2A5}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{C476E187-F630-4614-A471-B6053D14D323}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9E09D535-E1C7-44B9-8451-134E55CDEE3C}C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{8BBF613D-AAC1-4074-B1EB-65742D4AC391}C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{1A445D69-5C90-4D1B-9D88-870FFB289B15}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{20813C83-76AB-4994-994D-FEFCC96F5B83}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CEE3DBEA-465C-4E83-9C96-F4283D174415}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: BHDrvx86
Description: BHDrvx86
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx86
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Norton Internet Security CBE Settings Manager
Description: Norton Internet Security CBE Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ccSet_NIS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/03/2015 10:50:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80080005, Starten des Servers fehlgeschlagen
.
Vorgang:
VSS-Server wird instanziiert
Error: (05/03/2015 10:50:21 AM) (Source: VSS) (EventID: 11) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden.
Höchst wahrscheinlich ist die CPU stark ausgelastet. [0x80080005, Starten des Servers fehlgeschlagen
]
Vorgang:
VSS-Server wird instanziiert
Error: (05/03/2015 10:29:18 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/05/03 10:29:18.783]: [00002772]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.27]
Error: (05/03/2015 10:29:09 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/05/03 10:29:09.718]: [00002772]: GetDeviceIpAddress: GetAddressByName [BRN001BA97A22D7] Error
Error: (05/02/2015 02:22:24 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101).
Error: (05/02/2015 02:22:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x81000101).
Error: (05/02/2015 00:58:44 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/05/02 12:58:44.294]: [00002772]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.27]
Error: (04/28/2015 06:53:23 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101).
Error: (04/28/2015 06:53:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x81000101).
Error: (04/28/2015 05:31:26 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/04/28 17:31:26.236]: [00002080]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.27]
System errors:
=============
Error: (05/03/2015 10:44:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (05/02/2015 10:41:06 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (05/02/2015 10:36:31 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/02/2015 10:35:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx86
ccSet_NIS
SymIRON
Error: (05/02/2015 10:35:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (05/01/2015 08:55:13 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/01/2015 08:54:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx86
ccSet_NIS
SymIRON
Error: (05/01/2015 06:36:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error: (05/01/2015 06:34:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/01/2015 06:33:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx86
ccSet_NIS
SymIRON
Microsoft Office Sessions:
=========================
Error: (05/03/2015 10:50:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80080005, Starten des Servers fehlgeschlagen
Vorgang:
VSS-Server wird instanziiert
Error: (05/03/2015 10:50:21 AM) (Source: VSS) (EventID: 11) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80080005, Starten des Servers fehlgeschlagen
Vorgang:
VSS-Server wird instanziiert
Error: (05/03/2015 10:29:18 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/05/03 10:29:18.783]: [00002772]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.27]
Error: (05/03/2015 10:29:09 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/05/03 10:29:09.718]: [00002772]: GetDeviceIpAddress: GetAddressByName [BRN001BA97A22D7] Error
Error: (05/02/2015 02:22:24 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x81000101
Error: (05/02/2015 02:22:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x81000101
Error: (05/02/2015 00:58:44 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/05/02 12:58:44.294]: [00002772]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.27]
Error: (04/28/2015 06:53:23 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x81000101
Error: (04/28/2015 06:53:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x81000101
Error: (04/28/2015 05:31:26 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/04/28 17:31:26.236]: [00002080]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.27]
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 65%
Total physical RAM: 3050.68 MB
Available physical RAM: 1049.46 MB
Total Pagefile: 6097.59 MB
Available Pagefile: 3153.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:292.87 GB) (Free:94.76 GB) NTFS
Drive d: () (Fixed) (Total:172.79 GB) (Free:22.25 GB) NTFS
Drive g: () (Removable) (Total:1.84 GB) (Free:0.98 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F961277B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=172.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Dies ist das erste Mal, dass ich mit einem ernsthaften Virusverdacht konfrontiert bin. Bin entsprechend unerfahren und für jede Hilfe dankbar. Nachdem ich die Anleitung für Neulinge gelesen habe, reiche ich denDefogger Log nach: defogger_disable by jpshortstuff (23.02.10.1) Log created at 11:07 on 03/05/2015 (Volker Henkels) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Der GMER Scan ist nicht durchgelaufen. Nach einer Weile bekam ich die Fehlermeldung "kein Datenträger in Laufwerk\Device\Harddisk4\DR4. Egal ob wiederholen, weiter oder abbrechen - der Scan ließ sich nicht fortsetzen. Das bis dahin erstellte Logfile lautet: GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-05-03 11:34:52 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST500DM002-1BC142 rev.JC4B 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\VOLKER~1\AppData\Local\Temp\fxldapoc.sys ---- System - GMER 2.1 ---- SSDT 86F3F598 ZwAlpcConnectPort SSDT 90FDB27E ZwCreateSection SSDT 90FDB256 ZwCreateSymbolicLinkObject SSDT 90FDB25B ZwLoadDriver SSDT 90FDB251 ZwOpenSection SSDT 90FDB288 ZwRequestWaitReplyPort SSDT 90FDB283 ZwSetContextThread SSDT 90FDB28D ZwSetSecurityObject SSDT 90FDB260 ZwSetSystemInformation SSDT 90FDB292 ZwSystemDebugControl SSDT 90FDB21F ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRequestWaitReplyPort + 14B9 83441A15 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 83461C62 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 13C7 8346910C 4 Bytes [98, F5, F3, 86] .text ntoskrnl.exe!KeRemoveQueueEx + 14BF 83469204 4 Bytes [7E, B2, FD, 90] {JLE 0xffffffb4; STD ; NOP } .text ntoskrnl.exe!KeRemoveQueueEx + 14C7 8346920C 4 Bytes [56, B2, FD, 90] {PUSH ESI; MOV DL, 0xfd; NOP } .text ntoskrnl.exe!KeRemoveQueueEx + 15DB 83469320 4 Bytes [5B, B2, FD, 90] {POP EBX; MOV DL, 0xfd; NOP } .text ntoskrnl.exe!KeRemoveQueueEx + 1677 834693BC 4 Bytes [51, B2, FD, 90] {PUSH ECX; MOV DL, 0xfd; NOP } .text ... ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpman.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 timntr.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpman.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 snapman.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 timntr.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 tdrpman.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 snapman.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 timntr.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 tdrpman.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 snapman.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 timntr.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 tdrpman.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 snapman.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 timntr.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@927182FC 3325 Geändert von Floh312 (03.05.2015 um 10:50 Uhr) Grund: Ergänzung nach Erste Hilfe Lektüre |
|
03.05.2015, 10:18
| #2 |
| /// the machine /// TB-Ausbilder    | Aus Email Anhang von DHL TR/Emotet.A.92 installiert hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
03.05.2015, 10:55
| #3 |
| | Das ging schnell.. Hallo,
__________________jetzt sehe ich deine schnelle Antwort. erstmal Danke. Hab die ergänzenden Logs wieder nur reinkopiert. Sorry. Werde mich bessern. Jetzt erstmal befolge ich deine Ratschläge. Bis später. |
|
03.05.2015, 16:51
| #4 |
| /// the machine /// TB-Ausbilder | Aus Email Anhang von DHL TR/Emotet.A.92 installiert ok 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.05.2015, 10:37
| #5 |
| | Aus Email Anhang von DHL TR/Emotet.A.92 installiert In Kürze: mbar hat ein Problem gefunden. Nach Neustart fand mbar kein Problem mehr. TDSSKiller hat ebenfalls ein Problem gefunden. Ich hab geskippt. Hier die Logfiles: mbar1: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.05.03.02
rootkit: v2015.04.21.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17728
Volker Henkels :: DESKTOP [administrator]
03.05.2015 12:00:48
mbar-log-2015-05-03 (12-00-48).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 432569
Time elapsed: 35 minute(s), 36 second(s)
Memory Processes Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 544 -> Delete on reboot. [dc62f49b6d1ded494c11eeb928da48b8]
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot. [dc62f49b6d1ded494c11eeb928da48b8]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.05.03.02
rootkit: v2015.04.21.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17728
Volker Henkels :: DESKTOP [administrator]
03.05.2015 13:13:45
mbar-log-2015-05-03 (13-13-45).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 430973
Time elapsed: 33 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
04.05.2015, 10:47
| #6 |
| | TDS Log Der Logfile als Anhang. Vielen Dank und viele Grüße |
|
05.05.2015, 07:27
| #7 |
| /// the machine /// TB-Ausbilder | Aus Email Anhang von DHL TR/Emotet.A.92 installiert Wie oben schon geschrieben: Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.05.2015, 07:36
| #8 |
| | Aus Email Anhang von DHL TR/Emotet.A.92 installiert Hallo, der TDS Log war zu groß. Ich kann ihn höchstens aufteilen. Ist dir das lieber? VG Floh OK. Steht ja da. Dann also Teil 1: Code:
ATTFilter 11:21:52.0137 0x06c8 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:22:00.0748 0x06c8 ============================================================
11:22:00.0748 0x06c8 Current date / time: 2015/05/04 11:22:00.0748
11:22:00.0748 0x06c8 SystemInfo:
11:22:00.0748 0x06c8
11:22:00.0748 0x06c8 OS Version: 6.1.7601 ServicePack: 1.0
11:22:00.0748 0x06c8 Product type: Workstation
11:22:00.0748 0x06c8 ComputerName: DESKTOP
11:22:00.0748 0x06c8 UserName: Volker Henkels
11:22:00.0748 0x06c8 Windows directory: C:\Windows
11:22:00.0748 0x06c8 System windows directory: C:\Windows
11:22:00.0748 0x06c8 Processor architecture: Intel x86
11:22:00.0748 0x06c8 Number of processors: 4
11:22:00.0748 0x06c8 Page size: 0x1000
11:22:00.0748 0x06c8 Boot type: Normal boot
11:22:00.0748 0x06c8 ============================================================
11:22:02.0386 0x06c8 KLMD registered as C:\Windows\system32\drivers\31906142.sys
11:22:02.0698 0x06c8 System UUID: {6C4DC9DB-FC3B-7E11-CB53-728E5C27593B}
11:22:03.0088 0x06c8 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:22:03.0088 0x06c8 Drive \Device\Harddisk1\DR1 - Size: 0x75E00000 ( 1.84 Gb ), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:22:03.0104 0x06c8 ============================================================
11:22:03.0104 0x06c8 \Device\Harddisk0\DR0:
11:22:03.0104 0x06c8 MBR partitions:
11:22:03.0104 0x06c8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:22:03.0104 0x06c8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x249BE000
11:22:03.0104 0x06c8 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x15995000
11:22:03.0104 0x06c8 \Device\Harddisk1\DR1:
11:22:03.0104 0x06c8 MBR partitions:
11:22:03.0104 0x06c8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3AE039
11:22:03.0104 0x06c8 ============================================================
11:22:03.0119 0x06c8 C: <-> \Device\Harddisk0\DR0\Partition2
11:22:03.0151 0x06c8 D: <-> \Device\Harddisk0\DR0\Partition3
11:22:03.0151 0x06c8 ============================================================
11:22:03.0151 0x06c8 Initialize success
11:22:03.0151 0x06c8 ============================================================
11:22:50.0629 0x1010 ============================================================
11:22:50.0629 0x1010 Scan started
11:22:50.0629 0x1010 Mode: Manual; SigCheck; TDLFS;
11:22:50.0629 0x1010 ============================================================
11:22:50.0629 0x1010 KSN ping started
11:22:53.0063 0x1010 KSN ping finished: true
11:22:56.0604 0x1010 ================ Scan system memory ========================
11:22:56.0604 0x1010 System memory - ok
11:22:56.0604 0x1010 ================ Scan services =============================
11:22:56.0729 0x1010 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:22:56.0871 0x1010 1394ohci - ok
11:22:56.0996 0x1010 [ 7EEB488346FBFA3731276C3EE8A8FD9E, 97D2E49C2E615E38E8176F1C1551BF452CC6A00787FF90845EFF27A4E6E20B1F ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
11:22:57.0012 0x1010 AAV UpdateService - ok
11:22:57.0074 0x1010 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:22:57.0090 0x1010 ACPI - ok
11:22:57.0105 0x1010 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:22:57.0168 0x1010 AcpiPmi - ok
11:22:57.0230 0x1010 [ 849201BFB643FC6EEA0B5531B22AAA57, 91DF509467483ECA8590F44E416F24BC2C08FAF4CA0C92FE554D9B18AFF7CD37 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
11:22:57.0261 0x1010 AcrSch2Svc - ok
11:22:57.0386 0x1010 [ 177FF6608B48638D4066726F3A3F8444, D0D7B7EAEFDF30210CE4D31E9C7AB349CEB862A452D5925E698B60204AAE8A49 ] AdobeActiveFileMonitor5.0 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
11:22:57.0402 0x1010 AdobeActiveFileMonitor5.0 - detected UnsignedFile.Multi.Generic ( 1 )
11:22:59.0866 0x1010 Detect skipped due to KSN trusted
11:22:59.0866 0x1010 AdobeActiveFileMonitor5.0 - ok
11:22:59.0976 0x1010 [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:22:59.0991 0x1010 AdobeARMservice - ok
11:23:00.0085 0x1010 [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:23:00.0116 0x1010 AdobeFlashPlayerUpdateSvc - ok
11:23:00.0178 0x1010 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:23:00.0194 0x1010 adp94xx - ok
11:23:00.0210 0x1010 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:23:00.0225 0x1010 adpahci - ok
11:23:00.0241 0x1010 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:23:00.0256 0x1010 adpu320 - ok
11:23:00.0272 0x1010 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:23:00.0319 0x1010 AeLookupSvc - ok
11:23:00.0381 0x1010 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
11:23:00.0412 0x1010 AFD - ok
11:23:00.0459 0x1010 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
11:23:00.0475 0x1010 agp440 - ok
11:23:00.0506 0x1010 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
11:23:00.0522 0x1010 aic78xx - ok
11:23:00.0553 0x1010 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
11:23:00.0600 0x1010 ALG - ok
11:23:00.0631 0x1010 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
11:23:00.0646 0x1010 aliide - ok
11:23:00.0662 0x1010 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:23:00.0678 0x1010 amdagp - ok
11:23:00.0678 0x1010 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
11:23:00.0693 0x1010 amdide - ok
11:23:00.0724 0x1010 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:23:00.0787 0x1010 AmdK8 - ok
11:23:00.0802 0x1010 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:23:00.0865 0x1010 AmdPPM - ok
11:23:00.0896 0x1010 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:23:00.0912 0x1010 amdsata - ok
11:23:00.0927 0x1010 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:23:00.0943 0x1010 amdsbs - ok
11:23:00.0958 0x1010 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:23:00.0958 0x1010 amdxata - ok
11:23:01.0161 0x1010 [ 62A6B0A393591878A1E00224EA698AD7, 691B6E248D0682477543455B67E85C768A4A53A92139E153320ED4E4CED1E010 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
11:23:01.0224 0x1010 AntiVirMailService - ok
11:23:01.0317 0x1010 [ F36D18EF1E66F92094AD89D17BEF007C, A5C793B340311CB7A301B77316E1976E3CD7CA9470CE5F1062CB003BCD4C155C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:23:01.0333 0x1010 AntiVirSchedulerService - ok
11:23:01.0380 0x1010 [ F36D18EF1E66F92094AD89D17BEF007C, A5C793B340311CB7A301B77316E1976E3CD7CA9470CE5F1062CB003BCD4C155C ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:23:01.0395 0x1010 AntiVirService - ok
11:23:01.0442 0x1010 [ 5B7924A162A604B43FFBEE9384ABE77B, 1A1A836C145BAD330EDC778D4FD18CE737EB10E4B22AE8A39CDDBAAC36B0FF11 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
11:23:01.0473 0x1010 AntiVirWebService - ok
11:23:01.0520 0x1010 [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID C:\Windows\system32\drivers\appid.sys
11:23:01.0598 0x1010 AppID - ok
11:23:01.0614 0x1010 [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:23:01.0645 0x1010 AppIDSvc - ok
11:23:01.0676 0x1010 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
11:23:01.0785 0x1010 Appinfo - ok
11:23:01.0832 0x1010 [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:23:01.0848 0x1010 Apple Mobile Device - ok
11:23:01.0879 0x1010 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:23:01.0941 0x1010 AppMgmt - ok
11:23:01.0972 0x1010 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
11:23:01.0988 0x1010 arc - ok
11:23:02.0004 0x1010 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:23:02.0019 0x1010 arcsas - ok
11:23:02.0066 0x1010 [ E39465F39AB5321FDEFB71F6DD81BF23, 47B2F8CAA7BB03A7CB01BA4DD7D338B399215B1B3C4EF4C9A53B7AFD0B5396F3 ] asahci32 C:\Windows\system32\DRIVERS\asahci32.sys
11:23:02.0128 0x1010 asahci32 - ok
11:23:02.0160 0x1010 [ C8B9BFE648F6CBFC96ADCDE84384B2DE, 6D0326B1C7FB1032057455AB2C4DF4D456F63F9DCD74AB32F3FBF1ABA6662103 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
11:23:02.0238 0x1010 asmthub3 - ok
11:23:02.0300 0x1010 [ F1332303135241B591BD02BCE65190B0, 141996C1E2D6B04098020DBC2189895C8A12E00CB306786D453D492A5B4105B9 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
11:23:02.0362 0x1010 asmtxhci - ok
11:23:02.0472 0x1010 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:23:02.0518 0x1010 aspnet_state - ok
11:23:02.0565 0x1010 [ 46658EE12F6924E832697581FDD0E659, FA850ECF832DEDF22DCA3E1777B8F65E5AAE9508BCBF77CAD4D28F3147B87D2B ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
11:23:02.0596 0x1010 AsrAppCharger - ok
11:23:02.0612 0x1010 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:23:02.0721 0x1010 AsyncMac - ok
11:23:02.0768 0x1010 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
11:23:02.0768 0x1010 atapi - ok
11:23:02.0830 0x1010 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:23:02.0893 0x1010 AudioEndpointBuilder - ok
11:23:02.0908 0x1010 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:23:02.0924 0x1010 Audiosrv - ok
11:23:02.0986 0x1010 [ AF5DA81B19AFA730F1E5246AD81D140A, 532951071F56896A3B5D47874C14D996C8620EA02F87D4BA21B083EC804FB166 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
11:23:03.0002 0x1010 avgntflt - ok
11:23:03.0018 0x1010 [ A5674637BCA212D9FE136ADFA04C9857, 95F3632EBB041C539816D285EBE1F379D46A4187379C69D4683D9F4DECBDB80C ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
11:23:03.0033 0x1010 avipbb - ok
11:23:03.0127 0x1010 [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
11:23:03.0142 0x1010 Avira.OE.ServiceHost - ok
11:23:03.0158 0x1010 [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
11:23:03.0174 0x1010 avkmgr - ok
11:23:03.0220 0x1010 [ 728C4A6C722535C16D1025F51AA31E22, F6A49A0B87E9A2D39C6CC0A80CBCA514822E3B423AAB7C831FF17A753F2F4975 ] avmaudio C:\Windows\system32\DRIVERS\avmaudio.sys
11:23:03.0283 0x1010 avmaudio - ok
11:23:03.0314 0x1010 [ 3303FB85532093FC6723632B5947E8C4, F8301069A8EAD7303CAE5B7CAE3F119747E7B7B4402178018EB5254087238A42 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
11:23:03.0330 0x1010 avnetflt - ok
11:23:03.0392 0x1010 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:23:03.0454 0x1010 AxInstSV - ok
11:23:03.0501 0x1010 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
11:23:03.0548 0x1010 b06bdrv - ok
11:23:03.0564 0x1010 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
11:23:03.0626 0x1010 b57nd60x - ok
11:23:03.0657 0x1010 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
11:23:03.0704 0x1010 BDESVC - ok
11:23:03.0720 0x1010 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
11:23:03.0751 0x1010 Beep - ok
11:23:03.0829 0x1010 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
11:23:03.0860 0x1010 BFE - ok
11:23:04.0078 0x1010 [ 6C6AC7CA8A034C15C52B35189BAD58EE, 5BD1F5DEA19150535350D394A406E2FC69CFE28CB2E5AF2862E450469D90D7A4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys
11:23:04.0094 0x1010 BHDrvx86 - ok
11:23:04.0188 0x1010 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
11:23:04.0375 0x1010 BITS - ok
11:23:04.0390 0x1010 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:23:04.0422 0x1010 blbdrive - ok
11:23:04.0500 0x1010 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:23:04.0515 0x1010 Bonjour Service - ok
11:23:04.0562 0x1010 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:23:04.0593 0x1010 bowser - ok
11:23:04.0609 0x1010 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:23:04.0671 0x1010 BrFiltLo - ok
11:23:04.0687 0x1010 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:23:04.0718 0x1010 BrFiltUp - ok
11:23:04.0765 0x1010 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
11:23:04.0827 0x1010 Browser - ok
11:23:04.0874 0x1010 [ 9F80879913DC2712FD0C4D734E3F519B, AECEB7F5B24CA5334B9FE862D939046BAA7E18626505A7887B1DA060D28D87FC ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
11:23:04.0921 0x1010 BrSerIb - ok
11:23:04.0952 0x1010 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\system32\Drivers\Brserid.sys
11:23:05.0014 0x1010 Brserid - ok
11:23:05.0014 0x1010 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:23:05.0046 0x1010 BrSerWdm - ok
11:23:05.0061 0x1010 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:23:05.0077 0x1010 BrUsbMdm - ok
11:23:05.0092 0x1010 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\Drivers\BrUsbSer.sys
11:23:05.0124 0x1010 BrUsbSer - ok
11:23:05.0170 0x1010 [ B67512DA42C0C90BF236D5485226C1C7, 1179B7B15753A63E26301766340C66D3D9E76E30901C92775AFC490BD948E909 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
11:23:05.0186 0x1010 BrUsbSIb - ok
11:23:05.0264 0x1010 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2, 1EB84F4DEE3034FAFBEA2A3F84EECE036E803872DA94D54E958E9F2F09519E88 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
11:23:05.0280 0x1010 BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
11:23:07.0731 0x1010 Detect skipped due to KSN trusted
11:23:07.0731 0x1010 BrYNSvc - ok
11:23:07.0746 0x1010 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:23:07.0778 0x1010 BTHMODEM - ok
11:23:07.0809 0x1010 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
11:23:07.0840 0x1010 bthserv - ok
11:23:07.0902 0x1010 [ 3BEE52611F22C9C0023A98A4425E084F, 974FD5D89C8E06DC0C7E7ADB73E060CFCCA4910E69691F2BC9585B0ED1DCEFC2 ] ccSet_NIS C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys
11:23:07.0918 0x1010 ccSet_NIS - ok
11:23:07.0949 0x1010 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:23:07.0980 0x1010 cdfs - ok
11:23:08.0043 0x1010 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:23:08.0058 0x1010 cdrom - ok
11:23:08.0121 0x1010 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
11:23:08.0168 0x1010 CertPropSvc - ok
11:23:08.0183 0x1010 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:23:08.0199 0x1010 circlass - ok
11:23:08.0230 0x1010 [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS C:\Windows\system32\CLFS.sys
11:23:08.0261 0x1010 CLFS - ok
11:23:08.0324 0x1010 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:23:08.0339 0x1010 clr_optimization_v2.0.50727_32 - ok
11:23:08.0386 0x1010 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:23:08.0448 0x1010 clr_optimization_v4.0.30319_32 - ok
11:23:08.0480 0x1010 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:23:08.0511 0x1010 CmBatt - ok
11:23:08.0542 0x1010 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:23:08.0558 0x1010 cmdide - ok
11:23:08.0604 0x1010 [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG C:\Windows\system32\Drivers\cng.sys
11:23:08.0636 0x1010 CNG - ok
11:23:08.0667 0x1010 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:23:08.0667 0x1010 Compbatt - ok
11:23:08.0714 0x1010 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:23:08.0745 0x1010 CompositeBus - ok
11:23:08.0745 0x1010 COMSysApp - ok
11:23:08.0760 0x1010 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:23:08.0776 0x1010 crcdisk - ok
11:23:08.0870 0x1010 [ C8BD651E13895B93ED9EC5B4F1DF42BC, D86D6BF0BA3C09B49B3A52C86A7F3B3856A27F79EDD86A8FFA469D9A5F196E8D ] Creative ALchemy AL6 Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
11:23:08.0885 0x1010 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
11:23:11.0350 0x1010 Detect skipped due to KSN trusted
11:23:11.0350 0x1010 Creative ALchemy AL6 Licensing Service - ok
11:23:11.0366 0x1010 [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
11:23:11.0381 0x1010 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
11:23:13.0830 0x1010 Detect skipped due to KSN trusted
11:23:13.0830 0x1010 Creative Audio Engine Licensing Service - ok
11:23:13.0877 0x1010 [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:23:13.0908 0x1010 CryptSvc - ok
11:23:13.0971 0x1010 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
11:23:14.0064 0x1010 CSC - ok
11:23:14.0096 0x1010 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
11:23:14.0111 0x1010 CscService - ok
11:23:14.0220 0x1010 [ 07BA6D17E66879018B30B6C3F976EBED, 1759CE25519358A47E1B1FA02A415DB5D3F6B511AD3820D0AE8A1533B5DC83CD ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
11:23:14.0252 0x1010 CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
11:23:16.0888 0x1010 Detect skipped due to KSN trusted
11:23:16.0888 0x1010 CTAudSvcService - ok
11:23:16.0966 0x1010 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
11:23:17.0028 0x1010 DcomLaunch - ok
11:23:17.0044 0x1010 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
11:23:17.0075 0x1010 defragsvc - ok
11:23:17.0122 0x1010 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:23:17.0153 0x1010 DfsC - ok
11:23:17.0200 0x1010 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:23:17.0262 0x1010 Dhcp - ok
11:23:17.0278 0x1010 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
11:23:17.0325 0x1010 discache - ok
11:23:17.0387 0x1010 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:23:17.0403 0x1010 Disk - ok
11:23:17.0465 0x1010 [ 1D95D36DB805787D54EB50E45ED4AF40, F5E4DCB0CAE8A16434BBB8D801D031EFAA0C182CE70B722A1C0EAB84211DCE88 ] DLPortIO C:\Windows\system32\DRIVERS\DLPortIO.SYS
11:23:17.0481 0x1010 DLPortIO - detected UnsignedFile.Multi.Generic ( 1 )
11:23:19.0946 0x1010 Detect skipped due to KSN trusted
11:23:19.0946 0x1010 DLPortIO - ok
11:23:19.0992 0x1010 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:23:20.0039 0x1010 Dnscache - ok
11:23:20.0102 0x1010 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
11:23:20.0133 0x1010 dot3svc - ok
11:23:20.0195 0x1010 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
11:23:20.0226 0x1010 DPS - ok
11:23:20.0273 0x1010 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:23:20.0320 0x1010 drmkaud - ok
11:23:20.0382 0x1010 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:23:20.0414 0x1010 DXGKrnl - ok
11:23:20.0429 0x1010 [ 22EF8965101685ADD128F03A2B03CE16, 677F7B32C7A45C26F2F0DB67FFB526E9742E4B3A8BEAEA7B814CBCA2F56D6D5A ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
11:23:20.0460 0x1010 E1G60 - ok
11:23:20.0492 0x1010 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
11:23:20.0523 0x1010 EapHost - ok
11:23:20.0648 0x1010 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
11:23:20.0757 0x1010 ebdrv - ok
11:23:20.0866 0x1010 [ E1E3804F7C59EA3E14637C2A763F65E2, DE230937450EA73819B207BA513D7C2830EC981B77B3AD2FADF2A2A828BAF412 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:23:20.0882 0x1010 eeCtrl - ok
11:23:20.0913 0x1010 [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] EFS C:\Windows\System32\lsass.exe
11:23:20.0960 0x1010 EFS - ok
11:23:21.0038 0x1010 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:23:21.0069 0x1010 ehRecvr - ok
11:23:21.0084 0x1010 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
11:23:21.0131 0x1010 ehSched - ok
11:23:21.0147 0x1010 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:23:21.0178 0x1010 elxstor - ok
11:23:21.0194 0x1010 [ 6D84DFC3B5C5052881BF50470D0C03D1, 5609B71BED7DC906EA163949980D98AEFE9E197EC9AA571B1A3CF960D95FC329 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:23:21.0209 0x1010 EraserUtilRebootDrv - ok
11:23:21.0240 0x1010 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:23:21.0256 0x1010 ErrDev - ok
11:23:21.0287 0x1010 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
11:23:21.0334 0x1010 EventSystem - ok
11:23:21.0365 0x1010 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
11:23:21.0396 0x1010 exfat - ok
11:23:21.0490 0x1010 Fabs - ok
11:23:21.0506 0x1010 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:23:21.0552 0x1010 fastfat - ok
11:23:21.0630 0x1010 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
11:23:21.0662 0x1010 Fax - ok
11:23:21.0677 0x1010 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:23:21.0708 0x1010 fdc - ok
11:23:21.0724 0x1010 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
11:23:21.0740 0x1010 fdPHost - ok
11:23:21.0755 0x1010 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
11:23:21.0786 0x1010 FDResPub - ok
11:23:21.0802 0x1010 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:23:21.0818 0x1010 FileInfo - ok
11:23:21.0818 0x1010 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:23:21.0864 0x1010 Filetrace - ok
11:23:21.0974 0x1010 [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
11:23:22.0098 0x1010 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
11:23:24.0548 0x1010 Detect skipped due to KSN trusted
11:23:24.0548 0x1010 FirebirdServerMAGIXInstance - ok
11:23:24.0563 0x1010 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:23:24.0610 0x1010 flpydisk - ok
11:23:24.0641 0x1010 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:23:24.0657 0x1010 FltMgr - ok
11:23:24.0719 0x1010 [ 09CAE05275585AC404D48213D7B08396, 57A26502136386FBF2012BAEB50A8FEA0FBFD845FC6C4291BDD64707002326EC ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS
11:23:24.0719 0x1010 FNETTBOH_305 - ok
11:23:24.0750 0x1010 [ 47BDA10316324CFA540F25AB7021F0D8, 6719FEEB3ADED6F199171D2B496A29A55169BD2C7111B66EEE91383FAEA4C893 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
11:23:24.0766 0x1010 FNETURPX - ok
11:23:24.0844 0x1010 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
11:23:24.0953 0x1010 FontCache - ok
11:23:25.0016 0x1010 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:23:25.0031 0x1010 FontCache3.0.0.0 - ok
11:23:25.0062 0x1010 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:23:25.0078 0x1010 FsDepends - ok
11:23:25.0109 0x1010 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:23:25.0125 0x1010 Fs_Rec - ok
11:23:25.0172 0x1010 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:23:25.0187 0x1010 fvevol - ok
11:23:25.0203 0x1010 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:23:25.0218 0x1010 gagp30kx - ok
11:23:25.0250 0x1010 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:23:25.0265 0x1010 GEARAspiWDM - ok
11:23:25.0328 0x1010 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
11:23:25.0374 0x1010 gpsvc - ok
11:23:25.0484 0x1010 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:23:25.0499 0x1010 gupdate - ok
11:23:25.0499 0x1010 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:23:25.0593 0x1010 gupdatem - ok
11:23:25.0733 0x1010 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:23:25.0780 0x1010 hcw85cir - ok
11:23:25.0842 0x1010 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:23:25.0874 0x1010 HdAudAddService - ok
11:23:25.0889 0x1010 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:23:25.0920 0x1010 HDAudBus - ok
11:23:25.0952 0x1010 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:23:25.0967 0x1010 HidBatt - ok
11:23:25.0983 0x1010 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:23:25.0998 0x1010 HidBth - ok
11:23:26.0030 0x1010 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:23:26.0045 0x1010 HidIr - ok
11:23:26.0076 0x1010 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
11:23:26.0092 0x1010 hidserv - ok
11:23:26.0123 0x1010 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:23:26.0154 0x1010 HidUsb - ok
11:23:26.0201 0x1010 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
11:23:26.0232 0x1010 hkmsvc - ok
11:23:26.0264 0x1010 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:23:26.0310 0x1010 HomeGroupListener - ok
11:23:26.0326 0x1010 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:23:26.0342 0x1010 HomeGroupProvider - ok
11:23:26.0388 0x1010 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:23:26.0404 0x1010 HpSAMD - ok
11:23:26.0451 0x1010 [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:23:26.0513 0x1010 HTTP - ok
11:23:26.0544 0x1010 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:23:26.0560 0x1010 hwpolicy - ok
11:23:26.0591 0x1010 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:23:26.0638 0x1010 i8042prt - ok
11:23:26.0669 0x1010 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:23:26.0700 0x1010 iaStorV - ok
11:23:26.0778 0x1010 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:23:26.0778 0x1010 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
11:23:29.0230 0x1010 Detect skipped due to KSN trusted
11:23:29.0230 0x1010 IDriverT - ok
11:23:29.0292 0x1010 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:23:29.0339 0x1010 idsvc - ok
11:23:29.0432 0x1010 [ 715941AC16A273F986733BA9A2536368, 5D5995D2FE47BB11057BCE1FDF852880551443068CD59635456CF10217570EBF ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130830.001\IDSvix86.sys
11:23:29.0464 0x1010 IDSVix86 - ok
11:23:29.0495 0x1010 IEEtwCollectorService - ok
11:23:29.0947 0x1010 [ 24CCEC128BEBB148E50C6093523AD686, FE9DBB25127ED3BAC9EB2789A63D17D5F22EDCC9414E2C89B333083646625736 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
11:23:30.0337 0x1010 igfx - ok
11:23:30.0446 0x1010 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:23:30.0478 0x1010 iirsp - ok
11:23:30.0680 0x1010 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
11:23:30.0743 0x1010 IKEEXT - ok
11:23:30.0883 0x1010 [ BFD7663C508B6D6B20D2C15255EA7096, 6A90E80AADE2033D5D102BA3BF5180D03D836B3FDD2F1D862519FBA5DE66A009 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:23:30.0992 0x1010 IntcAzAudAddService - ok
11:23:31.0039 0x1010 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
11:23:31.0055 0x1010 intelide - ok
11:23:31.0086 0x1010 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:23:31.0117 0x1010 intelppm - ok
11:23:31.0133 0x1010 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:23:31.0195 0x1010 IPBusEnum - ok
11:23:31.0211 0x1010 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:23:31.0242 0x1010 IpFilterDriver - ok
11:23:31.0304 0x1010 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:23:31.0351 0x1010 iphlpsvc - ok
11:23:31.0382 0x1010 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:23:31.0398 0x1010 IPMIDRV - ok
11:23:31.0429 0x1010 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:23:31.0445 0x1010 IPNAT - ok
11:23:31.0507 0x1010 [ 4D800977F7EB0C310AF04BF5B517985A, DD4EC347D4759AC401BD08739DE012E5F1903DF2EDEBEA17CCD3C19FF1F6005E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:23:31.0538 0x1010 iPod Service - ok
11:23:31.0554 0x1010 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:23:31.0585 0x1010 IRENUM - ok
11:23:31.0632 0x1010 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:23:31.0632 0x1010 isapnp - ok
11:23:31.0679 0x1010 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:23:31.0694 0x1010 iScsiPrt - ok
11:23:31.0710 0x1010 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:23:31.0726 0x1010 kbdclass - ok
11:23:31.0741 0x1010 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:23:31.0772 0x1010 kbdhid - ok
11:23:31.0788 0x1010 [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] KeyIso C:\Windows\system32\lsass.exe
11:23:31.0788 0x1010 KeyIso - ok
11:23:31.0850 0x1010 [ 4635935FC972C582632BF45C26BFCB0E, ABD4AFD71B3C2BD3F741BBE3CEC52C4FA63AC78D353101D2E7DC4DE2725D1CA1 ] KMService C:\Windows\system32\srvany.exe
11:23:31.0866 0x1010 KMService - detected UnsignedFile.Multi.Generic ( 1 )
11:23:34.0315 0x1010 Detect skipped due to KSN trusted
11:23:34.0315 0x1010 KMService - ok
11:23:34.0362 0x1010 [ 746F89CE0C6569C589E6AC4D3DA82D41, 6D41311CBA8BB7C9C09C1757D7947539B67FE3EFF6299502176C673809BAEAD8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:23:34.0393 0x1010 KSecDD - ok
11:23:34.0409 0x1010 [ D800E1EAF33630A1636BB21E8256AA92, D07542A242E0D52B494BE63A6A141207D0A59CF66ABEBA9CE33877594BF7BA5D ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:23:34.0424 0x1010 KSecPkg - ok
11:23:34.0456 0x1010 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
11:23:34.0502 0x1010 KtmRm - ok
11:23:34.0518 0x1010 [ 1A91EAAD2D73758140B3B7B6AD736573, 5D2B355B01E4A01BEE32E219960ED701AE419581ACC2E792E36E5C53F7ED88CA ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
11:23:34.0534 0x1010 L1C - ok
11:23:34.0580 0x1010 [ 0F8B7BF7097D1E8D78F2F52A2BEA03CD, 62E92E7D1C523E6C16DA42D7E4B86B2E02665B63387484867FFDE9AC4712075A ] L8042pr2 C:\Windows\system32\DRIVERS\L8042pr2.Sys
11:23:34.0612 0x1010 L8042pr2 - ok
11:23:34.0643 0x1010 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:23:34.0690 0x1010 LanmanServer - ok
11:23:34.0705 0x1010 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:23:34.0752 0x1010 LanmanWorkstation - ok
11:23:34.0768 0x1010 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:23:34.0799 0x1010 lltdio - ok
11:23:34.0814 0x1010 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:23:34.0846 0x1010 lltdsvc - ok
11:23:34.0861 0x1010 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:23:34.0892 0x1010 lmhosts - ok
11:23:34.0924 0x1010 [ AEF09673376A4D93C09E8341854F1BF4, A760244ABE5801AB4BEA91702F7926943DBEAC46311D50DAB8C635338585AFD5 ] LMouFlt2 C:\Windows\system32\DRIVERS\LMouFlt2.Sys
11:23:34.0939 0x1010 LMouFlt2 - ok
11:23:35.0048 0x1010 [ 98B16E756243BEA9410E32025B19C06F, C4F8663FF4C2F1123CC92D88004090AD06ED12FCD07706AE168333A33B269A53 ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:23:35.0064 0x1010 LMS - ok
11:23:35.0080 0x1010 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:23:35.0095 0x1010 LSI_FC - ok
11:23:35.0126 0x1010 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:23:35.0126 0x1010 LSI_SAS - ok
11:23:35.0142 0x1010 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:23:35.0158 0x1010 LSI_SAS2 - ok
11:23:35.0158 0x1010 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:23:35.0173 0x1010 LSI_SCSI - ok
11:23:35.0220 0x1010 [ C7827861DE5D67B214E3896D24F807AE, 2F04E972C94500DB079B94058C4E0DE205FEF368E3F8BBE1052C7AF01A127B6B ] Ltn_hyd7700pc C:\Windows\system32\Drivers\Ltn_hyd7700pc.sys
11:23:35.0282 0x1010 Ltn_hyd7700pc - ok
11:23:35.0329 0x1010 [ 3651DE4E273C2CFF0573BB680701E742, 8186DA7BBAC38BFE77F5ACA36CFABF4FC9894E2BA410DB46D0B7980B53C2589D ] Ltn_rc C:\Windows\system32\Drivers\Ltn_rc.sys
11:23:35.0376 0x1010 Ltn_rc - ok
11:23:35.0407 0x1010 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
11:23:35.0470 0x1010 luafv - ok
11:23:35.0501 0x1010 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:23:35.0532 0x1010 Mcx2Svc - ok
11:23:35.0548 0x1010 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:23:35.0563 0x1010 megasas - ok
11:23:35.0594 0x1010 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:23:35.0610 0x1010 MegaSR - ok
11:23:35.0657 0x1010 [ D86AC00883B9C98B570E7643AAF8E554, 4B4BDC01DC20F820A9D1E1B8E875B6445F9B920F0AB1E115ADD9651A368911C4 ] MEI C:\Windows\system32\DRIVERS\HECI.sys
11:23:35.0719 0x1010 MEI - ok
11:23:35.0782 0x1010 Microsoft SharePoint Workspace Audit Service - ok
11:23:35.0813 0x1010 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
11:23:35.0844 0x1010 MMCSS - ok
11:23:35.0860 0x1010 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
11:23:35.0875 0x1010 Modem - ok
11:23:35.0891 0x1010 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:23:35.0922 0x1010 monitor - ok
11:23:35.0953 0x1010 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:23:35.0953 0x1010 mouclass - ok
11:23:35.0969 0x1010 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:23:36.0000 0x1010 mouhid - ok
11:23:36.0047 0x1010 [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:23:36.0062 0x1010 mountmgr - ok
11:23:36.0156 0x1010 [ 9E587AFE2AD4873C809F1E0C598AB435, 0B0ECFF265120BCBAC37CF9B53B18462725AB991D00B90DBEE8DD9375121DA4F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:23:36.0187 0x1010 MozillaMaintenance - ok
11:23:36.0218 0x1010 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
11:23:36.0234 0x1010 mpio - ok
11:23:36.0265 0x1010 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:23:36.0312 0x1010 mpsdrv - ok
11:23:36.0374 0x1010 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:23:36.0406 0x1010 MpsSvc - ok
11:23:36.0437 0x1010 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:23:36.0468 0x1010 MRxDAV - ok
11:23:36.0515 0x1010 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:23:36.0577 0x1010 mrxsmb - ok
11:23:36.0593 0x1010 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:23:36.0624 0x1010 mrxsmb10 - ok
11:23:36.0655 0x1010 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:23:36.0686 0x1010 mrxsmb20 - ok
11:23:36.0718 0x1010 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
11:23:36.0733 0x1010 msahci - ok
11:23:36.0780 0x1010 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:23:36.0796 0x1010 msdsm - ok
11:23:36.0811 0x1010 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
11:23:36.0827 0x1010 MSDTC - ok
11:23:36.0858 0x1010 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:23:36.0905 0x1010 Msfs - ok
11:23:36.0905 0x1010 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:23:36.0936 0x1010 mshidkmdf - ok
11:23:36.0983 0x1010 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:23:36.0998 0x1010 msisadrv - ok
11:23:37.0014 0x1010 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:23:37.0061 0x1010 MSiSCSI - ok
11:23:37.0061 0x1010 msiserver - ok
11:23:37.0076 0x1010 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:23:37.0108 0x1010 MSKSSRV - ok
11:23:37.0123 0x1010 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:23:37.0154 0x1010 MSPCLOCK - ok
11:23:37.0170 0x1010 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:23:37.0186 0x1010 MSPQM - ok
11:23:37.0217 0x1010 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:23:37.0217 0x1010 MsRPC - ok
11:23:37.0264 0x1010 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:23:37.0264 0x1010 mssmbios - ok
11:23:37.0279 0x1010 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:23:37.0295 0x1010 MSTEE - ok
11:23:37.0310 0x1010 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:23:37.0342 0x1010 MTConfig - ok
11:23:37.0357 0x1010 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
11:23:37.0373 0x1010 Mup - ok
11:23:37.0420 0x1010 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
11:23:37.0466 0x1010 napagent - ok
11:23:37.0498 0x1010 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:23:37.0513 0x1010 NativeWifiP - ok
11:23:37.0576 0x1010 [ 81E928EE3751FAF725C87CC17726C05D, 8AB84270DCB35F239B00FA4B9AC90E9520967B8188085D897F28E994CBF911FB ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130901.019\NAVENG.SYS
11:23:37.0591 0x1010 NAVENG - ok
11:23:37.0669 0x1010 [ E0C39FA6C76AE8ED53ABF043F35ECDFF, CD2F87D3CB64F3362508D1855B24F40F1C44CF4132E3626971CCF4E7C49E61D6 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130901.019\NAVEX15.SYS
11:23:37.0716 0x1010 NAVEX15 - ok
11:23:37.0778 0x1010 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:23:37.0810 0x1010 NDIS - ok
11:23:37.0825 0x1010 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:23:37.0841 0x1010 NdisCap - ok
11:23:37.0856 0x1010 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:23:37.0888 0x1010 NdisTapi - ok
11:23:37.0936 0x1010 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:23:37.0999 0x1010 Ndisuio - ok
11:23:38.0030 0x1010 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:23:38.0061 0x1010 NdisWan - ok
11:23:38.0108 0x1010 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:23:38.0139 0x1010 NDProxy - ok
11:23:38.0202 0x1010 [ 9213AA35BCA94EB79D366DA254E4BDF5, 5E1C71BEB6CFFF5A6F149E9FE6E169D087A6CBE63A504FEE8D42170284952F85 ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
11:23:38.0233 0x1010 Netaapl - ok
11:23:38.0264 0x1010 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:23:38.0326 0x1010 NetBIOS - ok
11:23:38.0358 0x1010 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:23:38.0404 0x1010 NetBT - ok
11:23:38.0420 0x1010 [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] Netlogon C:\Windows\system32\lsass.exe
11:23:38.0436 0x1010 Netlogon - ok
11:23:38.0451 0x1010 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
11:23:38.0482 0x1010 Netman - ok
11:23:38.0529 0x1010 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:23:38.0576 0x1010 NetMsmqActivator - ok
11:23:38.0607 0x1010 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:23:38.0623 0x1010 NetPipeActivator - ok
11:23:38.0638 0x1010 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
11:23:38.0685 0x1010 netprofm - ok
11:23:38.0716 0x1010 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:23:38.0716 0x1010 NetTcpActivator - ok
11:23:38.0732 0x1010 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:23:38.0732 0x1010 NetTcpPortSharing - ok
11:23:38.0763 0x1010 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:23:38.0779 0x1010 nfrd960 - ok
11:23:38.0888 0x1010 [ 1BF9D6476061B31CD7FC2BF848529A56, 95B585543240E823D7850ADEEEA7A4738EF9E18A4B07D921F145F6EF466F0271 ] NIS C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
11:23:38.0904 0x1010 NIS - ok
|
|
05.05.2015, 07:37
| #9 |
| | TDS Killer Log Teil 1 Falscher Titel. Hier folgt TDSKiller Log Teil 2: Code:
ATTFilter 11:23:38.0950 0x1010 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:23:39.0013 0x1010 NlaSvc - ok
11:23:39.0091 0x1010 [ 4F0DE685A96DC843CCC8A861B3FAC12D, C032DFDE32F74C1ED9111014873F1F36509BC3CFAFE4C99A0A1976495C6A7B82 ] nmwcdnsu C:\Windows\system32\drivers\nmwcdnsu.sys
11:23:39.0153 0x1010 nmwcdnsu - ok
11:23:39.0169 0x1010 [ 578117C0C0CF10D99C8853E83C4BC63C, 79506B6DCE1DD6E716BC0F4A6594340D609A60D33E79F04F937139BF2002B2D4 ] nmwcdnsuc C:\Windows\system32\drivers\nmwcdnsuc.sys
11:23:39.0184 0x1010 nmwcdnsuc - ok
11:23:39.0231 0x1010 [ 6623E51595C0076755C29C00846C4EB2, EB661942E3C552DD33B197A9A0BF6AB56CE5CB92BAC183A02B918F0CD3D80F97 ] npf C:\Windows\system32\drivers\npf.sys
11:23:39.0247 0x1010 npf - ok
11:23:39.0262 0x1010 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:23:39.0294 0x1010 Npfs - ok
11:23:39.0325 0x1010 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
11:23:39.0372 0x1010 nsi - ok
11:23:39.0403 0x1010 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:23:39.0418 0x1010 nsiproxy - ok
11:23:39.0496 0x1010 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:23:39.0559 0x1010 Ntfs - ok
11:23:39.0559 0x1010 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
11:23:39.0606 0x1010 Null - ok
11:23:39.0652 0x1010 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:23:39.0668 0x1010 nvraid - ok
11:23:39.0684 0x1010 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:23:39.0699 0x1010 nvstor - ok
11:23:39.0699 0x1010 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:23:39.0715 0x1010 nv_agp - ok
11:23:39.0715 0x1010 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:23:39.0746 0x1010 ohci1394 - ok
11:23:39.0793 0x1010 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:23:39.0824 0x1010 ose - ok
11:23:40.0011 0x1010 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:23:40.0152 0x1010 osppsvc - ok
11:23:40.0183 0x1010 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:23:40.0198 0x1010 p2pimsvc - ok
11:23:40.0214 0x1010 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
11:23:40.0230 0x1010 p2psvc - ok
11:23:40.0261 0x1010 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:23:40.0292 0x1010 Parport - ok
11:23:40.0323 0x1010 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:23:40.0323 0x1010 partmgr - ok
11:23:40.0339 0x1010 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
11:23:40.0354 0x1010 Parvdm - ok
11:23:40.0386 0x1010 [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc C:\Windows\System32\pcasvc.dll
11:23:40.0448 0x1010 PcaSvc - ok
11:23:40.0495 0x1010 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
11:23:40.0510 0x1010 pci - ok
11:23:40.0557 0x1010 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
11:23:40.0573 0x1010 pciide - ok
11:23:40.0588 0x1010 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:23:40.0620 0x1010 pcmcia - ok
11:23:40.0635 0x1010 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
11:23:40.0635 0x1010 pcw - ok
11:23:40.0729 0x1010 [ C1C3BAF078BE5A14384A4BA2D730817D, 6E4D2F73A1CB250B3EE270CCE806A37EB2140E34EAF9F48C45CC12D2A451AA16 ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
11:23:40.0744 0x1010 PDFProFiltSrvPP - ok
11:23:40.0807 0x1010 [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:23:40.0838 0x1010 PEAUTH - ok
11:23:40.0947 0x1010 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:23:41.0010 0x1010 PeerDistSvc - ok
11:23:41.0119 0x1010 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
11:23:41.0181 0x1010 pla - ok
11:23:41.0244 0x1010 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:23:41.0306 0x1010 PlugPlay - ok
11:23:41.0337 0x1010 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:23:41.0368 0x1010 PNRPAutoReg - ok
11:23:41.0384 0x1010 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:23:41.0400 0x1010 PNRPsvc - ok
11:23:41.0462 0x1010 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:23:41.0493 0x1010 PolicyAgent - ok
11:23:41.0509 0x1010 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
11:23:41.0556 0x1010 Power - ok
11:23:41.0587 0x1010 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:23:41.0602 0x1010 PptpMiniport - ok
11:23:41.0649 0x1010 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:23:41.0649 0x1010 Processor - ok
11:23:41.0696 0x1010 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll
11:23:41.0743 0x1010 ProfSvc - ok
11:23:41.0774 0x1010 [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] ProtectedStorage C:\Windows\system32\lsass.exe
11:23:41.0821 0x1010 ProtectedStorage - ok
11:23:41.0852 0x1010 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:23:41.0899 0x1010 Psched - ok
11:23:41.0992 0x1010 [ 86724469CD077901706854974CD13C3E, 23C6B45928E43AC2893033DFC4265C2C87B3D185CB20553B9EAB818A46FB8C18 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
11:23:42.0008 0x1010 PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 )
11:23:44.0473 0x1010 Detect skipped due to KSN trusted
11:23:44.0473 0x1010 PxHelp20 - ok
11:23:44.0535 0x1010 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:23:44.0598 0x1010 ql2300 - ok
11:23:44.0613 0x1010 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:23:44.0613 0x1010 ql40xx - ok
11:23:44.0644 0x1010 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
11:23:44.0676 0x1010 QWAVE - ok
11:23:44.0691 0x1010 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:23:44.0707 0x1010 QWAVEdrv - ok
11:23:44.0707 0x1010 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:23:44.0738 0x1010 RasAcd - ok
11:23:44.0769 0x1010 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:23:44.0800 0x1010 RasAgileVpn - ok
11:23:44.0816 0x1010 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
11:23:44.0832 0x1010 RasAuto - ok
11:23:44.0847 0x1010 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:23:44.0878 0x1010 Rasl2tp - ok
11:23:44.0910 0x1010 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
11:23:44.0956 0x1010 RasMan - ok
11:23:44.0988 0x1010 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:23:45.0019 0x1010 RasPppoe - ok
11:23:45.0050 0x1010 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:23:45.0081 0x1010 RasSstp - ok
11:23:45.0097 0x1010 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:23:45.0175 0x1010 rdbss - ok
11:23:45.0222 0x1010 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:23:45.0253 0x1010 rdpbus - ok
11:23:45.0284 0x1010 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:23:45.0331 0x1010 RDPCDD - ok
11:23:45.0346 0x1010 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:23:45.0362 0x1010 RDPDR - ok
11:23:45.0409 0x1010 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:23:45.0440 0x1010 RDPENCDD - ok
11:23:45.0456 0x1010 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:23:45.0471 0x1010 RDPREFMP - ok
11:23:45.0534 0x1010 [ 83EE20D7160484C9172FDF0ACBDC8929, 520C0C685C43B2D39D5B6FA3DE61C2A91A3E0B40E912BABD38AF20972C91A895 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:23:45.0565 0x1010 RdpVideoMiniport - ok
11:23:45.0612 0x1010 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:23:45.0690 0x1010 RDPWD - ok
11:23:45.0768 0x1010 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:23:45.0799 0x1010 rdyboost - ok
11:23:45.0830 0x1010 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:23:45.0861 0x1010 RemoteAccess - ok
11:23:45.0892 0x1010 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:23:45.0939 0x1010 RemoteRegistry - ok
11:23:45.0955 0x1010 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:23:45.0986 0x1010 RpcEptMapper - ok
11:23:45.0986 0x1010 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
11:23:46.0017 0x1010 RpcLocator - ok
11:23:46.0064 0x1010 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
11:23:46.0095 0x1010 RpcSs - ok
11:23:46.0142 0x1010 [ 43110C2A2C5ED32EAD96C440718E4452, BAF6E770620AA5B7C80273BB062D6F8FBCD8761FC681C425CC888DD11315AFEC ] RRNetCap C:\Windows\system32\DRIVERS\rrnetcap.sys
11:23:46.0158 0x1010 RRNetCap - ok
11:23:46.0158 0x1010 [ 43110C2A2C5ED32EAD96C440718E4452, BAF6E770620AA5B7C80273BB062D6F8FBCD8761FC681C425CC888DD11315AFEC ] RRNetCapMP C:\Windows\system32\DRIVERS\rrnetcap.sys
11:23:46.0158 0x1010 RRNetCapMP - ok
11:23:46.0189 0x1010 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:23:46.0220 0x1010 rspndr - ok
11:23:46.0298 0x1010 [ 2D4705361D73E83BD55FC7D9CACBF7BA, BD520397AC41669AE936CFDFDEF2BFB88349CFEF0A586B53A2A44B8492948838 ] RTL8192cu C:\Windows\system32\DRIVERS\RTL8192cu.sys
11:23:46.0345 0x1010 RTL8192cu - ok
11:23:46.0376 0x1010 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:23:46.0423 0x1010 s3cap - ok
11:23:46.0438 0x1010 [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] SamSs C:\Windows\system32\lsass.exe
11:23:46.0454 0x1010 SamSs - ok
11:23:46.0470 0x1010 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:23:46.0485 0x1010 sbp2port - ok
11:23:46.0532 0x1010 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:23:46.0548 0x1010 SCardSvr - ok
11:23:46.0563 0x1010 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:23:46.0579 0x1010 scfilter - ok
11:23:46.0641 0x1010 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
11:23:46.0688 0x1010 Schedule - ok
11:23:46.0782 0x1010 [ AA3F58564A552818A369896111F84A8C, DEA41B76D7189766B08CBACA82EB1CECEE9567C8FCA8E7FDCCC84E056903C861 ] ScopeItPort C:\SCOPE-IT\ScopeIt.sys
11:23:46.0797 0x1010 ScopeItPort - detected UnsignedFile.Multi.Generic ( 1 )
11:23:49.0309 0x1010 ScopeItPort ( UnsignedFile.Multi.Generic ) - warning
11:23:49.0309 0x1010 Force sending object to P2P due to detect: ScopeItPort
11:23:51.0805 0x1010 Object send P2P result: true
11:23:54.0316 0x1010 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:23:54.0348 0x1010 SCPolicySvc - ok
11:23:54.0379 0x1010 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:23:54.0426 0x1010 SDRSVC - ok
11:23:54.0457 0x1010 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:23:54.0504 0x1010 secdrv - ok
11:23:54.0504 0x1010 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
11:23:54.0550 0x1010 seclogon - ok
11:23:54.0566 0x1010 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
11:23:54.0582 0x1010 SENS - ok
11:23:54.0582 0x1010 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:23:54.0613 0x1010 SensrSvc - ok
11:23:54.0613 0x1010 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:23:54.0613 0x1010 Serenum - ok
11:23:54.0644 0x1010 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:23:54.0675 0x1010 Serial - ok
11:23:54.0722 0x1010 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:23:54.0753 0x1010 sermouse - ok
11:23:54.0800 0x1010 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
11:23:54.0847 0x1010 SessionEnv - ok
11:23:54.0862 0x1010 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:23:54.0894 0x1010 sffdisk - ok
11:23:54.0894 0x1010 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:23:54.0925 0x1010 sffp_mmc - ok
11:23:54.0956 0x1010 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:23:54.0987 0x1010 sffp_sd - ok
11:23:55.0003 0x1010 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:23:55.0034 0x1010 sfloppy - ok
11:23:55.0081 0x1010 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:23:55.0128 0x1010 SharedAccess - ok
11:23:55.0143 0x1010 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:23:55.0174 0x1010 ShellHWDetection - ok
11:23:55.0190 0x1010 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
11:23:55.0206 0x1010 sisagp - ok
11:23:55.0206 0x1010 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:23:55.0221 0x1010 SiSRaid2 - ok
11:23:55.0237 0x1010 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:23:55.0237 0x1010 SiSRaid4 - ok
11:23:55.0268 0x1010 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:23:55.0299 0x1010 Smb - ok
11:23:55.0346 0x1010 [ C3BF55189AA92B8F919108EF9E4ACCAE, BC61B8E6D54C630A493DD09F33BDA4019EC8F7D9041383B36071E4BDDA680AB8 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
11:23:55.0362 0x1010 snapman - ok
11:23:55.0362 0x1010 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:23:55.0377 0x1010 SNMPTRAP - ok
11:23:55.0440 0x1010 [ FFC5F7ED77AA59AA0A6B70F3D7A22A93, F0EF3A1A8C74CDD9EE0EF585F0489385573D764DE75E14FA8ADFEA05112935DA ] Sound Blaster X-Fi MB Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
11:23:55.0440 0x1010 Sound Blaster X-Fi MB Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
11:23:57.0891 0x1010 Detect skipped due to KSN trusted
11:23:57.0891 0x1010 Sound Blaster X-Fi MB Licensing Service - ok
11:23:57.0906 0x1010 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
11:23:57.0922 0x1010 spldr - ok
11:23:57.0984 0x1010 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
11:23:58.0062 0x1010 Spooler - ok
11:23:58.0203 0x1010 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
11:23:58.0312 0x1010 sppsvc - ok
11:23:58.0359 0x1010 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:23:58.0390 0x1010 sppuinotify - ok
11:23:58.0499 0x1010 [ C743E384E9EFCA10B41C60D406DE39C0, A8872FE127F374D6008D161FFD9792B17E8DA8F6E8C74C52E06B92AB19E9FAFB ] SRTSP C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS
11:23:58.0515 0x1010 SRTSP - ok
11:23:58.0546 0x1010 [ FE9BD381778A344F0E39AE2D5E607D7F, 04F7EEE5ADF802BE120CFC730D5D5B97AF561278ABDE3C094E43174886C3867B ] SRTSPX C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS
11:23:58.0562 0x1010 SRTSPX - ok
11:23:58.0593 0x1010 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:23:58.0640 0x1010 srv - ok
11:23:58.0671 0x1010 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:23:58.0702 0x1010 srv2 - ok
11:23:58.0718 0x1010 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:23:58.0749 0x1010 srvnet - ok
11:23:58.0764 0x1010 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:23:58.0796 0x1010 SSDPSRV - ok
11:23:58.0827 0x1010 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
11:23:58.0842 0x1010 ssmdrv - ok
11:23:58.0858 0x1010 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:23:58.0874 0x1010 SstpSvc - ok
11:23:58.0889 0x1010 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:23:58.0905 0x1010 stexstor - ok
11:23:58.0967 0x1010 [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
11:23:58.0998 0x1010 StillCam - ok
11:23:59.0061 0x1010 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
11:23:59.0092 0x1010 StiSvc - ok
11:23:59.0123 0x1010 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:23:59.0139 0x1010 storflt - ok
11:23:59.0154 0x1010 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:23:59.0170 0x1010 storvsc - ok
11:23:59.0201 0x1010 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
11:23:59.0201 0x1010 swenum - ok
11:23:59.0217 0x1010 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
11:23:59.0248 0x1010 swprv - ok
11:23:59.0279 0x1010 [ 5A193E5E0F0A776430E5D62A051C1E16, A65E927581CD92F9769F540D3292EF12299273F9EEE99DECAE01E2B52B8DB465 ] SymDS C:\Windows\system32\drivers\NIS\1404000.028\SYMDS.SYS
11:23:59.0295 0x1010 SymDS - ok
11:23:59.0342 0x1010 [ 1773FB2920EBB3A8BAD0360618091470, 82ABB41801BB4DBADEC8AED8579F0B2BC4D704B1559F768DC223FCB0B13C6A01 ] SymEFA C:\Windows\system32\drivers\NIS\1404000.028\SYMEFA.SYS
11:23:59.0357 0x1010 SymEFA - ok
11:23:59.0420 0x1010 [ F50D81D3E0C7A353F205562B89CD06D6, 5D5B3685A6D9B16575C01FCC7A701458524B875F3FBC0EE6D42008E6087D93CC ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
11:23:59.0435 0x1010 SymEvent - ok
11:23:59.0451 0x1010 [ 8C9B9036E301A9965CF15BEC91C58A12, B96C5FF47880552277596FB3CBEEBCFE91115331DB9A77B2A0D8ABA2AFCDF0AF ] SymIRON C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS
11:23:59.0466 0x1010 SymIRON - ok
11:23:59.0482 0x1010 [ AF879C2A9DBF8529E1F8169B8BAC643C, 6034D7C293EDFAD5BBC76D67CAC999BCF77D41744BDAAA9EEE5E9BE509F04739 ] SymNetS C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS
11:23:59.0498 0x1010 SymNetS - ok
11:23:59.0498 0x1010 Synth3dVsc - ok
11:23:59.0576 0x1010 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
11:23:59.0622 0x1010 SysMain - ok
11:23:59.0669 0x1010 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
11:23:59.0716 0x1010 TabletInputService - ok
11:23:59.0763 0x1010 [ 8CF6E2AE1707D82E904ECCA68CEF8B87, 623765F0E5521B9EDDDEF3A3683C2E4A1FB6D96E80CC7CD22426066FE0D4843A ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
11:23:59.0794 0x1010 tap0901 - ok
11:23:59.0841 0x1010 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
11:23:59.0888 0x1010 TapiSrv - ok
11:23:59.0950 0x1010 [ 77BD6143C6DCE0A1BF7B5571BED860DC, B628CBA8FF127506C26B2E599A1588255CFD733721B7425D944306E2059C71BA ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
11:23:59.0950 0x1010 tbhsd - ok
11:23:59.0981 0x1010 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
11:24:00.0012 0x1010 TBS - ok
11:24:00.0106 0x1010 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:24:00.0153 0x1010 Tcpip - ok
11:24:00.0200 0x1010 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:24:00.0231 0x1010 TCPIP6 - ok
11:24:00.0278 0x1010 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:24:00.0309 0x1010 tcpipreg - ok
11:24:00.0340 0x1010 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:24:00.0402 0x1010 TDPIPE - ok
11:24:00.0449 0x1010 [ 3B7B6779EB231F731BBA8F9FE67AADFC, 869783334C97F321B2C8D3F93D62233D4FAF35BD5B4DBD468429287D14CCBAAA ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
11:24:00.0480 0x1010 tdrpman - ok
11:24:00.0512 0x1010 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:24:00.0512 0x1010 TDTCP - ok
11:24:00.0558 0x1010 [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:24:00.0621 0x1010 tdx - ok
11:24:00.0652 0x1010 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:24:00.0668 0x1010 TermDD - ok
11:24:00.0714 0x1010 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
11:24:00.0792 0x1010 TermService - ok
11:24:00.0808 0x1010 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
11:24:00.0839 0x1010 Themes - ok
11:24:00.0839 0x1010 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
11:24:00.0870 0x1010 THREADORDER - ok
11:24:00.0886 0x1010 [ B0B3122BFF3910E0BA97014045467778, C4D8A2A9C18C24B609B084DD63F059E177B42D018C1975458857463239624156 ] tifsfilter C:\Windows\system32\DRIVERS\tifsfilt.sys
11:24:00.0902 0x1010 tifsfilter - ok
11:24:00.0917 0x1010 [ 13BFE330880AC0CE8672D00AA5AFF738, 0A46BDDCA70109617779A11BAE6D30FEB84DE000D85C9ACD1E293B82C2E5BA64 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
11:24:00.0933 0x1010 timounter - ok
11:24:00.0948 0x1010 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
11:24:00.0980 0x1010 TrkWks - ok
11:24:01.0026 0x1010 [ 746B8CF9CEDEDDD865472544EDF626DA, 17B41796D8E3252695E6BA7AC32E51E09F79FEC6426A4A8462290144E3DDF858 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
11:24:01.0058 0x1010 truecrypt - ok
11:24:01.0120 0x1010 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:24:01.0167 0x1010 TrustedInstaller - ok
11:24:01.0245 0x1010 [ 484D4D0CA6C346248A4B14D807FB28A9, 27518456EE2A837FE028465CC533941589FB29B4355D8B438AECE707F96784E3 ] TryAndDecideService C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
11:24:01.0260 0x1010 TryAndDecideService - ok
11:24:01.0307 0x1010 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:24:01.0338 0x1010 tssecsrv - ok
11:24:01.0370 0x1010 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:24:01.0416 0x1010 TsUsbFlt - ok
11:24:01.0416 0x1010 tsusbhub - ok
11:24:01.0479 0x1010 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:24:01.0526 0x1010 tunnel - ok
11:24:01.0541 0x1010 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:24:01.0557 0x1010 uagp35 - ok
11:24:01.0572 0x1010 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:24:01.0588 0x1010 udfs - ok
11:24:01.0604 0x1010 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:24:01.0619 0x1010 UI0Detect - ok
11:24:01.0666 0x1010 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:24:01.0682 0x1010 uliagpkx - ok
11:24:01.0713 0x1010 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:24:01.0744 0x1010 umbus - ok
11:24:01.0760 0x1010 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:24:01.0775 0x1010 UmPass - ok
11:24:01.0822 0x1010 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
11:24:01.0869 0x1010 UmRdpService - ok
11:24:02.0087 0x1010 [ 7A78ED1088890114DFDE2C4AB038D6B6, B52357594A90A8BCF5F96FA630F52BB1274A2FE814AF0270D21C892871D076FC ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:24:02.0165 0x1010 UNS - ok
11:24:02.0181 0x1010 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
11:24:02.0196 0x1010 upnphost - ok
11:24:02.0228 0x1010 [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
11:24:02.0259 0x1010 USBAAPL - ok
11:24:02.0290 0x1010 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
11:24:02.0352 0x1010 usbccgp - ok
11:24:02.0399 0x1010 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:24:02.0430 0x1010 usbcir - ok
11:24:02.0462 0x1010 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:24:02.0493 0x1010 usbehci - ok
11:24:02.0524 0x1010 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:24:02.0555 0x1010 usbhub - ok
11:24:02.0571 0x1010 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:24:02.0602 0x1010 usbohci - ok
11:24:02.0618 0x1010 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:24:02.0633 0x1010 usbprint - ok
11:24:02.0680 0x1010 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:24:02.0711 0x1010 usbscan - ok
11:24:02.0727 0x1010 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:24:02.0789 0x1010 USBSTOR - ok
11:24:02.0805 0x1010 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:24:02.0836 0x1010 usbuhci - ok
11:24:02.0867 0x1010 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
11:24:02.0914 0x1010 UxSms - ok
11:24:02.0930 0x1010 [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] VaultSvc C:\Windows\system32\lsass.exe
11:24:02.0961 0x1010 VaultSvc - ok
11:24:02.0992 0x1010 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:24:03.0008 0x1010 vdrvroot - ok
11:24:03.0070 0x1010 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
11:24:03.0101 0x1010 vds - ok
11:24:03.0148 0x1010 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:24:03.0164 0x1010 vga - ok
11:24:03.0179 0x1010 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:24:03.0210 0x1010 VgaSave - ok
11:24:03.0210 0x1010 VGPU - ok
11:24:03.0273 0x1010 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:24:03.0288 0x1010 vhdmp - ok
11:24:03.0304 0x1010 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
11:24:03.0320 0x1010 viaagp - ok
11:24:03.0335 0x1010 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
11:24:03.0382 0x1010 ViaC7 - ok
11:24:03.0413 0x1010 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
11:24:03.0429 0x1010 viaide - ok
11:24:03.0444 0x1010 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:24:03.0460 0x1010 vmbus - ok
11:24:03.0491 0x1010 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:24:03.0507 0x1010 VMBusHID - ok
11:24:03.0522 0x1010 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:24:03.0538 0x1010 volmgr - ok
11:24:03.0554 0x1010 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:24:03.0569 0x1010 volmgrx - ok
11:24:03.0632 0x1010 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:24:03.0647 0x1010 volsnap - ok
11:24:03.0663 0x1010 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:24:03.0678 0x1010 vsmraid - ok
11:24:03.0741 0x1010 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
11:24:03.0803 0x1010 VSS - ok
11:24:03.0819 0x1010 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:24:03.0850 0x1010 vwifibus - ok
11:24:03.0866 0x1010 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:24:03.0881 0x1010 vwififlt - ok
11:24:03.0912 0x1010 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
11:24:03.0944 0x1010 W32Time - ok
11:24:03.0959 0x1010 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:24:03.0990 0x1010 WacomPen - ok
11:24:04.0037 0x1010 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:24:04.0068 0x1010 WANARP - ok
11:24:04.0084 0x1010 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:24:04.0100 0x1010 Wanarpv6 - ok
11:24:04.0162 0x1010 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
11:24:04.0224 0x1010 wbengine - ok
11:24:04.0256 0x1010 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:24:04.0271 0x1010 WbioSrvc - ok
11:24:04.0302 0x1010 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:24:04.0334 0x1010 wcncsvc - ok
11:24:04.0349 0x1010 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:24:04.0412 0x1010 WcsPlugInService - ok
11:24:04.0474 0x1010 [ 147C60622CB53E901EFD8BB6D44A4C46, 453E9DDBE17C9C54C60BD160BBA045B39914A70B6DF7B6C530D68333944C43FB ] WCUService_STC_IE C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
11:24:04.0490 0x1010 WCUService_STC_IE - ok
11:24:04.0505 0x1010 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:24:04.0521 0x1010 Wd - ok
11:24:04.0568 0x1010 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:24:04.0599 0x1010 Wdf01000 - ok
11:24:04.0614 0x1010 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:24:04.0677 0x1010 WdiServiceHost - ok
11:24:04.0692 0x1010 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:24:04.0708 0x1010 WdiSystemHost - ok
11:24:04.0739 0x1010 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
11:24:04.0802 0x1010 WebClient - ok
11:24:04.0833 0x1010 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:24:04.0864 0x1010 Wecsvc - ok
11:24:04.0911 0x1010 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:24:04.0942 0x1010 wercplsupport - ok
11:24:04.0958 0x1010 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
11:24:04.0973 0x1010 WerSvc - ok
11:24:04.0989 0x1010 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:24:05.0020 0x1010 WfpLwf - ok
11:24:05.0036 0x1010 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:24:05.0051 0x1010 WIMMount - ok
11:24:05.0129 0x1010 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
11:24:05.0223 0x1010 WinDefend - ok
11:24:05.0223 0x1010 WinHttpAutoProxySvc - ok
11:24:05.0270 0x1010 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:24:05.0316 0x1010 Winmgmt - ok
11:24:05.0394 0x1010 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
11:24:05.0441 0x1010 WinRM - ok
11:24:05.0519 0x1010 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:24:05.0535 0x1010 WinUsb - ok
11:24:05.0582 0x1010 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:24:05.0628 0x1010 Wlansvc - ok
11:24:05.0722 0x1010 [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:24:05.0753 0x1010 wlidsvc - ok
11:24:05.0784 0x1010 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:24:05.0800 0x1010 WmiAcpi - ok
11:24:05.0816 0x1010 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:24:05.0831 0x1010 wmiApSrv - ok
11:24:05.0940 0x1010 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:24:06.0018 0x1010 WMPNetworkSvc - ok
11:24:06.0034 0x1010 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:24:06.0065 0x1010 WPCSvc - ok
11:24:06.0096 0x1010 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:24:06.0143 0x1010 WPDBusEnum - ok
11:24:06.0159 0x1010 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:24:06.0190 0x1010 ws2ifsl - ok
11:24:06.0190 0x1010 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
11:24:06.0206 0x1010 wscsvc - ok
11:24:06.0252 0x1010 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
11:24:06.0284 0x1010 WSDPrintDevice - ok
11:24:06.0284 0x1010 WSearch - ok
11:24:06.0377 0x1010 [ 7E5C454A3F986FEBAD075DB8D915917E, 9E9147DDACD075958689523130DB92FC4ED0E38433461D8AB8792BCFBD9376DA ] wuauserv C:\Windows\system32\wuaueng.dll
11:24:06.0471 0x1010 wuauserv - ok
11:24:06.0486 0x1010 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:24:06.0533 0x1010 WudfPf - ok
11:24:06.0564 0x1010 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:24:06.0580 0x1010 WUDFRd - ok
11:24:06.0627 0x1010 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:24:06.0658 0x1010 wudfsvc - ok
11:24:06.0689 0x1010 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
11:24:06.0736 0x1010 WwanSvc - ok
11:24:06.0752 0x1010 ================ Scan global ===============================
11:24:06.0798 0x1010 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
11:24:06.0845 0x1010 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
11:24:06.0861 0x1010 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
11:24:06.0892 0x1010 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
11:24:06.0908 0x1010 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
11:24:06.0908 0x1010 [ Global ] - ok
11:24:06.0908 0x1010 ================ Scan MBR ==================================
11:24:06.0923 0x1010 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:24:07.0126 0x1010 \Device\Harddisk0\DR0 - ok
11:24:07.0126 0x1010 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
11:24:07.0282 0x1010 \Device\Harddisk1\DR1 - ok
11:24:07.0282 0x1010 ================ Scan VBR ==================================
11:24:07.0282 0x1010 [ EBBDAC3DB22B3F0C08BF96242D0E5BE1 ] \Device\Harddisk0\DR0\Partition1
11:24:07.0282 0x1010 \Device\Harddisk0\DR0\Partition1 - ok
11:24:07.0298 0x1010 [ 963C4400AB1C1AD71F7C610E408382B7 ] \Device\Harddisk0\DR0\Partition2
11:24:07.0298 0x1010 \Device\Harddisk0\DR0\Partition2 - ok
11:24:07.0298 0x1010 [ 81AA0BD93000EC7184C0C39DB7709F0E ] \Device\Harddisk0\DR0\Partition3
11:24:07.0298 0x1010 \Device\Harddisk0\DR0\Partition3 - ok
11:24:07.0298 0x1010 [ 15CC24BCDCC0859A20A2CDCAB66D4C0B ] \Device\Harddisk1\DR1\Partition1
11:24:07.0313 0x1010 \Device\Harddisk1\DR1\Partition1 - ok
11:24:07.0313 0x1010 ================ Scan generic autorun ======================
11:24:07.0344 0x1010 [ 7DA77557B339A4CDC6EAB9327331E321, 5B7601ACC60A698F01E46F4924B2ADCBA8B152B3A006BF906E75F466CE80E0D3 ] C:\Windows\system32\igfxtray.exe
11:24:07.0360 0x1010 IgfxTray - ok
11:24:07.0376 0x1010 [ 0B92113765B45B1C0458593A6B87D379, 36DCA820699F950D8A23838F541B0DA5E9F01D5AEFAB26EBDD5DEE9EB53F0F37 ] C:\Windows\system32\hkcmd.exe
11:24:07.0391 0x1010 HotKeysCmds - ok
11:24:07.0391 0x1010 [ B7480BA5924D07D5797C834E4B158EEB, 644690A82083C6DB0668400C0435A3F49937B86F68C33E91C3CD08D84B891C87 ] C:\Windows\system32\igfxpers.exe
11:24:07.0407 0x1010 Persistence - ok
11:24:07.0563 0x1010 [ 1248D3C920BFC59FE8B9D1C0808167D7, 8CA1AAA564F0EC5ED8DAEEDE8EF6A5A4B63CBCF030A390ADDDEECD5E03092934 ] C:\Program Files\XFastUsb\XFastUsb.exe
11:24:07.0734 0x1010 XFastUsb - detected UnsignedFile.Multi.Generic ( 1 )
11:24:10.0170 0x1010 Detect skipped due to KSN trusted
11:24:10.0170 0x1010 XFastUsb - ok
11:24:10.0279 0x1010 [ 629B12D94C228F8C59AD15EB76F02A6E, 2A447A955829CCBBA181205D908166BBAD9993B40EC0B9A5FA0D28334A49B0F6 ] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
11:24:10.0326 0x1010 CTSyncService - detected UnsignedFile.Multi.Generic ( 1 )
11:24:12.0791 0x1010 Detect skipped due to KSN trusted
11:24:12.0791 0x1010 CTSyncService - ok
11:24:12.0900 0x1010 [ 43A4F52F7A38ED9EE0AACA36FE6DAC5D, 1701C050E18E98BB9AD29568B8A50D1F907E6F6EF53520D53EF281B847C5B0C9 ] C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
11:24:12.0916 0x1010 VolPanel - detected UnsignedFile.Multi.Generic ( 1 )
11:24:15.0380 0x1010 Detect skipped due to KSN trusted
11:24:15.0380 0x1010 VolPanel - ok
11:24:15.0412 0x1010 [ C419DF63E0121D72411285780C2FC6CC, F47F854D327C589D174D3BB5B55D5C05F5ACA73DF52A6BEF47596B9010190291 ] C:\Windows\UpdReg.EXE
11:24:15.0427 0x1010 UpdReg - detected UnsignedFile.Multi.Generic ( 1 )
11:24:17.0892 0x1010 Detect skipped due to KSN trusted
11:24:17.0892 0x1010 UpdReg - ok
11:24:17.0908 0x1010 [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\system32\RunDLL32.exe
11:24:17.0939 0x1010 RunDLLEntry - ok
11:24:17.0970 0x1010 [ 34A14CD6B6E9C8BFBABEAF6EED5149BB, C50DEC821FB661F4514D8F1D24A48C38135518D21DF4CC8BB0EDD5B463AEAE4C ] C:\Windows\Logi_MwX.Exe
11:24:18.0001 0x1010 Logitech Utility - ok
11:24:18.0048 0x1010 [ 27BF45E6900AE1056DAF0B5647E2E266, B363E8B8E117912567299A6429A4E99307FD689EE981F2E40C046D513D3E7FAB ] C:\Program Files\ControlCenter4\BrCcBoot.exe
11:24:18.0064 0x1010 ControlCenter4 - detected UnsignedFile.Multi.Generic ( 1 )
11:24:21.0106 0x1010 Detect skipped due to KSN trusted
11:24:21.0106 0x1010 ControlCenter4 - ok
11:24:21.0246 0x1010 [ 7F42FFCD6FF7CA558C2D95DADCD5EFA9, CD9E71A718AD3FF465950A7D3937884154F021A296C301BE2FECD0AE69F04713 ] C:\Program Files\Browny02\Brother\BrStMonW.exe
11:24:21.0324 0x1010 BrStsMon00 - detected UnsignedFile.Multi.Generic ( 1 )
11:24:23.0773 0x1010 Detect skipped due to KSN trusted
11:24:23.0773 0x1010 BrStsMon00 - ok
11:24:23.0820 0x1010 [ 07C4EBD3107799774FA3103956CD1C40, BB798DE0F18D2A28B18467D958B68C23DBA0A802512C36E708D9EBD9352492F6 ] C:\Program Files\Nuance\PaperPort\IndexSearch.exe
11:24:23.0836 0x1010 IndexSearch - ok
11:24:23.0867 0x1010 [ E5F1D2C7D51C816437BBE2306828BC4B, BBBEB3294EF02F3E4C73A3A2FAE83C261A095602D86E1FF272C6FDFCE0C05E1B ] C:\Program Files\Nuance\PaperPort\pptd40nt.exe
11:24:23.0882 0x1010 PaperPort PTD - ok
11:24:23.0898 0x1010 [ 0D1D2FBAE112BDDB9F77B7BC7A956D3A, BD833CF275B4EC4EC12E868EB2EE049A6F9F0792A326BEAEB1433586257C098F ] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe
11:24:23.0929 0x1010 PPort12reminder - ok
11:24:24.0085 0x1010 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
11:24:24.0116 0x1010 Adobe ARM - ok
11:24:24.0163 0x1010 [ 322CF4872B86852FB584AA37250AC619, 7C6576904A62E2187E9951B08F554D26597ADEC8BC484ABA70057F16D8DD69F2 ] C:\Program Files\FreePDF_XP\fpassist.exe
11:24:24.0194 0x1010 FreePDF Assistant - detected UnsignedFile.Multi.Generic ( 1 )
11:24:26.0644 0x1010 Detect skipped due to KSN trusted
11:24:26.0644 0x1010 FreePDF Assistant - ok
11:24:26.0722 0x1010 [ 09E60B4FE341A94A300830C008907099, 5F07868953FAA8FFA9E6477F6BAC52DEEDF3EA4A3F8AF5B4E15878D8240223AB ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
11:24:26.0737 0x1010 APSDaemon - ok
11:24:27.0081 0x1010 [ 11B774FB1DC1F8C49537BB4CFB6480C0, 692B0CA7C4CB03B46BF154CBFE589906DDBF4C9FBDF14C40DF28CDEA35133D48 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
11:24:27.0301 0x1010 RtHDVCpl - ok
11:24:27.0348 0x1010 [ E7D75EC4BBD08FF5B16F875BA4EA810D, 85F7F034E1CA7CE8804AED6109F25E87CFB61FC09D5CC7C2B7E9A1555C04587C ] C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
11:24:27.0379 0x1010 ZyngaGamesAgent - ok
11:24:27.0410 0x1010 [ 5B7ACC0673B3D754DE31EB1A7F488EB2, DBC3540946844CD9A7F550B4645D468A25721A1A04C5B3D29C1AD9512598F91F ] C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe
11:24:27.0441 0x1010 STCAgent - ok
11:24:27.0566 0x1010 [ 1B28396AE4175E8F8EC65A52E5118452, 2903FA5F9AC50B010AAB47C4A968227CF999E0D9871C8B7015C9976FDAE541C7 ] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
11:24:27.0629 0x1010 TrueImageMonitor.exe - ok
11:24:27.0660 0x1010 [ 555EEA25924E31CDF13F0F35D0FC6124, 0A874916A73BBDD2B219C3E2F7CF1D9EA3F832EB6652CC02F0F2152CD0092444 ] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
11:24:27.0691 0x1010 AcronisTimounterMonitor - ok
11:24:27.0738 0x1010 [ 43A9C12912DAFC92E5C84337ABA4B6AB, 82BE06716DB36A67F1B740DBB4992DFC6D37B27C9B9B25F7E1D4697C6DCAC66E ] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
11:24:27.0753 0x1010 Acronis Scheduler2 Service - ok
11:24:27.0831 0x1010 [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
11:24:27.0847 0x1010 SunJavaUpdateSched - ok
11:24:27.0909 0x1010 [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
11:24:27.0925 0x1010 BCSSync - ok
11:24:28.0034 0x1010 [ 5C9C368F9088865CCB946F124339E746, 2362C53D2FA48F033FFECD2580EF4247E5AB2CC1DA7D75EA7DE48BDF3889D6D8 ] C:\Program Files\KeePass Password Safe 2\KeePass.exe
11:24:28.0097 0x1010 KeePass 2 PreLoad - detected UnsignedFile.Multi.Generic ( 1 )
11:24:30.0563 0x1010 Detect skipped due to KSN trusted
11:24:30.0563 0x1010 KeePass 2 PreLoad - ok
11:24:30.0626 0x1010 [ 0EF0822810009D58118CCDFD098FA9F4, 9FAA263057898BCDBCB0A064C463F48D149474AA339A3C4C47626CC118750D2D ] C:\Program Files\iTunes\iTunesHelper.exe
11:24:30.0641 0x1010 iTunesHelper - ok
11:24:30.0704 0x1010 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files\QuickTime\QTTask.exe
11:24:30.0719 0x1010 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
11:24:33.0184 0x1010 Detect skipped due to KSN trusted
11:24:33.0184 0x1010 QuickTime Task - ok
11:24:33.0387 0x1010 [ 3E23D1F7E91627DBD44AC82077E2BA7C, 09235370B85EF5FEA24F1291B9ADAD805C8D7357A78EF8CE3BA0E913F59145EC ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
11:24:33.0434 0x1010 avgnt - ok
11:24:33.0512 0x1010 [ CB08561AB36857CCF74BF11475C9AEB2, 5F15F6868A719A0A84D3E0FE2BC4E76975C50FA99D642279DDA972269ADFDB8B ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
11:24:33.0527 0x1010 Avira Systray - ok
11:24:33.0621 0x1010 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
11:24:33.0699 0x1010 Sidebar - ok
11:24:33.0730 0x1010 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
11:24:33.0746 0x1010 mctadmin - ok
11:24:33.0777 0x1010 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
11:24:33.0824 0x1010 Sidebar - ok
11:24:33.0824 0x1010 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
11:24:33.0839 0x1010 mctadmin - ok
11:24:33.0839 0x1010 ISUSPM - ok
11:24:33.0917 0x1010 [ 373BC350CFB2ADB86A8891EA0A29914C, 87612CCE42A80D501446892246153833926892845696DADD209964E1763F06BB ] C:\Program Files\PureSync\PureSyncTray.exe
11:24:33.0949 0x1010 PureSync - ok
11:24:34.0089 0x1010 [ 7B6CB5C60E549B746FA8DEEE82C5BB53, 8E6D0EFE5FC085D09991BCAD39A52322224B4F87397CEE253CEC1996F4A85327 ] C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
11:24:34.0105 0x1010 AceStream - ok
11:24:34.0167 0x1010 [ 43DFDE6570A948A178000348950B3546, 120963113D9AB4144374D7849D74C93BC495F484C6A76B6960B7EF166A3DFD74 ] C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
11:24:34.0198 0x1010 AceWebException - ok
11:24:34.0307 0x1010 [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
11:24:34.0323 0x1010 ISUSPM - ok
11:24:34.0385 0x1010 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files\QuickTime\QTTask.exe
11:24:34.0417 0x1010 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
11:24:34.0417 0x1010 Detect skipped due to KSN trusted
11:24:34.0417 0x1010 QuickTime Task - ok
11:24:34.0417 0x1010 Waiting for KSN requests completion. In queue: 20
11:24:35.0431 0x1010 Waiting for KSN requests completion. In queue: 10
11:24:36.0445 0x1010 Waiting for KSN requests completion. In queue: 10
11:24:37.0490 0x1010 AV detected via SS2: Avira Antivirus, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.9.460 ), 0x41000 ( enabled : updated )
11:24:37.0505 0x1010 AV detected via SS2: Norton Internet Security CBE, C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\WSCStub.exe ( 20.4.0.0 ), 0x50000 ( disabled : updated )
11:24:37.0505 0x1010 FW detected via SS2: Norton Internet Security CBE, C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\WSCStub.exe ( 20.4.0.0 ), 0x50010 ( disabled )
11:24:37.0521 0x1010 Win FW state via NFP2: enabled
11:24:39.0894 0x1010 ============================================================
11:24:39.0894 0x1010 Scan finished
11:24:39.0894 0x1010 ============================================================
11:24:39.0894 0x1a34 Detected object count: 1
11:24:39.0894 0x1a34 Actual detected object count: 1
11:25:10.0560 0x1a34 ScopeItPort ( UnsignedFile.Multi.Generic ) - skipped by user
11:25:10.0560 0x1a34 ScopeItPort ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:25:18.0749 0x17c4 Deinitialize success
Geändert von Floh312 (05.05.2015 um 07:39 Uhr) Grund: Das war ein Doppelpost. Jetzt kopier ich Teil 2 rein. |
|
05.05.2015, 10:40
| #10 |
| /// the machine /// TB-Ausbilder | Aus Email Anhang von DHL TR/Emotet.A.92 installiert hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.05.2015, 11:06
| #11 |
| | Kein Logfile Hallo, Combofix ist ohne Fehlermeldung durchgelaufen. Nach Neustart des Rechners gabs die von dir angekündigte Fehlermeldung: Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde." Ich hab die Meldung weggeclickt und den Rechner neugestartet. Die Fehlermeldung tauchte auch nicht mehr auf. Einen Logfile combofix.txt find ich nirgends. Wat nu? VG Floh |
|
06.05.2015, 14:37
| #12 |
| /// the machine /// TB-Ausbilder | Aus Email Anhang von DHL TR/Emotet.A.92 installiert Poste mal bitte ein frisches FRST Log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.05.2015, 10:29
| #13 |
| | Frisches FRST Log.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by Volker Henkels (administrator) on DESKTOP on 07-05-2015 11:16:19
Running from C:\Users\Volker Henkels\Documents\Downloads\Trojaner
Loaded Profiles: Volker Henkels (Available profiles: Volker Henkels & Uta)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccsvchst.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FNet Co., Ltd.) C:\Program Files\XFastUsb\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Creative Technology Ltd) C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Macrovision Europe Ltd.) C:\Users\Volker Henkels\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
(Logitech Inc.) C:\Windows\LOGI_MWX.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Jumping Bytes) C:\Program Files\PureSync\PureSyncTray.exe
() C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
() C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Dropbox, Inc.) C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Jumping Bytes) C:\Program Files\Common Files\Jumping Bytes\jbUpdater.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\ace_update.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [XFastUsb] => C:\Program Files\XFastUsb\XFastUsb.exe [4942336 2011-10-22] (FNet Co., Ltd.)
HKLM\...\Run: [CTSyncService] => C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Logitech Utility] => C:\Windows\Logi_MwX.Exe [19968 2003-12-17] (Logitech Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2010-10-26] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [312320 2007-06-26] (shbox.de)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11734240 2012-12-13] (Realtek Semiconductor)
HKLM\...\Run: [ZyngaGamesAgent] => C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)
HKLM\...\Run: [STCAgent] => C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-01-21] (Splashtop Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2622296 2008-04-21] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [911168 2008-04-21] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [136472 2008-04-21] (Acronis)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [ISUSPM] => -scheduler
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [PureSync] => C:\Program Files\PureSync\PureSyncTray.exe [915120 2014-08-25] (Jumping Bytes)
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [AceStream] => C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe [23984 2014-12-07] ()
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [AceWebException] => C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] ()
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk [2014-01-02]
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)
Startup: C:\Users\Uta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-06-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Volker Henkels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-03-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
BootExecute: autocheck autochk /k:C *
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2498879569-601166142-2179082399-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
SearchScopes: HKU\S-1-5-21-2498879569-601166142-2179082399-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2014-12-03] (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll [2013-05-31] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\IPS\IPSBHO.DLL [2013-04-09] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-11] (Oracle Corporation)
BHO: Media Player -> {86c47305-d478-4eba-baf4-1e6c48b01195} -> C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha460\ie\MediaPlayerV1alpha460.dll No File
BHO: Video Player -> {8f2263fe-d363-40e0-9538-52bd78d36ed8} -> C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ie\VideoPlayerV3beta821.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-11] (Oracle Corporation)
BHO: Media Watch -> {e5978446-df5c-4ffe-b126-cc9f04d8bcbb} -> C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ie\MediaWatchV1home3705.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll [2013-05-31] (Symantec Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-05-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2498879569-601166142-2179082399-1000: @acestream.net/acestreamplugin,version=3.0.2 -> C:\Users\Volker Henkels\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-07] (Innovative Digital Technologies)
FF Extension: AS Magic Player - C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\Extensions\magicplayer@acestream.org [2015-03-01]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2015-03-31]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-31]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn [2013-09-02]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn [2013-05-07]
FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta821.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha460.net] - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha460\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home3705.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ff
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-03-31]
Chrome:
=======
CHR Profile: C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-06]
CHR Extension: (Google Docs) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-12]
CHR Extension: (Google Drive) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-12]
CHR Extension: (YouTube) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-12]
CHR Extension: (Google Search) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-12]
CHR Extension: (Google Sheets) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-06]
CHR Extension: (AdBlock) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-06]
CHR Extension: (Bookmark Manager) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (No Name) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-10-25]
CHR Extension: (Google Wallet) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-12]
CHR Extension: (Gmail) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-12]
CHR HKLM\...\Chrome\Extension: [ggkcbejnocbilhflhkfinpglppngccom] - C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ch\MediaWatchV1home3705.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jkfdofagjlgcljcjibmembhbjnpbalip] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ch\VideoPlayerV3beta821.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\Exts\Chrome.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [431384 2008-04-21] (Acronis)
R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-10-22] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-10-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-10-22] (Creative Labs) [File not signed]
R2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498952 2008-04-21] ()
R2 WCUService_STC_IE; C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [497480 2011-03-22] (Splashtop Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 asahci32; C:\Windows\System32\DRIVERS\asahci32.sys [32352 2011-03-23] (Asmedia Technology)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [95720 2010-12-29] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [293352 2010-12-29] (ASMedia Technology Inc)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [13832 2010-06-11] (Windows (R) Win 7 DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107400 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-05] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2012-03-03] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-04-28] (Avira Operations GmbH & Co. KG)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R2 DLPortIO; C:\Windows\system32\DRIVERS\DLPortIO.SYS [3584 1999-01-10] () [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-27] (Symantec Corporation)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29248 2011-10-22] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2011-10-22] (FNet Co., Ltd.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130830.001\IDSvix86.sys [392792 2013-08-21] (Symantec Corporation)
S3 L8042pr2; C:\Windows\System32\DRIVERS\L8042pr2.Sys [51729 2003-12-17] (Logitech, Inc.)
S3 Ltn_hyd7700pc; C:\Windows\System32\Drivers\Ltn_hyd7700pc.sys [374144 2007-05-18] (Liteon)
S3 Ltn_rc; C:\Windows\System32\Drivers\Ltn_rc.sys [11520 2006-12-27] (Liteon)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130901.019\NAVENG.SYS [93272 2013-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130901.019\NAVEX15.SYS [1612376 2013-08-29] (Symantec Corporation)
S3 npf; C:\Windows\System32\drivers\npf.sys [34064 2009-02-08] (CACE Technologies)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2011-11-30] (Sonic Solutions) [File not signed]
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2010-11-16] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2010-11-16] (RapidSolution Software AG)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [629760 2010-08-10] (Realtek Semiconductor Corporation )
R2 ScopeItPort; C:\SCOPE-IT\ScopeIt.sys [5231 2012-03-28] () [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2010-11-16] (RapidSolution Software AG)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2013-05-07] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2013-05-07] (Acronis)
S3 catchme; \??\C:\Users\VOLKER~1\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-06 10:59 - 2015-05-06 11:55 - 00000000 ____D () C:\ComboFix
2015-05-06 10:59 - 2015-05-06 10:59 - 00000000 ____D () C:\Qoobox
2015-05-06 10:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-06 10:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-06 10:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-06 10:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-06 10:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-06 10:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-06 10:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-06 10:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-06 10:58 - 2015-05-06 11:55 - 00000000 ____D () C:\Windows\erdnt
2015-05-05 08:52 - 2015-05-05 08:52 - 00000000 ____D () C:\Users\Uta\AppData\Roaming\Avira
2015-05-05 08:49 - 2015-05-05 08:49 - 00000000 ____D () C:\Users\Uta\AppData\Local\{B89840C6-3AAC-46F4-ADA3-6EE66298673F}
2015-05-03 12:00 - 2015-05-04 14:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-03 12:00 - 2015-05-03 13:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-03 12:00 - 2015-05-03 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-03 11:59 - 2015-05-03 13:09 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-03 11:36 - 2015-05-04 11:41 - 00000000 ____D () C:\Users\Volker Henkels\Documents\Logfiles
2015-05-03 11:36 - 2015-05-03 11:36 - 00006103 _____ () C:\Users\Volker Henkels\Documents\gmer_1.txt
2015-05-03 11:07 - 2015-05-03 11:07 - 00000000 _____ () C:\Users\Volker Henkels\defogger_reenable
2015-05-03 10:41 - 2015-05-07 11:16 - 00000000 ____D () C:\FRST
2015-04-28 19:50 - 2015-04-28 19:51 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\{C3DB041C-1E63-4A95-ABED-B741677EE872}
2015-04-28 15:47 - 2015-04-28 15:47 - 00001138 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-28 15:41 - 2015-04-28 15:41 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\{AE544530-74CF-41C2-9CE6-4BA80E6B3A40}
2015-04-28 15:40 - 2015-05-01 18:00 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\Avira
2015-04-28 15:39 - 2015-05-05 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-28 15:39 - 2015-05-05 13:12 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-28 15:39 - 2015-05-05 13:12 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-28 15:39 - 2015-05-05 13:12 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-28 15:39 - 2015-05-01 17:59 - 00000000 ____D () C:\ProgramData\Avira
2015-04-28 15:39 - 2015-04-28 15:46 - 00000000 ____D () C:\Program Files\Avira
2015-04-28 15:39 - 2015-04-28 15:41 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-28 15:39 - 2014-02-14 11:00 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-04-27 11:26 - 2015-04-27 11:26 - 00000000 ____D () C:\Users\Uta\AppData\Local\{BFD7934C-2205-4CAC-9226-B1B1F6DF58FD}
2015-04-26 08:06 - 2015-04-26 08:07 - 00000000 ____D () C:\Users\Uta\AppData\Local\{E9D9B646-E08B-41F7-BC93-585011053EBC}
2015-04-20 14:02 - 2015-04-20 14:02 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\{BB557B0C-47D7-4BFC-B874-C5E70A9B36CB}
2015-04-19 18:19 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-19 18:19 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-18 20:57 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-18 20:57 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-18 20:57 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-18 20:57 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-18 20:57 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-18 20:57 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-18 20:57 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-18 20:57 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-18 20:57 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-18 20:57 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-18 20:57 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-18 20:57 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-18 20:57 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-18 20:57 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-18 20:57 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-18 20:57 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-18 20:57 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-18 20:57 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-18 20:57 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-18 20:57 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-18 20:57 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-18 20:57 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-18 20:57 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-18 20:57 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-18 20:57 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-18 20:57 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-18 20:57 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-18 20:57 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-18 20:57 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-18 20:57 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-18 20:57 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-18 20:57 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-18 20:57 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-18 20:57 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-18 20:57 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-18 20:57 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-18 20:57 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-18 20:57 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-18 20:57 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-18 20:57 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-18 20:57 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-18 20:57 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-18 20:57 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-18 20:57 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-18 20:57 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-18 20:57 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-18 20:56 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-18 20:56 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-18 20:56 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-13 10:56 - 2015-04-13 10:57 - 00000000 ____D () C:\Users\Uta\AppData\Local\{0FE4FDFF-C807-4FB4-B922-0E48C4512D86}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-07 11:16 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-07 11:16 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-07 11:12 - 2011-10-19 14:36 - 02020250 _____ () C:\Windows\WindowsUpdate.log
2015-05-07 11:10 - 2014-03-16 10:29 - 00000000 ___RD () C:\Users\Volker Henkels\Dropbox
2015-05-07 11:10 - 2014-03-16 10:25 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\Dropbox
2015-05-07 11:08 - 2014-02-12 19:10 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-07 11:07 - 2013-05-07 16:27 - 00074101 _____ () C:\Windows\setupact.log
2015-05-07 11:07 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-06 16:49 - 2014-02-12 19:10 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-06 16:43 - 2014-06-22 13:05 - 00000000 ____D () C:\Users\Uta\AppData\Roaming\Dropbox
2015-05-06 13:22 - 2012-10-05 12:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-06 12:23 - 2011-10-20 11:00 - 00001863 _____ () C:\Windows\Alltag.ini
2015-05-06 12:17 - 2011-10-20 11:01 - 00000086 _____ () C:\Windows\Kontext.ini
2015-05-06 11:54 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-06 11:20 - 2013-05-07 21:05 - 00433930 _____ () C:\Windows\PFRO.log
2015-05-05 12:59 - 2013-08-01 18:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-03 13:06 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\addins
2015-05-03 11:07 - 2011-10-19 14:38 - 00000000 ____D () C:\Users\Volker Henkels
2015-05-01 21:04 - 2014-03-22 14:42 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\KeePass
2015-05-01 20:05 - 2014-07-20 13:13 - 00017182 _____ () C:\Users\Volker Henkels\Passwort Datenbank.kdbx
2015-05-01 18:50 - 2014-02-12 19:13 - 00002166 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-01 18:36 - 2011-11-28 15:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-04-28 19:45 - 2014-09-08 17:10 - 00000000 ____D () C:\Program Files\Free Easy CD DVD Burner
2015-04-28 15:47 - 2015-02-03 14:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-28 15:35 - 2013-06-09 19:04 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\CrashDumps
2015-04-25 11:08 - 2014-03-16 10:28 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-23 12:13 - 2011-10-20 10:27 - 00000000 ____D () C:\Users\Volker Henkels\Documents\Steuerfälle
2015-04-22 16:13 - 2011-12-19 11:34 - 00000000 ____D () C:\Users\Volker Henkels\Documents\Stabliste
2015-04-21 13:04 - 2014-08-15 13:25 - 00002220 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2015-04-20 13:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-19 18:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-19 18:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-19 18:09 - 2014-12-12 12:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-19 18:09 - 2014-05-08 20:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-19 18:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-19 03:22 - 2011-10-19 15:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-19 03:20 - 2011-10-19 14:37 - 01602556 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 03:16 - 2009-07-14 04:04 - 00000478 _____ () C:\Windows\win.ini
2015-04-18 22:22 - 2012-03-31 17:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-18 22:22 - 2011-10-25 09:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-08 13:23 - 2014-11-05 18:57 - 00002220 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-04-07 10:07 - 2011-10-20 10:17 - 00000000 ____D () C:\Users\Volker Henkels\Documents\Arbeitsamt
==================== Files in the root of some directories =======
2011-12-02 14:30 - 2015-01-28 00:08 - 0000649 _____ () C:\Users\Volker Henkels\AppData\Roaming\burnaware.ini
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Volker Henkels\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Volker Henkels\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Volker Henkels\AppData\Local\CDRip.dll
2013-05-13 14:41 - 2015-02-03 14:04 - 0006144 _____ () C:\Users\Volker Henkels\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-19 18:23 - 2011-10-19 18:23 - 0000749 _____ () C:\Users\Volker Henkels\AppData\Local\error.log
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Volker Henkels\AppData\Local\No23 Recorder.exe
2011-10-19 18:23 - 2011-10-19 18:23 - 0001955 _____ () C:\Users\Volker Henkels\AppData\Local\process.log
2013-01-30 20:11 - 2013-01-30 20:11 - 0001506 _____ () C:\Users\Volker Henkels\AppData\Local\RecConfig.xml
2012-03-08 20:24 - 2012-03-08 20:24 - 0000017 _____ () C:\Users\Volker Henkels\AppData\Local\resmon.resmoncfg
Files to move or delete:
====================
C:\Users\Volker Henkels\adw24cleaner.exe
Some content of TEMP:
====================
C:\Users\Uta\AppData\Local\Temp\avgnt.exe
C:\Users\Uta\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz0plli.dll
C:\Users\Volker Henkels\AppData\Local\Temp\avgnt.exe
C:\Users\Volker Henkels\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsxiout.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-04 12:35
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-05-2015 01
Ran by Volker Henkels at 2015-05-07 11:17:42
Running from C:\Users\Volker Henkels\Documents\Downloads\Trojaner
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2498879569-601166142-2179082399-500 - Administrator - Disabled)
Gast (S-1-5-21-2498879569-601166142-2179082399-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2498879569-601166142-2179082399-1005 - Limited - Enabled)
Uta (S-1-5-21-2498879569-601166142-2179082399-1003 - Limited - Enabled) => C:\Users\Uta
Volker Henkels (S-1-5-21-2498879569-601166142-2179082399-1000 - Administrator - Enabled) => C:\Users\Volker Henkels
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security CBE (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security CBE (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security CBE (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Ace Stream Media 3.0.2 (HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\AceStream) (Version: 3.0.2 - Ace Stream Media) <==== ATTENTION!
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acronis*True*Image*Home (HKLM\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8105 - Acronis)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Alltags-Adressen (HKLM\...\Adressen_is1) (Version: - Heiko Prueß / Alltags-Programme)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.7.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.2.2.000 - Asmedia Technology)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)
ASRock eXtreme Tuner v0.1.56 (HKLM\...\ASRock eXtreme Tuner_is1) (Version: - )
ASRock InstantBoot v1.26 (HKLM\...\ASRock InstantBoot_is1) (Version: - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-7460DN (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
BurnAware Free 5.3 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware Technologies)
calibre (HKLM\...\{C354D7E2-C1F3-45AB-A547-BF500F2E0814}) (Version: 1.45.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivxToDVD 0.5.2b (HKLM\...\VSO DivxToDVD_is1) (Version: 0.5.2b - VSO-Software SARL)
Dropbox (HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
fotokasten comfort 5.3 (HKLM\...\fotokasten comfort_is1) (Version: - )
Free Easy Burner V 5.1 (HKLM\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
FreePDF XP (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
GIMP 2.6.12 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
iExplorer 2.2.1.3 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant, LLC)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
JPEG-EXIF_autorotate (HKLM\...\JPEG-EXIF_autorotate) (Version: - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.25 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)
K-Lite Codec Pack 5.2.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 5.2.0 - )
Leawo Video Converter 2012 Version 4.1.0.0 (HKLM\...\{E0A8AB05-5217-4D9E-AE90-2BA8B9FB8496}_is1) (Version: 4.1.0.0 - Leawo Software)
Logitech MouseWare 9.79.1 (HKLM\...\{5809E7CF-4DCF-11D4-9875-00105ACE7734}) (Version: - )
MAGIX Foto Designer 7 (HKLM\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\MX.{0860A3E3-E2BA-485C-8D98-1144A494D167}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 (32-Bit-Version) (HKLM\...\MX.{7571AD6B-E8C3-462E-92B4-020A2CF69B90}) (Version: 14.0.1.21 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 (32-Bit-Version) (Version: 14.0.1.21 - MAGIX Software GmbH) Hidden
Media Player (HKLM\...\MediaPlayerV1alpha460) (Version: 1.1 - Media Player) <==== ATTENTION
Mediaport (HKLM\...\Mediaport) (Version: - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Encarta Enzyklopädie 2000 (HKLM\...\Encarta Encyclopedia 2000 D) (Version: - )
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NetObjects Fusion 10.0 (HKLM\...\{6BCC67CF-BABD-4456-B95C-E6431C8FBC18}) (Version: 10.0 German - )
NetObjects Fusion 10.0 (HKLM\...\{EB280D0C-E8F7-4EA6-907B-4CD72122E904}) (Version: 10.0 German - )
No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
Norton Internet Security CBE (HKLM\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Overlook Fing (HKLM\...\Overlook Fing 1.4) (Version: 1.4 - Overlook)
PaperPort 8.0 SE (HKLM\...\{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}) (Version: 1.0.0.0000 - ScanSoft, Inc.)
Passbild-Generator v4.0a (HKLM\...\Passbild-Generator_is1) (Version: - Passbild-Generator)
PC Inspector smart recovery (HKLM\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
PixiePack Codec Pack (HKLM\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
PureSync (Version: 3.8.1 - Jumping Bytes) Hidden
PureSync 3.8.1 (HKLM\...\PureSync) (Version: 3.8.1 - Jumping Bytes)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Schachtrainer (HKLM\...\Schachtrainer_is1) (Version: - Tivola Development GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version: - )
Sound Blaster X-Fi MB (HKLM\...\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}) (Version: 1.0 - Creative Technology Limited)
Splashtop Connect IE (HKLM\...\{F9F5EF72-18CF-4DCF-A721-EC86B94DAC46}) (Version: 1.1.12.1 - Splashtop Inc.)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.13.97 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.32.155 - Akademische Arbeitsgemeinschaft)
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version: - )
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunebite (HKLM\...\{DDED1469-A08D-4043-9661-7FF914BD8F99}) (Version: 7.2.13700.0 - RapidSolution Software AG)
Video DVD Maker v3.30.0.75 (HKLM\...\{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}) (Version: - )
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VR-NetWorld (HKLM\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version: - )
WaveAgent (HKLM\...\InstallShield_{053C7D32-3566-452B-9A37-D42B4F4C5379}) (Version: 1.20 - Sound Devices LLC)
WaveAgent (Version: 1.20 - Sound Devices LLC) Hidden
WBFS Manager 4.0 (HKLM\...\{825E9A84-1E03-4526-9F8E-45015C938A7C}) (Version: 4.0 - WBFS)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
winpcap-overlook 4.02 (HKLM\...\winpcap-overlook) (Version: - )
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
XFastUsb (HKLM\...\XFastUsb) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\VOLKER~1\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{9000834c-c6c7-43ac-b8ee-dc9668f39a81}\localserver32 -> C:\Users\VOLKER~1\AppData\Local\Temp\{91814ec0-b5f0-11d2-80b9-00104b1f6cea}\IDriver.NonElevated.exe (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2015-05-06 11:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0FCA4127-6BEC-4515-A7ED-28FA9EC00057} - System32\Tasks\{794DB57D-7EB9-4BA0-A3C7-7EBE3D028F00} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {131B0445-BC6F-4F53-89A5-ECE9C0788863} - System32\Tasks\{6180D768-68E5-4B2C-BC04-3DADEB1A14CF} => E:\Setup.EXE
Task: {18511FD6-6A77-4351-B0D0-9C2C8AC88BD0} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe
Task: {289D24C2-79EB-41D2-86B3-5F6EA8D4353E} - System32\Tasks\{91AC768C-5270-4F3C-BCDE-8F60AB0134B4} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {34BA2C71-F71B-46CF-B102-0BAF3B01F302} - System32\Tasks\{EFA2BC6B-098A-4F69-B8EF-EF7449585CEF} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {42E35F47-810C-49A7-A66F-76431EE90E5C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18] (Adobe Systems Incorporated)
Task: {4415D302-A36C-4D4A-94AF-0941DE55A4B0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {4DE13AC1-7A5E-48F4-95EF-DC8D12BF3434} - System32\Tasks\{5AEADBF5-2266-4CB2-902F-EAC4ECA10BA0} => E:\Setup.EXE
Task: {51786A54-D505-400B-914B-EE751D94E89F} - System32\Tasks\{D7B08E1E-9FF0-4729-AC7B-3C277597F92C} => C:\Users\Volker Henkels\Documents\Downloads\Torpark\Torpark.exe
Task: {51907D83-A567-478B-B71A-2FCB53F8797D} - System32\Tasks\{EABA05C3-2F74-4BB5-99F7-072C20501280} => pcalua.exe -a E:\paperport\PP12Installer.exe -d E:\paperport
Task: {63023C49-3575-4105-85A5-A7DFBE1FC3DC} - System32\Tasks\{18C65823-8B94-4B01-9F15-CE2A1DDA68F7} => pcalua.exe -a "C:\Program Files\Microsoft Encarta\Encarta Enzyklopädie 2000\unee2000.exe" -c /uninstall
Task: {6687E89E-0EA9-4C7B-80B3-7588D16BCAEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {74FB5C52-6DA4-4ADB-916D-4597ED057F61} - System32\Tasks\{5B67CB8B-964C-4C8E-8D41-04ECF755E104} => pcalua.exe -a "C:\Users\Volker Henkels\Downloads\jxpiinstall.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {81640940-9D5D-4FA7-9B36-331EC2DC8C92} - System32\Tasks\{C5EF75EB-2831-46AD-A4DC-01370676B696} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {822638D8-6F93-490D-93D7-4D4C3DE1972E} - System32\Tasks\{DAFCD1C1-7C64-4B97-A21C-7405D7E6AE6C} => C:\Program Files\Emme\Kleiner Eisbär 2\UNWISE.EXE
Task: {8A541488-06D3-429D-A2A0-B003FCF2B597} - System32\Tasks\{8132B927-E965-487E-98DD-29905D7B89D2} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {90CDF918-1746-4F25-A79C-A9F6CCEFC876} - System32\Tasks\{ADBEB609-D22B-4CD5-99E4-F7412357DC7C} => pcalua.exe -a C:\PROGRA~1\TECHNI~1\MEDIAP~1\UNWISE.EXE -c C:\PROGRA~1\TECHNI~1\MEDIAP~1\INSTALL.LOG
Task: {9421D7AE-F5E5-4AED-9BA2-F3561670E9C3} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9B2DCD82-E459-41CE-B203-40E75D93BB5F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {A5AA510D-F9CA-48B6-A886-E83FFC87583D} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {B3420DD3-EEBA-4A85-A10F-3E13A2DC79DD} - System32\Tasks\{BD137A0E-0F87-485C-A8F9-C89BC4224A9F} => pcalua.exe -a "C:\Program Files\IncrediMail\Bin\ImSetup.exe" -c /uninstallProduct /addon:incredimail
Task: {B49F145D-3B72-4BC7-A6FA-E8818EB845C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {BFA0BDF5-B1B2-4176-8E0F-DF5002D6C903} - System32\Tasks\{CAEC5C14-DA68-494B-9656-F43CB49E0684} => C:\Users\Volker Henkels\Documents\Downloads\Torpark\Torpark.exe
Task: {C2E434F7-9077-4EAC-A430-0368EC4A3407} - System32\Tasks\{EDF60F3E-89B0-4DE1-BF0C-85462ABD839D} => msiexec.exe /package "E:\Setup\Löwenzahn 5.msi"
Task: {C61680E4-97EE-40A4-A841-A88EA1691CB7} - System32\Tasks\{8E92A3C3-8295-42C5-8836-72DD9552015B} => pcalua.exe -a "C:\Users\Volker Henkels\Documents\Downloads\VRNetWorldSW_51012.exe" -d "C:\Users\Volker Henkels\Documents\Downloads"
Task: {C81CDF8E-6421-4F24-84BD-E468FC949571} - System32\Tasks\{77D564C7-808F-4AB7-A975-D95CE6069C90} => pcalua.exe -a "C:\Users\Volker Henkels\Download\Maus\mw9791deu.exe" -d "C:\Users\Volker Henkels\Download\Maus"
Task: {DAECB3EA-C5FA-4B4F-A00C-C6925395EB1D} - System32\Tasks\{981E4BC2-CA6D-4C07-834A-C23786137ED9} => C:\Users\Volker Henkels\Documents\Downloads\torpark-2.4.1-ff3.exe
Task: {DBDF02DB-5EF7-4BA4-B2EE-567E629571E8} - System32\Tasks\{14A5D1A3-3B6D-40FD-B989-C55CBD9CC488} => C:\Users\Volker Henkels\Documents\Downloads\torpark-2.4.1-ff3.exe
Task: {E4297023-2DAB-4DD9-BD10-534216F1718B} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {E8B4FED2-D186-4C9F-BE0E-07BDB3E8FA65} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {F8B6E8F8-4D0E-41F9-88A6-5968D7843E96} - System32\Tasks\{2CCE7FD9-AB71-4537-B279-25FE075D821F} => pcalua.exe -a E:\EE\SETUP.EXE -d E:\EE
Task: {FBBD6DDF-74A3-4123-A987-14C93C0FD596} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FE781653-1136-40F3-848A-71AB4B3A5F07} - System32\Tasks\{BEB0EF88-0D0B-4128-B0A5-C8FF2E0C65C2} => pcalua.exe -a "C:\Users\Volker Henkels\Documents\Downloads\pci_de_smartrecovery45.exe" -d "C:\Program Files\Mozilla Firefox"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2011-12-02 11:33 - 2001-10-28 18:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-10-20 10:56 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2006-09-14 08:56 - 2006-09-14 08:56 - 00102400 _____ () C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-13 15:10 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2008-04-21 23:27 - 2008-04-21 23:27 - 00498952 _____ () C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-10-23 22:39 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-05-07 11:08 - 2015-05-07 11:08 - 00697884 _____ () C:\Users\Volker Henkels\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0002\~df394b.tmp
2015-05-07 11:08 - 2015-05-07 11:08 - 00592896 _____ () C:\Users\Volker Henkels\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0002\~de6248.tmp
2011-10-22 12:04 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2011-10-22 12:04 - 2009-04-20 11:55 - 00148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2008-04-21 22:43 - 2008-04-21 22:43 - 01336600 _____ () C:\Program Files\Acronis\TrueImageHome\fox.dll
2014-10-13 11:44 - 2014-12-07 13:33 - 00023984 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
2014-10-13 11:44 - 2015-03-30 09:42 - 00268800 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2013-11-27 17:50 - 2013-11-27 17:50 - 00018944 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2015-01-19 17:42 - 2015-02-17 15:59 - 02386432 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd
2014-10-13 11:42 - 2015-03-30 09:42 - 02029056 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00106496 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\select.pyd
2014-01-23 13:37 - 2014-01-23 13:37 - 00036352 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2013-12-21 15:20 - 2013-12-21 15:20 - 00053248 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2013-12-21 15:20 - 2013-12-21 15:20 - 00040448 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2011-02-13 17:02 - 2011-02-13 17:02 - 00031232 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2014-10-13 11:57 - 2015-03-30 09:42 - 03035648 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-07 18:36 - 2012-02-07 18:36 - 00111616 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-07 18:36 - 2012-02-07 18:36 - 00024064 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2010-10-11 00:23 - 2010-10-11 00:23 - 00723968 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-29 18:20 - 2013-01-29 18:20 - 00082944 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-07-15 21:37 - 2011-07-15 21:37 - 00981504 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00746496 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00670720 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00966144 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00674816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00688128 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2013-12-21 15:02 - 2013-12-21 15:02 - 00061952 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2013-01-29 18:20 - 2013-01-29 18:20 - 00066048 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2015-03-01 11:17 - 2015-02-28 04:23 - 00022824 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
2015-03-01 11:17 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_socket.pyd
2015-03-01 11:17 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_ssl.pyd
2015-03-01 11:17 - 2014-01-23 14:37 - 00036352 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_psutil_mswindows.pyd
2015-03-01 11:17 - 2012-02-07 19:37 - 00098816 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\win32api.pyd
2015-03-01 11:17 - 2012-02-07 19:35 - 00110080 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\pywintypes27.dll
2015-03-01 11:17 - 2012-02-07 19:38 - 00358912 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\pythoncom27.dll
2015-03-01 11:17 - 2012-02-07 19:42 - 00266240 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\win32com.shell.shell.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_hashlib.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00106496 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_ctypes.pyd
2015-03-01 11:17 - 2010-10-11 00:23 - 00723968 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\apsw.pyd
2015-03-01 11:17 - 2011-01-19 00:56 - 00334336 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\select.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\pyexpat.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00688128 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\unicodedata.pyd
2015-05-07 11:09 - 2015-05-07 11:09 - 00043008 _____ () c:\Users\Volker Henkels\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsxiout.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-01 18:37 - 2014-10-01 18:37 - 00022824 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\ace_update.exe
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-15 21:37 - 2011-07-15 21:37 - 00981504 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00746496 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00670720 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00966144 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00674816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-07 18:36 - 2012-02-07 18:36 - 00111616 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-07 18:36 - 2012-02-07 18:36 - 00024064 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Volker Henkels\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: IndexSearch => C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
MSCONFIG\startupreg: PaperPort PTD => C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
MSCONFIG\startupreg: PP8 SE Reminder => "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{B37FBAC1-8C0F-4168-91B8-F39952115DBE}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2F692203-1DB0-4D3B-B001-F4197354EA7D}] => (Allow) LPort=2869
FirewallRules: [{C3AA16F4-F657-431B-840D-67338D188046}] => (Allow) LPort=1900
FirewallRules: [{D6FC6651-0E7C-44B5-9591-AB5328E138B1}] => (Allow) C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{2677B019-5FAF-4218-94FD-5AD974B99E7D}] => (Allow) C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{A1790FAE-BF64-4E6B-95D2-2B1F6B3D9ECE}] => (Allow) LPort=54925
FirewallRules: [{54F3DB20-4D53-4A49-B3EF-F2524D3D7D59}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{5A5C99AC-8FB6-4D87-824E-0193BE27042A}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{9854BE86-E71A-41AF-8E33-4CBA3552D207}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{26F9458A-FB63-4507-89BD-9A17235A5279}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{F0C0E574-8614-4289-8F83-987C96BD5D34}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{ABEE847B-4764-4802-94EF-4A20880DFE7F}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{5974B080-77EC-461C-9A28-D71C28373024}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CC034879-5FB8-4C61-A8CC-C2A1529C5A59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8D86D336-FBED-447F-B1C0-26032749444B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{19A36E4D-E61A-413A-A3F8-2BAEF6CD642B}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E6FDE045-88E8-4474-ACB9-5CCCA8D0D3B3}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6F5E31D1-BFCD-4E87-8887-8C4A33E3E314}] => (Allow) C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BDD3FCEE-C823-4A50-88E2-3FBA7BCB1EF4}] => (Allow) C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7675CFF5-2E9E-4EFA-BA6C-06C0F863A867}C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1ECDA62E-ABD3-45BD-BA05-6511837BCCB0}C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{D3A78000-8D4A-412F-8B0D-126975DFC77E}C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F19E5006-6BC2-4255-9223-5E3A88D26C02}C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{F3C2C1AA-99B4-4142-BF01-D0EEA4F36B6A}C:\program files\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [UDP Query User{DA7C87AA-40D6-4370-A2BD-743F9A22C0C3}C:\program files\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [{2E511D02-9252-473B-AF20-85B473A191C5}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{0B4FAA86-1D43-4FB3-8897-4A883287B2A5}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{C476E187-F630-4614-A471-B6053D14D323}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9E09D535-E1C7-44B9-8451-134E55CDEE3C}C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{8BBF613D-AAC1-4074-B1EB-65742D4AC391}C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{1A445D69-5C90-4D1B-9D88-870FFB289B15}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{20813C83-76AB-4994-994D-FEFCC96F5B83}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CEE3DBEA-465C-4E83-9C96-F4283D174415}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: BHDrvx86
Description: BHDrvx86
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx86
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Norton Internet Security CBE Settings Manager
Description: Norton Internet Security CBE Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ccSet_NIS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/06/2015 11:09:40 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x81000101).
Error: (05/05/2015 08:52:16 AM) (Source: ESENT) (EventID: 215) (User: )
Description: wlmail (1804) C:\Users\Uta\AppData\Local\Microsoft\Windows Live Mail\Calendars\: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.
Error: (05/04/2015 08:25:53 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101).
Error: (05/04/2015 08:25:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x81000101).
Error: (05/04/2015 01:02:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80080005, Starten des Servers fehlgeschlagen
.
Vorgang:
VSS-Server wird instanziiert
Error: (05/04/2015 01:02:15 PM) (Source: VSS) (EventID: 11) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden.
Höchst wahrscheinlich ist die CPU stark ausgelastet. [0x80080005, Starten des Servers fehlgeschlagen
]
Vorgang:
VSS-Server wird instanziiert
Error: (05/04/2015 00:55:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80080005, Starten des Servers fehlgeschlagen
.
Vorgang:
VSS-Server wird instanziiert
Error: (05/04/2015 00:55:35 PM) (Source: VSS) (EventID: 11) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden.
Höchst wahrscheinlich ist die CPU stark ausgelastet. [0x80080005, Starten des Servers fehlgeschlagen
]
Vorgang:
VSS-Server wird instanziiert
Error: (05/04/2015 00:48:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80080005, Starten des Servers fehlgeschlagen
.
Vorgang:
VSS-Server wird instanziiert
Error: (05/04/2015 00:48:54 PM) (Source: VSS) (EventID: 11) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden.
Höchst wahrscheinlich ist die CPU stark ausgelastet. [0x80080005, Starten des Servers fehlgeschlagen
]
Vorgang:
VSS-Server wird instanziiert
System errors:
=============
Error: (05/07/2015 11:08:56 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/07/2015 11:08:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx86
ccSet_NIS
SymIRON
Error: (05/06/2015 04:43:07 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (05/06/2015 04:42:58 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/06/2015 04:42:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx86
ccSet_NIS
SymIRON
Error: (05/06/2015 01:18:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx86
ccSet_NIS
SymIRON
Error: (05/06/2015 01:18:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/06/2015 11:58:10 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/06/2015 11:57:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx86
ccSet_NIS
SymIRON
Error: (05/06/2015 11:21:55 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (05/06/2015 11:09:40 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x81000101
Error: (05/05/2015 08:52:16 AM) (Source: ESENT) (EventID: 215) (User: )
Description: wlmail1804C:\Users\Uta\AppData\Local\Microsoft\Windows Live Mail\Calendars\:
Error: (05/04/2015 08:25:53 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x81000101
Error: (05/04/2015 08:25:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x81000101
Error: (05/04/2015 01:02:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80080005, Starten des Servers fehlgeschlagen
Vorgang:
VSS-Server wird instanziiert
Error: (05/04/2015 01:02:15 PM) (Source: VSS) (EventID: 11) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80080005, Starten des Servers fehlgeschlagen
Vorgang:
VSS-Server wird instanziiert
Error: (05/04/2015 00:55:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80080005, Starten des Servers fehlgeschlagen
Vorgang:
VSS-Server wird instanziiert
Error: (05/04/2015 00:55:35 PM) (Source: VSS) (EventID: 11) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80080005, Starten des Servers fehlgeschlagen
Vorgang:
VSS-Server wird instanziiert
Error: (05/04/2015 00:48:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80080005, Starten des Servers fehlgeschlagen
Vorgang:
VSS-Server wird instanziiert
Error: (05/04/2015 00:48:54 PM) (Source: VSS) (EventID: 11) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80080005, Starten des Servers fehlgeschlagen
Vorgang:
VSS-Server wird instanziiert
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 51%
Total physical RAM: 3050.68 MB
Available physical RAM: 1491.77 MB
Total Pagefile: 6097.59 MB
Available Pagefile: 4298.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.17 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:292.87 GB) (Free:102.91 GB) NTFS
Drive d: () (Fixed) (Total:172.79 GB) (Free:22.25 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F961277B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=172.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
08.05.2015, 08:48
| #14 |
| /// the machine /// TB-Ausbilder | Aus Email Anhang von DHL TR/Emotet.A.92 installiert Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.05.2015, 16:24
| #15 |
| | Aus Email Anhang von DHL TR/Emotet.A.92 installiert Die Deinstallation von Media Player ist fehlgeschlagen FehlermeldunG: "Uninstall Fehlgeschlagen! Vermutlich ungültiger deinstall Befehl!" Bei Ace Strem ging es glatt. Die Logs: mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08.05.2015 Suchlauf-Zeit: 13:01:00 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.08.03 Rootkit Datenbank: v2015.04.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Volker Henkels Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 428813 Verstrichene Zeit: 31 Min, 55 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 29 PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\MediaPlayerV1alpha460, In Quarantäne, [6bc8157cc9c1cd693d089784d034e21e], PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\MediaWatchV1home3705, In Quarantäne, [1d16434e2b5f3600c4b8004d7f86b848], PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\GGKCBEJNOCBILHFLHKFINPGLPPNGCCOM, In Quarantäne, [0a296a27c7c30c2a617ccc05000327d9], PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\JKFDOFAGJLGCLJCJIBMEMBHBJNPBALIP, In Quarantäne, [0132a3eed2b8c373df04f9d81de6fa06], PUP.Optional.DataMngr.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [81b2622feb9f83b3663188aba56022de], PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{86c47305-d478-4eba-baf4-1e6c48b01195}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\CLASSES\CLSID\{86C47305-D478-4EBA-BAF4-1E6C48B01195}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{ef30233f-af83-417a-979d-ae2b78f3c539}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{21792CBD-C281-4CDC-9D43-8A598184A947}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], PUP.Optional.MediaPlayerAlpha.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{86C47305-D478-4EBA-BAF4-1E6C48B01195}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], PUP.Optional.MediaPlayerAlpha.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{86C47305-D478-4EBA-BAF4-1E6C48B01195}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], PUP.Optional.MediaPlayerAlpha.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{86C47305-D478-4EBA-BAF4-1E6C48B01195}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], PUP.Optional.MediaPlayerAlpha.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{86C47305-D478-4EBA-BAF4-1E6C48B01195}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8f2263fe-d363-40e0-9538-52bd78d36ed8}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\CLASSES\CLSID\{8F2263FE-D363-40E0-9538-52BD78D36ED8}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4c9cdb22-2927-43ac-b7cc-10bda78884ab}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{65D9C5CE-29B8-4487-8331-BC9683E49059}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], PUP.Optional.VideoPlayer.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8F2263FE-D363-40E0-9538-52BD78D36ED8}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], PUP.Optional.VideoPlayer.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8F2263FE-D363-40E0-9538-52BD78D36ED8}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], PUP.Optional.VideoPlayer.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8F2263FE-D363-40E0-9538-52BD78D36ED8}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], PUP.Optional.VideoPlayer.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8F2263FE-D363-40E0-9538-52BD78D36ED8}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{e5978446-df5c-4ffe-b126-cc9f04d8bcbb}, In Quarantäne, [f0438d047b0f90a64996f525828421df], PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5978446-DF5C-4FFE-B126-CC9F04D8BCBB}, In Quarantäne, [f0438d047b0f90a64996f525828421df], PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{24a97fcd-7161-46d6-91d9-370ccf32be62}, In Quarantäne, [f0438d047b0f90a64996f525828421df], PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BA1AC0A4-08A2-4C4D-A258-673EEAD31ABE}, In Quarantäne, [f0438d047b0f90a64996f525828421df], PUP.Optional.MediaWatch.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E5978446-DF5C-4FFE-B126-CC9F04D8BCBB}, In Quarantäne, [f0438d047b0f90a64996f525828421df], PUP.Optional.MediaWatch.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E5978446-DF5C-4FFE-B126-CC9F04D8BCBB}, In Quarantäne, [f0438d047b0f90a64996f525828421df], PUP.Optional.MediaWatch.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E5978446-DF5C-4FFE-B126-CC9F04D8BCBB}, In Quarantäne, [f0438d047b0f90a64996f525828421df], PUP.Optional.MediaWatch.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E5978446-DF5C-4FFE-B126-CC9F04D8BCBB}, In Quarantäne, [f0438d047b0f90a64996f525828421df], Registrierungswerte: 7 PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ggkcbejnocbilhflhkfinpglppngccom|path, C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ch\MediaWatchV1home3705.crx, In Quarantäne, [0a296a27c7c30c2a617ccc05000327d9] PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jkfdofagjlgcljcjibmembhbjnpbalip|path, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ch\VideoPlayerV3beta821.crx, In Quarantäne, [0132a3eed2b8c373df04f9d81de6fa06] PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@VideoPlayerV3beta821.net, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ff, In Quarantäne, [7bb8e4ad8703df57d933e032c93b9b65] PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaPlayerV1alpha460.net, C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha460\ff, In Quarantäne, [c76c94fd93f74ee8bc8ae03b1aea11ef] PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaWatchV1home3705.net, C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ff, In Quarantäne, [88abe2afb2d86ec805783d100203ab55] PUP.Optional.SearchQu.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}|URL, hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}, In Quarantäne, [bd76ddb4abdfc27485d71d47b74eb64a] PUP.Optional.SearchQu.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}|SuggestionsURL_JSON, hxxp://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=413&qu={searchTerms}&ft=json, In Quarantäne, [87ac88093b4f3df9a8b4bea615f0e41c] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 48 PUP.Optional.Datamngr.A, C:\Users\Uta\AppData\LocalLow\DataMngr, In Quarantäne, [77bc474a0f7ba195ac9d683ac63dfa06], PUP.Optional.Datamngr.A, C:\Users\Volker Henkels\AppData\LocalLow\DataMngr, In Quarantäne, [56ddb2df9ceea98dbd8c435fa16236ca], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\css, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\cufon, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\jquery, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\ts, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\locale, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\locale\en-US, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\locale\ru-RU, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\defaults, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\defaults\preferences, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\icons, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\common, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\css, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\cufon, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\jquery, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\ts, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\_locales, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\_locales\en_US, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\_locales\ru, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0\images, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0\images, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0\images, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1\images, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\images, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0\images, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], Dateien: 360 PUP.Optional.Bandoo.A, C:\Users\Volker Henkels\Documents\Downloads\Setup71_FreeFlvConverter.exe, In Quarantäne, [57dc9af72f5b0d2986b649087a8c728e], PUP.Optional.FreeNew.A, C:\Users\Volker Henkels\Documents\Downloads\Emoji_Fun_+_Smiley_+_Emotion_Keyboard_1.0_downloader.exe, In Quarantäne, [dd56ade4bad0bf770feae362fa079d63], PUP.Optional.Searchqu.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, In Quarantäne, [062d6928236740f669be9c98976e1fe1], PUP.Optional.Datamngr.A, C:\Users\Uta\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, In Quarantäne, [77bc474a0f7ba195ac9d683ac63dfa06], PUP.Optional.Datamngr.A, C:\Users\Volker Henkels\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, In Quarantäne, [56ddb2df9ceea98dbd8c435fa16236ca], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome.manifest, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\install.rdf, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\ff-overlay.xul, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\gm_compiler.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\gm_prefs.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\gm_xhr.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\icon.png, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\overlay.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\utils.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\css\magicplayer.css, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\css\ts-buttons.css, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\jquery\jquery-1.7.min.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\ts\button.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\ts\core.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\ts\magicplayer.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\ts\player.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\1337x.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\adminko.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\animelayer.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\animereactor.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\arenabg.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\baibako.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bakabt.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\beeretracker.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\berloga.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bete.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\big-boss.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bigfangroup.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bigtorrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bithumen.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bitmanija.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bitsnoop.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bitsoup.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\btscene.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\coda.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\dark-os.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\demonoid.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\dimeadozen.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\divxtotal.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\dontracker.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\dxp.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\elitetorrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\ex.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\extratorrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\eztv.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\fast-torrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\fasttorrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\fat.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\fenopy.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\fex.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\file.lu.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\filebag.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\filebase.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\free-torrents.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\freekino.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\fulldls.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\goldenshara.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\hdclub.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\hdclub.org.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\hdreactor.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\hilm.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\hq-video.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\hqclub.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\jc-club.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\jesus-torrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\kat.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\katushka.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\kinokopilka.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\kinoshek.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\kinozal.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\kinsburg.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\limetorrents.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\linkomanija.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\lostfilm.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\masters-tb.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\maxnet.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\mediastore.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\mininova.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\monova.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\movietorrents.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\multiestrenos.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bithq.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\estrenosdtl.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\frenchtorrentdb.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\piratbit.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\seedpeer.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\toloka.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\mytorrento.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\newtorr.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\nice-media.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\nigma.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\nnm.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\nnportal.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\novafilm.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\novaset.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\nyaa.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\oday.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\opensharing.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\opentorrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\picktorrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\pirat.ca.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\planefilm.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\powertracker.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\pravtor.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\publichd.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\rarbg.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\rgfootball.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\riper.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\rt-tracker.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\rustorka.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\rutor.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\rutracker.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\scenefz.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\starbit.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\stepashka.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\streamzone.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\sumotorrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\take.fm.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\tapochek.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\tfile.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\thepiratebay.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torlock.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\tormovies.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrent73.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentbit.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentdownloads.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentfunk.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentom.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentreactor.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrents.by.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrents.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrents.net.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentsmd.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentstream.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentzap.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrnado-ru.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrnado.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\treckera-net.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\uatracker.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\undelete.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\uniongang.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\unionpeer.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\uraltrack.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\vertor.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\x-torrents.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\yify.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\yourbittorent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\youtor.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\youtube.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\youtube_pre.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\zamunda.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\zlofenix.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\zoneland.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\_conf.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\locale\en-US\as_magicplayer.dtd, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\locale\en-US\as_magicplayer.properties, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\locale\ru-RU\as_magicplayer.dtd, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\locale\ru-RU\as_magicplayer.properties, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\defaults\preferences\as_magicplayer.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\background.html, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\bootstrap.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\init.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\manifest.json, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\icons\magicplayer128.png, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\icons\magicplayer16.png, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\icons\magicplayer48.png, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\common\core.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\common\prefs.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\common\utils.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\bg.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\utils.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\css\magicplayer.css, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\css\ts-buttons.css, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\jquery\jquery-1.7.min.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\ts\button.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\ts\core.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\ts\magicplayer.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\ts\player.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\1337x.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\adminko.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\animelayer.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\animereactor.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\arenabg.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\baibako.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bakabt.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\beeretracker.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\berloga.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bete.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\big-boss.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bigfangroup.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bigtorrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bithumen.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bitmanija.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bitsnoop.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bitsoup.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\btscene.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\coda.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\dark-os.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\demonoid.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\dimeadozen.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\divxtotal.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\dontracker.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\dxp.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\elitetorrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\ex.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\extratorrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\eztv.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fast-torrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fasttorrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fat.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fenopy.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fex.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\file.lu.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\filebag.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\filebase.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\free-torrents.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\freekino.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fulldls.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\goldenshara.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hdclub.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hdclub.org.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hdreactor.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hilm.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hq-video.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hqclub.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\jc-club.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\jesus-torrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\kat.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\katushka.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\kinokopilka.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\kinoshek.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\kinozal.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\kinsburg.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\limetorrents.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\linkomanija.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\lostfilm.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\masters-tb.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\maxnet.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\mediastore.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\mininova.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\monova.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\movietorrents.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\multiestrenos.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bithq.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\estrenosdtl.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\frenchtorrentdb.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\piratbit.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\seedpeer.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\toloka.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\mytorrento.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\newtorr.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\nice-media.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\nigma.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\nnm.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\nnportal.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\novafilm.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\novaset.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\nyaa.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\oday.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\opensharing.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\opentorrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\picktorrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\pirat.ca.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\planefilm.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\powertracker.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\pravtor.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\publichd.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rarbg.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rgfootball.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\riper.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rt-tracker.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rustorka.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rutor.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rutracker.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\scenefz.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\starbit.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\stepashka.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\streamzone.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\sumotorrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\take.fm.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\tapochek.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\tfile.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\thepiratebay.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torlock.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\tormovies.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrent73.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentbit.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentdownloads.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentfunk.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentom.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentreactor.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrents.by.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrents.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrents.net.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentsmd.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentstream.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentzap.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrnado-ru.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrnado.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\treckera-net.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\uatracker.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\undelete.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\uniongang.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\unionpeer.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\uraltrack.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\vertor.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\x-torrents.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\yify.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\yourbittorent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\youtor.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\youtube.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\youtube_pre.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\zamunda.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\zlofenix.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\zoneland.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\_conf.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\_locales\en_US\messages.json, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\_locales\ru\messages.json, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0\manifest.json, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0\icon.ico, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0\images\MediaViewV1alpha76_128.png, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0\images\MediaViewV1alpha76_16.png, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0\images\MediaViewV1alpha76_48.png, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0\images\MediaViewV1alpha76_64.png, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0\manifest.json, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0\icon.ico, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0\images\MediaWatchV1home3705_128.png, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0\images\MediaWatchV1home3705_16.png, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0\images\MediaWatchV1home3705_48.png, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0\images\MediaWatchV1home3705_64.png, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0\manifest.json, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0\icon.ico, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0\images\MediaViewV1alpha943_128.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0\images\MediaViewV1alpha943_16.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0\images\MediaViewV1alpha943_48.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0\images\MediaViewV1alpha943_64.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1\icon.ico, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1\manifest.json, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1\images\MediaViewV1alpha943_128.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1\images\MediaViewV1alpha943_16.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1\images\MediaViewV1alpha943_48.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1\images\MediaViewV1alpha943_64.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\manifest.json, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\icon.ico, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\images\Thumbs.db, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\images\VideoPlayerV3beta821_128.png, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\images\VideoPlayerV3beta821_16.png, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\images\VideoPlayerV3beta821_48.png, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\images\VideoPlayerV3beta821_64.png, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0\manifest.json, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0\icon.ico, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0\images\MediaViewerV1alpha1230_128.png, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0\images\MediaViewerV1alpha1230_16.png, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0\images\MediaViewerV1alpha1230_48.png, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0\images\MediaViewerV1alpha1230_64.png, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.203 - Bericht erstellt 08/05/2015 um 16:52:52
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-08.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x86)
# Benutzername : Volker Henkels - DESKTOP
# Gestarted von : C:\Users\Volker Henkels\Documents\Downloads\AdwCleaner_4.203.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension
Ordner Gelöscht : C:\Users\Volker Henkels\Documents\Updater
Datei Gelöscht : C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage
Datei Gelöscht : C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage-journal
Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
***** [ Geplante Tasks ] *****
Task Gelöscht : AmiUpdXp
Task Gelöscht : DealPlyUpdate
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Wert Gelöscht : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Video Player
Schlüssel Gelöscht : HKLM\SOFTWARE\VideoPlayerV3
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17728
-\\ Mozilla Firefox v36.0.4 (x86 de)
-\\ Google Chrome v42.0.2311.135
[C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : mfhnkgpdlogbknkhlgdjlejeljbhflim
*************************
AdwCleaner[R0].txt - [13497 Bytes] - [22/04/2014 00:39:07]
AdwCleaner[R1].txt - [1404 Bytes] - [22/04/2014 20:13:05]
AdwCleaner[R2].txt - [2357 Bytes] - [08/05/2015 16:50:34]
AdwCleaner[S0].txt - [13480 Bytes] - [22/04/2014 00:39:56]
AdwCleaner[S1].txt - [2277 Bytes] - [08/05/2015 16:52:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2336 Bytes] ##########
|
|
| Themen zu Aus Email Anhang von DHL TR/Emotet.A.92 installiert |
| antivir, antivirus, avira, bonjour, browser, converter, desktop, dhl mail, email, flash player, google, kaspersky, launch, logfile, maus, realtek, registry, rojaner gefunden, scan, security, software, starten, svchost.exe, symantec, system, trojaner, virusverdacht, virusverdacht nach öffnen infizierter emailanhang, windows |
dann auf 
und dann auf 
. 
Linear-Darstellung
