| |
| |||||||
Log-Analyse und Auswertung: USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.08.2015, 05:40
| #1 |
| |  USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) Hallo, seit ein paar Tagen zeigt mein USB-Stick (bzw. inzwischen zwei...) wenn ich den Ordner öffnen möchte nur eine Verknüpfung zum Stick selbst an. Ich vermute, dass ich mir in der Uni etwas eingefangen habe. Avira hatte 2 Funde, geändert hat sich nichts. Vorhin habe ich Malwarebytes drüberlaufen lassen und hatte über 500 Funde  Ansonsten funktioniert der PC noch ganz gut, ich hoffe, es ist nicht allzu schlimm... Wäre für Hilfe extrem dankbar! [Sitze in Mexiko und habe wenig Hoffnung, deutschsprachige PC-Experten zu finden] Hier kommen die logs (musste leider Avira, Malwarebytes und GMER zippen): defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:11 on 27/08/2015 (Bine)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:27-08-2015 durchgeführt von Bine (Administrator) auf NINIMAU (27-08-2015 22:15:40) Gestartet von C:\Users\Bine\Desktop Geladene Profile: Bine (Verfügbare Profile: Bine) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Atheros) C:\Program Files\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (SpiderOak) C:\Program Files\SpiderOakONE\SpiderOakONE.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (SpiderOak) C:\Program Files\SpiderOakONE\SpiderOakONE.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe () C:\Program Files\SpiderOakONE\windows_dir_watcher.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737712 2015-08-26] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKU\S-1-5-21-3862519716-2807753652-4247563606-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-3862519716-2807753652-4247563606-1000\...\Run: [SpiderOak] => C:\Program Files\SpiderOak\SpiderOak.exe --windows_startup HKU\S-1-5-21-3862519716-2807753652-4247563606-1000\...\Run: [Dropbox Update] => C:\Users\Bine\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [SpiderOakONEOverlay] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBE} => C:\Program Files\SpiderOakONE\shell_extension.dll [2015-07-13] (SpiderOakONE) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKU\S-1-5-21-3862519716-2807753652-4247563606-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mx.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset URLSearchHook: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000 - (Kein Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - Keine Datei SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000 -> {6A7726B4-1004-400B-9DA3-A1646EC42A16} URL = hxxps://mx.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-18] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-18] (Oracle Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-30] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-30] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-30] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-30] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-30] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-30] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-30] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-30] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-07-30] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{A6F5284D-4211-44AC-A452-C326DE0C73AB}: [DhcpNameServer] 192.168.100.1 FireFox: ======== FF ProfilePath: C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default FF DefaultSearchEngine: Ecosia FF SelectedSearchEngine: Ecosia FF Homepage: hxxps://mx.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-26] () FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-18] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\searchplugins\ecosia.xml [2015-05-29] FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\Extensions\artur.dubovoy@gmail.com [2015-08-14] FF Extension: YouTube mp3 - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\Extensions\info@youtube-mp3.org.xpi [2012-08-27] FF Extension: Video DownloadHelper - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14] FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-06-05] FF Extension: Adblock Plus - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-14] FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-01-24] Chrome: ======= CHR Profile: C:\Users\Bine\AppData\Local\Google\Chrome\User Data\Default ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] R2 AntiVirFirewallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [1054976 2015-08-26] (Avira Operations GmbH & Co. KG) R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [834568 2015-08-26] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [456528 2015-08-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [456528 2015-08-26] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1012240 2015-08-26] (Avira Operations GmbH & Co. KG) R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [660848 2010-12-16] (Juniper Networks) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [Datei ist nicht signiert] S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.) R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2013-07-30] (Avira GmbH) R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2013-07-30] (Avira GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-08-26] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-08-26] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG) S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [115808 2011-06-19] (SysProgs.org) R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2010-12-16] (Juniper Networks) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-27] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [27696 2015-06-16] (Avira Operations GmbH & Co. KG) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2010-08-20] (The OpenVPN Project) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-27 22:15 - 2015-08-27 22:17 - 00015798 _____ C:\Users\Bine\Desktop\FRST.txt 2015-08-27 22:15 - 2015-08-27 22:16 - 00000000 ____D C:\FRST 2015-08-27 22:13 - 2015-08-27 22:14 - 01690624 _____ (Farbar) C:\Users\Bine\Desktop\FRST.exe 2015-08-27 22:11 - 2015-08-27 22:12 - 00000470 _____ C:\Users\Bine\Desktop\defogger_disable.log 2015-08-27 22:11 - 2015-08-27 22:11 - 00000000 _____ C:\Users\Bine\defogger_reenable 2015-08-27 22:09 - 2015-08-27 22:09 - 00050477 _____ C:\Users\Bine\Desktop\Defogger.exe 2015-08-27 21:24 - 2015-08-27 21:24 - 00199270 _____ C:\Windows\PFRO.log 2015-08-27 20:29 - 2015-08-27 21:45 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-27 20:27 - 2015-08-27 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-08-27 20:27 - 2015-08-27 20:27 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-08-27 20:27 - 2015-08-27 20:27 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 2015-08-27 20:27 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-27 20:27 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-27 20:27 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-27 20:23 - 2015-08-27 20:24 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Bine\Downloads\mbam-setup-2.1.8.1057.exe 2015-08-26 11:56 - 2015-08-26 11:57 - 01190104 _____ (Adobe Systems Incorporated) C:\Users\Bine\Downloads\flashplayer18_ha_install.exe 2015-08-25 07:45 - 2015-08-27 21:24 - 00000896 _____ C:\Windows\setupact.log 2015-08-25 07:45 - 2015-08-25 07:45 - 00000000 _____ C:\Windows\setuperr.log 2015-08-20 09:02 - 2015-08-20 09:02 - 00002687 _____ C:\Users\Public\Desktop\Skype.lnk 2015-08-20 09:02 - 2015-08-20 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-08-20 09:02 - 2015-08-20 09:02 - 00000000 ____D C:\Program Files\Common Files\Skype 2015-08-20 08:30 - 2015-08-10 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-20 08:30 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-17 14:32 - 2015-08-17 14:32 - 00000000 ____D C:\Users\Bine\AppData\Local\SpiderOak 2015-08-17 14:31 - 2015-08-17 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpiderOakONE 2015-08-17 14:31 - 2015-08-17 14:31 - 00000000 ____D C:\Program Files\SpiderOakONE 2015-08-17 14:19 - 2015-08-17 14:19 - 26113560 _____ C:\Users\Bine\Downloads\SpiderOakONESetup-6.0.exe 2015-08-17 12:43 - 2015-08-18 08:10 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-12 17:05 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 13:54 - 2015-07-28 15:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-08-12 13:54 - 2015-07-28 15:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-08-12 13:54 - 2015-07-28 15:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-08-12 13:54 - 2015-07-28 15:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-08-12 13:54 - 2015-07-28 15:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-08-12 13:54 - 2015-07-28 15:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-08-12 13:54 - 2015-07-28 15:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-08-12 13:54 - 2015-07-28 14:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-08-12 13:54 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-08-12 13:54 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-08-12 13:54 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-12 13:54 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-12 13:54 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-12 13:54 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-08-12 13:53 - 2015-07-16 14:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-12 13:53 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-08-12 13:53 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-12 13:53 - 2015-07-15 12:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-08-12 13:53 - 2015-07-15 12:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-12 13:53 - 2015-07-15 12:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-08-12 13:53 - 2015-07-15 12:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-08-12 13:53 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-08-12 13:53 - 2015-07-15 12:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-08-12 13:53 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-12 13:53 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-08-12 13:53 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-08-12 13:53 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-08-12 13:53 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-08-12 13:53 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-08-12 13:53 - 2015-07-15 11:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-08-12 13:53 - 2015-07-15 11:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-08-12 13:53 - 2015-07-15 11:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-08-12 13:52 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-12 13:52 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-12 13:52 - 2015-07-30 12:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-12 13:52 - 2015-07-30 12:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-08-12 13:52 - 2015-07-30 12:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-12 13:52 - 2015-07-30 12:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-08-12 13:52 - 2015-07-30 12:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-08-12 13:52 - 2015-07-30 11:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-12 13:52 - 2015-07-30 11:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-12 13:52 - 2015-07-20 19:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-08-12 13:52 - 2015-07-16 15:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-08-12 13:52 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-12 13:52 - 2015-07-16 14:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-08-12 13:52 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-12 13:52 - 2015-07-16 14:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-08-12 13:52 - 2015-07-16 14:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-08-12 13:52 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-12 13:52 - 2015-07-16 14:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-12 13:52 - 2015-07-16 14:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-08-12 13:52 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-12 13:52 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-12 13:52 - 2015-07-16 14:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-12 13:52 - 2015-07-16 14:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-08-12 13:52 - 2015-07-16 14:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-08-12 13:52 - 2015-07-16 14:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-08-12 13:52 - 2015-07-16 14:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-12 13:52 - 2015-07-16 14:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-08-12 13:52 - 2015-07-16 14:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-08-12 13:52 - 2015-07-16 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-12 13:52 - 2015-07-16 14:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-12 13:52 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-12 13:52 - 2015-07-16 14:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-08-12 13:52 - 2015-07-16 14:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-08-12 13:52 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-12 13:52 - 2015-07-16 14:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-12 13:52 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-12 13:52 - 2015-07-16 14:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-08-12 13:52 - 2015-07-16 14:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-08-12 13:52 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-12 13:52 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-12 13:52 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-08-12 13:52 - 2015-07-16 10:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2015-08-12 13:51 - 2015-07-14 21:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-12 13:51 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-12 13:51 - 2015-05-09 13:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-08-12 13:40 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-12 13:40 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-12 13:40 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-08-12 13:40 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-08-11 11:49 - 2015-08-11 11:49 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-08-11 11:45 - 2015-08-27 21:50 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3862519716-2807753652-4247563606-1000UA.job 2015-08-11 11:45 - 2015-08-27 11:50 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3862519716-2807753652-4247563606-1000Core.job 2015-08-11 11:45 - 2015-08-11 11:45 - 00000000 ____D C:\Users\Bine\AppData\Local\Dropbox 2015-08-11 11:45 - 2015-08-11 11:45 - 00000000 ____D C:\ProgramData\Dropbox 2015-08-10 15:44 - 2015-08-10 15:53 - 46242307 _____ C:\Users\Bine\Downloads\Fotos Tapachula.zip 2015-08-07 16:08 - 2015-08-07 16:08 - 00000000 ____D C:\Users\Bine\Documents\Scientific Software 2015-08-07 16:08 - 2015-08-07 16:08 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Scientific Software 2015-08-07 16:05 - 2015-08-07 16:05 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATLAS.ti.lnk 2015-08-07 16:05 - 2015-08-07 16:05 - 00002147 _____ C:\Users\Public\Desktop\ATLAS.ti.lnk 2015-08-07 16:05 - 2015-08-07 16:05 - 00000000 ____D C:\Users\Public\Documents\Scientific Software 2015-08-07 16:05 - 2015-08-07 16:05 - 00000000 ____D C:\ProgramData\Scientific Software 2015-08-07 16:05 - 2015-08-07 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scientific Software 2015-08-07 16:05 - 2015-08-07 16:05 - 00000000 ____D C:\Program Files\Scientific Software ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-27 22:17 - 2009-07-13 23:34 - 00025328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-27 22:17 - 2009-07-13 23:34 - 00025328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-27 22:11 - 2011-07-14 03:02 - 00000000 ____D C:\Users\Bine 2015-08-27 21:35 - 2014-02-13 02:13 - 01281503 _____ C:\Windows\WindowsUpdate.log 2015-08-27 21:28 - 2014-12-14 09:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-27 21:24 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-27 21:24 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\TAPI 2015-08-27 20:34 - 2011-07-14 03:05 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-27 18:55 - 2014-10-06 05:29 - 00000000 ____D C:\Users\Bine\Documents\Diversität LAI 2015-08-27 11:42 - 2013-01-24 08:36 - 00000000 ____D C:\Users\Bine\Documents\Citavi 3 2015-08-27 11:03 - 2011-07-19 05:11 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Skype 2015-08-26 12:03 - 2011-07-14 05:12 - 00000000 ____D C:\Users\Bine\AppData\Local\Adobe 2015-08-26 12:02 - 2012-11-03 06:40 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-08-26 12:02 - 2011-07-17 10:33 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-08-26 07:57 - 2013-07-30 10:48 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-08-26 07:57 - 2013-07-30 10:48 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-08-25 21:41 - 2012-10-25 12:03 - 00000000 ____D C:\Users\Bine\AppData\Local\CRE 2015-08-22 21:07 - 2015-05-22 10:28 - 00000000 ____D C:\Users\Bine\.freemind 2015-08-20 09:02 - 2014-09-22 12:06 - 00000000 ___RD C:\Program Files\Skype 2015-08-20 09:01 - 2011-07-19 05:08 - 00000000 ____D C:\ProgramData\Skype 2015-08-18 08:10 - 2012-09-02 03:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-17 19:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache 2015-08-12 21:58 - 2009-07-13 23:33 - 00448136 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-12 21:55 - 2014-12-12 03:51 - 00000000 ____D C:\Windows\system32\appraiser 2015-08-12 21:55 - 2014-05-02 02:06 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-08-12 21:55 - 2009-07-14 03:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE 2015-08-12 21:55 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\de-DE 2015-08-12 17:40 - 2014-12-11 06:03 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-12 17:27 - 2013-08-16 02:45 - 00000000 ____D C:\Windows\system32\MRT 2015-08-12 17:19 - 2011-08-02 02:02 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-11 14:17 - 2009-07-13 23:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-11 11:52 - 2012-08-29 09:03 - 00000000 ___RD C:\Users\Bine\Dropbox 2015-08-11 11:51 - 2012-08-29 08:58 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Dropbox 2015-08-03 21:41 - 2013-01-24 08:25 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Swiss Academic Software 2015-08-03 10:11 - 2011-07-14 03:40 - 00000000 ____D C:\Windows\Panther 2015-08-03 09:59 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT 2015-08-02 12:44 - 2015-04-13 14:43 - 00000000 ___SD C:\Windows\system32\GWX ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-03-14 13:41 - 2015-03-15 05:55 - 0007598 _____ () C:\Users\Bine\AppData\Local\resmon.resmoncfg 2015-07-15 11:38 - 2015-06-15 16:42 - 86877056 ___SH () C:\ProgramData\msqxolt.exe Einige Dateien in TEMP: ==================== C:\Users\Bine\AppData\Local\Temp\avgnt.exe C:\Users\Bine\AppData\Local\Temp\cdo2659222559.dll C:\Users\Bine\AppData\Local\Temp\cdo3265668061.dll C:\Users\Bine\AppData\Local\Temp\cdo3669941356.dll C:\Users\Bine\AppData\Local\Temp\cdo3736216626.dll C:\Users\Bine\AppData\Local\Temp\cdo3738437381.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-22 10:01 ==================== Ende vom FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:27-08-2015
durchgeführt von Bine (2015-08-27 22:19:08)
Gestartet von C:\Users\Bine\Desktop
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3862519716-2807753652-4247563606-500 - Administrator - Disabled)
Bine (S-1-5-21-3862519716-2807753652-4247563606-1000 - Administrator - Enabled) => C:\Users\Bine
Gast (S-1-5-21-3862519716-2807753652-4247563606-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3862519716-2807753652-4247563606-1002 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Enabled) {753F9273-B322-2907-AC37-03D0F1702F22}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
µTorrent (HKLM\...\uTorrent) (Version: 3.2.1.28086 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B950C70E-92CE-7726-CC9D-194CCFB4D35B}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ATLAS.ti (HKLM\...\{3F9B126A-0DCF-4992-9795-30A61BD6D4AB}) (Version: 7.5.4.0 - ATLAS.ti Scientific Software Development GmbH)
Avira Internet Security (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.12.260 - Avira Operations GmbH & Co. KG)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.235.19 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.08 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citavi (HKLM\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.1 - Swiss Academic Software)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-3862519716-2807753652-4247563606-1000\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Juniper Networks Network Connect 7.0.0 (HKLM\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.17289 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-3862519716-2807753652-4247563606-1000\...\Juniper_Setup_Client) (Version: 2.2.4.9429 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
LibreOffice 3.6 (HKLM\...\{7FDEBC17-F2F8-4B66-BE25-A2DD59B44F61}) (Version: 3.6.5.2 - The Document Foundation)
LibreOffice 3.6 Help Pack (German) (HKLM\...\{053B7127-6400-4EC6-AAEE-F556045C9B22}) (Version: 3.6.5.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 de) (HKLM\...\Mozilla Firefox 40.0.2 (x86 de)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
PASW Statistics 18 (HKLM\...\{C25215FC-5900-48B0-B93C-8D3379027312}) (Version: 18.0.0 - SPSS Inc.)
PDF24 Creator 6.9.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Qualcomm Atheros Fast Reconnect (HKLM\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros)
SecureW2 EAP Suite 1.1.1 for Windows (HKLM\...\SecureW2 EAP Suite) (Version: - )
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SpiderOakONE (HKLM\...\{6711FEBE-7890-437A-B688-7EC1002AFE8D}) (Version: 6.0.0.10128 - SpiderOak)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Bine\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Bine\AppData\Local\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Bine\AppData\Local\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Bine\AppData\Local\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Bine\AppData\Local\Dropbox\Update\1.3.27.35\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{E763661E-E497-4D41-AFF4-6BBCB62B9E89}\InprocServer32 -> C:\Users\Bine\AppData\Local\Dropbox\Update\1.3.27.35\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Bine\AppData\Local\Dropbox\Update\1.3.27.35\psuser.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
21-07-2015 20:27:54 Windows Update
03-08-2015 08:11:46 Windows Update
06-08-2015 09:17:07 Windows Update
07-08-2015 16:03:41 Installed ATLAS.ti
10-08-2015 08:29:41 Windows Update
12-08-2015 17:02:58 Windows Update
16-08-2015 16:34:10 Windows Update
17-08-2015 14:23:08 Installed SpiderOakONE
20-08-2015 08:28:11 Windows Update
23-08-2015 09:15:20 Windows Update
26-08-2015 09:50:41 Windows Update
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-13 21:04 - 2011-08-10 05:01 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {03699585-3925-4146-81D0-42B1B1BD324F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3862519716-2807753652-4247563606-1000UA => C:\Users\Bine\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-11] (Dropbox, Inc.)
Task: {0C4B140A-C633-417C-8CDC-BC23E815A14A} - System32\Tasks\SecureW2 Task => C:\Program Files\SecureW2\sw2_tray.exe
Task: {0F46F435-7B95-4AEB-84D2-23821BF7F9B1} - System32\Tasks\{0F3D056F-FDDE-4C7C-A051-0E41D5CB3068} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsMain
Task: {5E0E5448-5751-44A2-9213-F06903D01A23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-26] (Adobe Systems Incorporated)
Task: {94B39A48-0A22-4096-9DFF-052B154C2A10} - System32\Tasks\{DAC43F2F-A716-42FE-AE0A-FBE469CD36A0} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.85.102/de/go/help.faq.installer?LastError=1604
Task: {A692EFB8-C671-4A26-813E-C6940A7A8400} - System32\Tasks\{1F308820-B00B-40BD-A709-CB0FB6967DC9} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
Task: {B0E09598-FD7F-4382-A7AB-222DCBEF2FA3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3862519716-2807753652-4247563606-1000Core => C:\Users\Bine\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-11] (Dropbox, Inc.)
Task: {B6E39F38-13B4-4044-85D1-41732C416FF0} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {C80E61AD-5354-4ECD-8E35-9ECF32923129} - System32\Tasks\{0B48910D-666B-4C1B-BDF9-73AAF69BF96A} => C:\Program Files\Skype\\Phone\Skype.exe [2015-08-07] (Skype Technologies S.A.)
Task: {DCCCDA89-55A3-47BA-B2E5-E1DBECB4603D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3862519716-2807753652-4247563606-1000Core.job => C:\Users\Bine\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3862519716-2807753652-4247563606-1000UA.job => C:\Users\Bine\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2012-08-03 07:53 - 2012-08-03 07:53 - 00062968 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-03-28 15:29 - 2013-03-28 15:29 - 00065024 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-03-11 05:00 - 2014-03-11 05:00 - 00100352 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32api.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00110080 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\pywintypes27.dll
2014-03-11 05:01 - 2014-03-11 05:01 - 00396800 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\pythoncom27.dll
2014-03-11 05:00 - 2014-03-11 05:00 - 00015872 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32trace.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00108544 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32security.pyd
2014-03-11 05:03 - 2014-03-11 05:03 - 00382464 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32com.shell.shell.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00049664 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32evtlog.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00119808 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32file.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00024064 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32pipe.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00018432 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32event.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00036864 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32process.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00167936 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32gui.pyd
2014-03-11 05:03 - 2014-03-11 05:03 - 00099328 _____ () C:\Program Files\SpiderOakONE\shell_extension_lib\win32com.propsys.propsys.pyd
2013-01-24 07:41 - 2013-01-24 07:41 - 00122880 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\CitaviPickerCommunication.dll
2014-12-10 12:25 - 2014-12-10 12:25 - 00774656 _____ () C:\Program Files\SpiderOakONE\lib\_hashlib.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00100352 _____ () C:\Program Files\SpiderOakONE\lib\win32api.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00110080 _____ () C:\Program Files\SpiderOakONE\lib\pywintypes27.dll
2014-12-10 12:25 - 2014-12-10 12:25 - 00048128 _____ () C:\Program Files\SpiderOakONE\lib\_sqlite3.pyd
2014-12-10 12:23 - 2014-12-10 12:23 - 00426496 _____ () C:\Program Files\SpiderOakONE\lib\sqlite3.dll
2014-12-10 12:25 - 2014-12-10 12:25 - 00046080 _____ () C:\Program Files\SpiderOakONE\lib\_socket.pyd
2015-06-11 14:46 - 2015-06-11 14:46 - 00019968 _____ () C:\Program Files\SpiderOakONE\lib\zope.interface._zope_interface_coptimizations.pyd
2015-06-11 14:46 - 2015-06-11 14:46 - 00051712 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._OOBTree.pyd
2015-06-11 14:46 - 2015-06-11 14:46 - 00018944 _____ () C:\Program Files\SpiderOakONE\lib\persistent.cPersistence.pyd
2015-06-11 14:46 - 2015-06-11 14:46 - 00010752 _____ () C:\Program Files\SpiderOakONE\lib\persistent.TimeStamp.pyd
2015-06-11 14:46 - 2015-06-11 14:46 - 00015360 _____ () C:\Program Files\SpiderOakONE\lib\persistent.cPickleCache.pyd
2015-06-11 14:46 - 2015-06-11 14:46 - 00054784 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._OIBTree.pyd
2015-06-11 14:46 - 2015-06-11 14:46 - 00055808 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._IIBTree.pyd
2015-06-11 14:46 - 2015-06-11 14:46 - 00054784 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._IOBTree.pyd
2015-06-11 14:46 - 2015-06-11 14:46 - 00056832 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._IFBTree.pyd
2015-06-11 14:46 - 2015-06-11 14:46 - 00055296 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._OLBTree.pyd
2015-06-11 14:46 - 2015-06-11 14:46 - 00058880 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._LLBTree.pyd
2015-06-11 14:46 - 2015-06-11 14:46 - 00056832 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._LOBTree.pyd
2015-06-11 14:46 - 2015-06-11 14:46 - 00058368 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._LFBTree.pyd
2015-06-11 14:46 - 2015-06-11 14:46 - 00053248 _____ () C:\Program Files\SpiderOakONE\lib\BTrees._fsBTree.pyd
2015-06-10 18:33 - 2015-06-10 18:33 - 00006144 _____ () C:\Program Files\SpiderOakONE\lib\twisted.python._initgroups.pyd
2015-06-10 18:33 - 2015-06-10 18:33 - 00010240 _____ () C:\Program Files\SpiderOakONE\lib\Crypto.Hash.SHA256.pyd
2015-06-10 19:27 - 2015-06-10 19:27 - 00022528 _____ () C:\Program Files\SpiderOakONE\lib\bcrypt._bcrypt.pyd
2015-06-10 18:33 - 2015-06-10 18:33 - 00009728 _____ () C:\Program Files\SpiderOakONE\lib\Crypto.Random.OSRNG.winrandom.pyd
2015-06-10 18:33 - 2015-06-10 18:33 - 00010240 _____ () C:\Program Files\SpiderOakONE\lib\Crypto.Util._counter.pyd
2015-06-10 18:33 - 2015-06-10 18:33 - 00030720 _____ () C:\Program Files\SpiderOakONE\lib\Crypto.Cipher.AES.pyd
2014-11-09 12:39 - 2014-11-09 12:39 - 01688576 _____ () C:\Program Files\SpiderOakONE\lib\PyQt4.QtCore.pyd
2014-11-09 12:33 - 2014-11-09 12:33 - 00077824 _____ () C:\Program Files\SpiderOakONE\lib\sip.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00087552 _____ () C:\Program Files\SpiderOakONE\lib\_ctypes.pyd
2014-03-11 05:01 - 2014-03-11 05:01 - 00396800 _____ () C:\Program Files\SpiderOakONE\lib\pythoncom27.dll
2014-03-11 05:03 - 2014-03-11 05:03 - 00382464 _____ () C:\Program Files\SpiderOakONE\lib\win32com.shell.shell.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00119808 _____ () C:\Program Files\SpiderOakONE\lib\win32file.pyd
2014-11-09 12:47 - 2014-11-09 12:47 - 05942784 _____ () C:\Program Files\SpiderOakONE\lib\PyQt4.QtGui.pyd
2014-11-09 12:48 - 2014-11-09 12:48 - 00502784 _____ () C:\Program Files\SpiderOakONE\lib\PyQt4.QtNetwork.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00010240 _____ () C:\Program Files\SpiderOakONE\lib\select.pyd
2015-03-23 10:52 - 2015-03-23 10:52 - 00054784 _____ () C:\Program Files\SpiderOakONE\lib\OpenSSL.crypto.pyd
2015-03-23 10:52 - 2015-03-23 10:52 - 00010240 _____ () C:\Program Files\SpiderOakONE\lib\OpenSSL.rand.pyd
2015-03-23 10:52 - 2015-03-23 10:52 - 00045056 _____ () C:\Program Files\SpiderOakONE\lib\OpenSSL.SSL.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00036864 _____ () C:\Program Files\SpiderOakONE\lib\win32process.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00038912 _____ () C:\Program Files\SpiderOakONE\lib\win32inet.pyd
2015-06-10 18:33 - 2015-06-10 18:33 - 00055296 _____ () C:\Program Files\SpiderOakONE\lib\Crypto.Cipher.DES3.pyd
2015-06-10 18:33 - 2015-06-10 18:33 - 00008704 _____ () C:\Program Files\SpiderOakONE\lib\Crypto.Cipher.XOR.pyd
2015-06-10 18:33 - 2015-06-10 18:33 - 00007680 _____ () C:\Program Files\SpiderOakONE\lib\Crypto.Util.strxor.pyd
2015-06-10 18:33 - 2015-06-10 18:33 - 00007168 _____ () C:\Program Files\SpiderOakONE\lib\twisted.protocols._c_urlarg.pyd
2014-11-09 12:49 - 2014-11-09 12:49 - 00202240 _____ () C:\Program Files\SpiderOakONE\lib\PyQt4.QtDeclarative.pyd
2014-12-10 12:25 - 2014-12-10 12:25 - 00686080 _____ () C:\Program Files\SpiderOakONE\lib\unicodedata.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00024064 _____ () C:\Program Files\SpiderOakONE\lib\win32pipe.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00018432 _____ () C:\Program Files\SpiderOakONE\lib\win32event.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00049664 _____ () C:\Program Files\SpiderOakONE\lib\win32evtlog.pyd
2014-03-11 05:00 - 2014-03-11 05:00 - 00108544 _____ () C:\Program Files\SpiderOakONE\lib\win32security.pyd
2015-04-03 06:42 - 2015-04-03 06:42 - 00147968 _____ () C:\Program Files\SpiderOakONE\styles\fusion.dll
2014-03-11 05:00 - 2014-03-11 05:00 - 00167936 _____ () C:\Program Files\SpiderOakONE\lib\win32gui.pyd
2015-08-12 22:28 - 2015-08-26 12:02 - 17482952 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll
2014-03-11 05:00 - 2014-03-11 05:00 - 00045568 _____ () C:\Program Files\SpiderOakONE\lib\win32console.pyd
2015-06-10 18:32 - 2015-06-10 18:32 - 00033792 _____ () C:\Program Files\SpiderOakONE\lib\simplejson._speedups.pyd
2015-06-10 17:07 - 2015-06-10 17:07 - 00455680 _____ () C:\Program Files\SpiderOakONE\lib\pycurl.pyd
2015-07-13 10:13 - 2015-07-13 10:13 - 00013312 _____ () C:\Program Files\SpiderOakONE\lib\spideroak_version_matcher.pyd
2015-06-09 22:23 - 2015-06-09 22:23 - 01026560 _____ () C:\Program Files\SpiderOakONE\lib\PIL._imaging.pyd
2015-07-13 10:17 - 2015-07-13 10:17 - 00012800 _____ () C:\Program Files\SpiderOakONE\windows_dir_watcher.exe
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Bine\Documents\Master LAI:com.dropbox.attributes
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3862519716-2807753652-4247563606-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{01C4FE77-7F7B-495D-AFD4-EE076A8580DC}] => (Allow) C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{CED57E1D-1764-45A6-9232-DC99E510BBEC}] => (Allow) C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{BEA233DB-5B1D-4ADC-87B9-ADBC67ECA8CE}] => (Allow) C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [{A1D3B183-C48F-4723-A556-77B929152FCB}] => (Allow) C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{48F1D0F1-567A-4A52-92DE-C21313A8808F}] => (Allow) C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{28F57C41-47B4-485C-B3EE-22F73AD48854}] => (Allow) C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [TCP Query User{EB2B5B5F-3739-4A53-9FAD-FF0B4A02ECF0}C:\program files\spssinc\paswstatistics18\paswstat.exe] => (Allow) C:\program files\spssinc\paswstatistics18\paswstat.exe
FirewallRules: [UDP Query User{877368D9-5CEC-45DB-8761-A04D950AA68D}C:\program files\spssinc\paswstatistics18\paswstat.exe] => (Allow) C:\program files\spssinc\paswstatistics18\paswstat.exe
FirewallRules: [{7D89618E-FBBC-4D32-8335-87DCEDA22754}] => (Allow) C:\Users\Bine\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{ED812A03-40B3-451E-932B-D9CA7F40C3BD}] => (Allow) C:\Users\Bine\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{81C283F1-5E55-4FA2-A8AC-3025E057FDA9}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{1F4F072C-9EC4-4A11-AB7D-6A247A21AD17}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{D4C43DA6-1C61-44D5-8CD2-738A43D3CE04}C:\users\bine\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\bine\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{5569FFE4-E771-44D0-928B-E6B437BC07F0}C:\users\bine\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\bine\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{FF66AC2A-1FE1-4214-98A0-86C0EDCC4A58}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1C3BDC18-118E-4F76-A55B-08236E91745C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{21ED639A-A86D-4214-BA1B-F6D69AC72D1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{614D2271-2001-42AB-9A60-64180A758874}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/27/2015 09:33:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOM.exe, Version: 2.0.0.0, Zeitstempel: 0x4f2058ba
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18847, Zeitstempel: 0x554d7b00
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0x1414
Startzeit der fehlerhaften Anwendung: 0xMOM.exe0
Pfad der fehlerhaften Anwendung: MOM.exe1
Pfad des fehlerhaften Moduls: MOM.exe2
Berichtskennung: MOM.exe3
Error: (08/27/2015 09:33:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOM.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
bei ATI.ACE.LOG.Foundation.Implementation.LogMessage.ReportExceptionThenThrowException(System.Exception, System.String)
bei ATI.ACE.LOG.Foundation.LogMessages.ReportExceptionAndThrowException(System.Exception)
bei ATI.ACE.LOG.Foundation.Implementation.Communication.DDInitialize(Boolean, System.String)
bei ATI.ACE.LOG.Foundation.Communications.Initialize(Boolean, System.String)
bei ATI.ACE.MOM.Implementation.MOM_Main.Run()
bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart()
Error: (08/27/2015 09:33:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOM.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
bei ATI.ACE.LOG.Foundation.Implementation.LogMessage.ReportExceptionThenThrowException(System.Exception, System.String)
bei ATI.ACE.LOG.Foundation.LogMessages.ReportExceptionAndThrowException(System.Exception)
bei ATI.ACE.LOG.Foundation.Implementation.Communication.DDInitialize(Boolean, System.String)
bei ATI.ACE.LOG.Foundation.Communications.Initialize(Boolean, System.String)
bei ATI.ACE.MOM.Implementation.MOM_Main.Run()
bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart()
Error: (08/27/2015 09:33:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOM.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
bei ATI.ACE.LOG.Foundation.Implementation.LogMessage.ReportExceptionThenThrowException(System.Exception, System.String)
bei ATI.ACE.LOG.Foundation.LogMessages.ReportExceptionAndThrowException(System.Exception)
bei ATI.ACE.LOG.Foundation.Implementation.Communication.DDInitialize(Boolean, System.String)
bei ATI.ACE.LOG.Foundation.Communications.Initialize(Boolean, System.String)
bei ATI.ACE.MOM.Implementation.MOM_Main.Run()
bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart()
Error: (08/27/2015 08:33:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOM.exe, Version: 2.0.0.0, Zeitstempel: 0x4f2058ba
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18847, Zeitstempel: 0x554d7b00
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0xa7c
Startzeit der fehlerhaften Anwendung: 0xMOM.exe0
Pfad der fehlerhaften Anwendung: MOM.exe1
Pfad des fehlerhaften Moduls: MOM.exe2
Berichtskennung: MOM.exe3
Error: (08/27/2015 08:33:26 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOM.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
bei ATI.ACE.LOG.Foundation.Implementation.LogMessage.ReportExceptionThenThrowException(System.Exception, System.String)
bei ATI.ACE.LOG.Foundation.LogMessages.ReportExceptionAndThrowException(System.Exception)
bei ATI.ACE.LOG.Foundation.Implementation.Communication.DDInitialize(Boolean, System.String)
bei ATI.ACE.LOG.Foundation.Communications.Initialize(Boolean, System.String)
bei ATI.ACE.MOM.Implementation.MOM_Main.Run()
bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart()
Error: (08/27/2015 08:33:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOM.exe, Version: 2.0.0.0, Zeitstempel: 0x4f2058ba
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18847, Zeitstempel: 0x554d7b00
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0x1774
Startzeit der fehlerhaften Anwendung: 0xMOM.exe0
Pfad der fehlerhaften Anwendung: MOM.exe1
Pfad des fehlerhaften Moduls: MOM.exe2
Berichtskennung: MOM.exe3
Error: (08/27/2015 08:33:20 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOM.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
bei ATI.ACE.LOG.Foundation.Implementation.LogMessage.ReportExceptionThenThrowException(System.Exception, System.String)
bei ATI.ACE.LOG.Foundation.LogMessages.ReportExceptionAndThrowException(System.Exception)
bei ATI.ACE.LOG.Foundation.Implementation.Communication.DDInitialize(Boolean, System.String)
bei ATI.ACE.LOG.Foundation.Communications.Initialize(Boolean, System.String)
bei ATI.ACE.MOM.Implementation.MOM_Main.Run()
bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart()
Error: (08/27/2015 08:33:13 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOM.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ApplicationException
Stapel:
bei ATI.ACE.LOG.Foundation.Implementation.LogMessage.ReportExceptionThenThrowException(System.Exception, System.String)
bei ATI.ACE.LOG.Foundation.LogMessages.ReportExceptionAndThrowException(System.Exception)
bei ATI.ACE.LOG.Foundation.Implementation.Communication.DDInitialize(Boolean, System.String)
bei ATI.ACE.LOG.Foundation.Communications.Initialize(Boolean, System.String)
bei ATI.ACE.MOM.Implementation.MOM_Main.Run()
bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart()
Error: (08/26/2015 11:27:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOM.exe, Version: 2.0.0.0, Zeitstempel: 0x4f2058ba
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18847, Zeitstempel: 0x554d7b00
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000812f
ID des fehlerhaften Prozesses: 0x160
Startzeit der fehlerhaften Anwendung: 0xMOM.exe0
Pfad der fehlerhaften Anwendung: MOM.exe1
Pfad des fehlerhaften Moduls: MOM.exe2
Berichtskennung: MOM.exe3
Systemfehler:
=============
Error: (08/27/2015 09:28:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error: (08/27/2015 09:28:05 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (08/27/2015 08:32:35 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Error: (08/27/2015 08:32:35 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Error: (08/27/2015 08:32:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Error: (08/27/2015 08:32:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Error: (08/27/2015 08:32:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Error: (08/27/2015 08:32:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Error: (08/27/2015 08:32:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Error: (08/27/2015 08:32:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: AMD C-50 Processor
Prozentuale Nutzung des RAM: 76%
Installierter physikalischer RAM: 1770.9 MB
Verfügbarer physikalischer RAM: 422.46 MB
Summe virtueller Speicher: 3541.8 MB
Verfügbarer virtueller Speicher: 1650.72 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:298.08 GB) (Free:156.84 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive e: (GUAYABA) (Removable) (Total:1.86 GB) (Free:1.54 GB) FAT
Drive g: (XOCHITL) (Removable) (Total:14.44 GB) (Free:12.2 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 000666F2)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 335A38C6)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0B)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: D9BB1F64)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)
==================== Ende vom Addition.txt ============================
|
|
28.08.2015, 06:23
| #2 |
| /// the machine /// TB-Ausbilder    | USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
28.08.2015, 18:45
| #3 |
| | USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) Danke für die fixe Antwort!
__________________Beide Programme haben leider nichts gefunden, Problem besteht weiterhin. Habe gestern vergessen zu erwähnen dass bei der Analyse mit GMER fünf mal eine Fehlermeldung kam (kein Datenträger im Laufwerk Laufwerk\Device\Harddisk2\DR2), keine Ahnung ob das relevant ist. Und ich habe die beiden USB-Sticks jetzt die ganze Zeit angeschlossen gelassen. Hier die Logs: Malwarebytes Anti-Rootkit Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.2.1008
www.malwarebytes.org
Database version:
main: v2015.08.28.04
rootkit: v2015.08.16.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17959
Bine :: NINIMAU [administrator]
28.08.2015 11:41:19
mbar-log-2015-08-28 (11-41-19).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 326567
Time elapsed: 50 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 12:37:12.0592 0x030c TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
12:37:33.0871 0x030c ============================================================
12:37:33.0871 0x030c Current date / time: 2015/08/28 12:37:33.0871
12:37:33.0871 0x030c SystemInfo:
12:37:33.0871 0x030c
12:37:33.0871 0x030c OS Version: 6.1.7601 ServicePack: 1.0
12:37:33.0871 0x030c Product type: Workstation
12:37:33.0871 0x030c ComputerName: NINIMAU
12:37:33.0871 0x030c UserName: Bine
12:37:33.0871 0x030c Windows directory: C:\Windows
12:37:33.0871 0x030c System windows directory: C:\Windows
12:37:33.0871 0x030c Processor architecture: Intel x86
12:37:33.0871 0x030c Number of processors: 2
12:37:33.0871 0x030c Page size: 0x1000
12:37:33.0871 0x030c Boot type: Normal boot
12:37:33.0871 0x030c ============================================================
12:37:38.0675 0x030c KLMD registered as C:\Windows\system32\drivers\35480093.sys
12:37:39.0299 0x030c System UUID: {CC6C2F9C-85FD-0082-4EFE-F9DAAE4C3BC0}
12:37:41.0359 0x030c Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:37:41.0390 0x030c Drive \Device\Harddisk1\DR1 - Size: 0x39D000000 ( 14.45 Gb ), SectorSize: 0x200, Cylinders: 0x75E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:37:41.0405 0x030c Drive \Device\Harddisk2\DR2 - Size: 0x77240000 ( 1.86 Gb ), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:37:41.0421 0x030c ============================================================
12:37:41.0421 0x030c \Device\Harddisk0\DR0:
12:37:41.0421 0x030c MBR partitions:
12:37:41.0421 0x030c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
12:37:41.0421 0x030c \Device\Harddisk1\DR1:
12:37:41.0421 0x030c MBR partitions:
12:37:41.0421 0x030c \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0xC28, BlocksNum 0x1CE73D8
12:37:41.0421 0x030c \Device\Harddisk2\DR2:
12:37:41.0421 0x030c MBR partitions:
12:37:41.0421 0x030c \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3B91E0
12:37:41.0421 0x030c ============================================================
12:37:41.0546 0x030c C: <-> \Device\Harddisk0\DR0\Partition1
12:37:41.0655 0x030c ============================================================
12:37:41.0655 0x030c Initialize success
12:37:41.0655 0x030c ============================================================
12:38:23.0743 0x044c ============================================================
12:38:23.0743 0x044c Scan started
12:38:23.0743 0x044c Mode: Manual; SigCheck; TDLFS;
12:38:23.0743 0x044c ============================================================
12:38:23.0743 0x044c KSN ping started
12:38:26.0847 0x044c KSN ping finished: true
12:38:29.0140 0x044c ================ Scan system memory ========================
12:38:29.0140 0x044c System memory - ok
12:38:29.0140 0x044c ================ Scan services =============================
12:38:29.0484 0x044c [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:38:29.0811 0x044c 1394ohci - ok
12:38:29.0889 0x044c [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:38:29.0983 0x044c ACPI - ok
12:38:30.0076 0x044c [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:38:30.0217 0x044c AcpiPmi - ok
12:38:30.0295 0x044c [ 45D8E2A2D8B9F33C32A7ADB6900C6E04, 45E4866FCA09C9C5B9C740ED99990F02E5838BE496A3EDDB66C60016BC6821E3 ] acsock C:\Windows\system32\DRIVERS\acsock.sys
12:38:30.0373 0x044c acsock - ok
12:38:30.0544 0x044c [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:38:30.0607 0x044c AdobeARMservice - ok
12:38:30.0732 0x044c [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:38:30.0810 0x044c AdobeFlashPlayerUpdateSvc - ok
12:38:31.0044 0x044c [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:38:31.0231 0x044c adp94xx - ok
12:38:31.0293 0x044c [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:38:31.0402 0x044c adpahci - ok
12:38:31.0449 0x044c [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:38:31.0512 0x044c adpu320 - ok
12:38:31.0574 0x044c [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:38:31.0683 0x044c AeLookupSvc - ok
12:38:31.0808 0x044c [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
12:38:32.0011 0x044c AFD - ok
12:38:32.0073 0x044c [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:38:32.0120 0x044c agp440 - ok
12:38:32.0151 0x044c [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:38:32.0214 0x044c aic78xx - ok
12:38:32.0323 0x044c [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
12:38:32.0432 0x044c ALG - ok
12:38:32.0510 0x044c [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
12:38:32.0541 0x044c aliide - ok
12:38:32.0650 0x044c [ 17806DC9487A0731F82D7B81A2C3287C, 52C7767DE29EAE1EBE252D51C5FAAD9B0F90286311D72D9B5BCD458165694AD5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:38:32.0838 0x044c AMD External Events Utility - ok
12:38:32.0916 0x044c AMD FUEL Service - ok
12:38:32.0978 0x044c [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:38:33.0025 0x044c amdagp - ok
12:38:33.0087 0x044c [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
12:38:33.0134 0x044c amdide - ok
12:38:33.0196 0x044c [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:38:33.0321 0x044c AmdK8 - ok
12:38:34.0429 0x044c [ 1FDC2B137008627BD11195706231EEF6, B93F675591B5DBE25FAD5BE694DFFB7171AD38C89EA7EBEAC48AF87A7308E3D9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:38:35.0536 0x044c amdkmdag - ok
12:38:35.0692 0x044c [ 5FF6ADC3DE4FFF320FFB1DD53850602F, 32EB51EDD43F1BE4561A9E4C42B7C06DBD38DCCB23F35055961F97F646F1834F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:38:35.0848 0x044c amdkmdap - ok
12:38:35.0926 0x044c [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:38:35.0989 0x044c AmdPPM - ok
12:38:36.0051 0x044c [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:38:36.0129 0x044c amdsata - ok
12:38:36.0207 0x044c [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:38:36.0363 0x044c amdsbs - ok
12:38:36.0394 0x044c [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:38:36.0441 0x044c amdxata - ok
12:38:36.0691 0x044c [ 974BE61841F40CB97E246CF31EA0A000, 492E6FAC75217A72ABEF1D5F2CBA7E323185ECBF6A967A59E5315617D19EDDB5 ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
12:38:36.0878 0x044c AntiVirFirewallService - ok
12:38:37.0050 0x044c [ 801215F402C68216BD7E5F6128DC764D, 4F2F5053345287008603470E31C4A242BE01BB4A55ADDF6BCE08DBE9DE1C3D5B ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
12:38:37.0174 0x044c AntiVirMailService - ok
12:38:37.0284 0x044c [ 9708BCD38FADEAD51D77D072DA79D9FC, 4DAC060C284D9763F900BFED6B806D4C9178CE07CF7E4462B336BAB8758B89F9 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:38:37.0377 0x044c AntiVirSchedulerService - ok
12:38:37.0471 0x044c [ 9708BCD38FADEAD51D77D072DA79D9FC, 4DAC060C284D9763F900BFED6B806D4C9178CE07CF7E4462B336BAB8758B89F9 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:38:37.0689 0x044c AntiVirService - ok
12:38:37.0845 0x044c [ 40FBBB5DD691C0125AF02658A80B4D89, A0BCABF0DCE0C1D9CCDE2A29C2FC0AEEA09F78900FC3003587973ABC52705D09 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
12:38:38.0017 0x044c AntiVirWebService - ok
12:38:38.0095 0x044c [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID C:\Windows\system32\drivers\appid.sys
12:38:38.0204 0x044c AppID - ok
12:38:38.0251 0x044c [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:38:38.0329 0x044c AppIDSvc - ok
12:38:38.0376 0x044c [ 530195DA0D84D9855020F2B80D6B267F, AB36F05991530437C7B3F25441B13BC085000F07579964A4CCA0BF029DD6DE7E ] Appinfo C:\Windows\System32\appinfo.dll
12:38:38.0485 0x044c Appinfo - ok
12:38:38.0547 0x044c [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
12:38:38.0688 0x044c AppMgmt - ok
12:38:38.0734 0x044c [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:38:38.0781 0x044c arc - ok
12:38:38.0812 0x044c [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:38:38.0875 0x044c arcsas - ok
12:38:39.0015 0x044c aspnet_state - ok
12:38:39.0046 0x044c [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:38:39.0343 0x044c AsyncMac - ok
12:38:39.0390 0x044c [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
12:38:39.0436 0x044c atapi - ok
12:38:39.0702 0x044c [ 235056492F54268883CE3DEA3ACB9997, 1526FA3F943A0148D79B29295DFF15BB8A16B201D4B10244EBF0A4C95FBDD61C ] athr C:\Windows\system32\DRIVERS\athr.sys
12:38:40.0092 0x044c athr - ok
12:38:40.0232 0x044c [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:38:40.0372 0x044c AudioEndpointBuilder - ok
12:38:40.0435 0x044c [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:38:40.0544 0x044c Audiosrv - ok
12:38:40.0638 0x044c [ 662ECAEC0FAE2C2069B75EF8A762BE87, 707B26ACF83D5E1CDDAF3102F7294F3BCEB026ECF4C1C4A745E83ED22F196E70 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys
12:38:40.0684 0x044c avfwim - ok
12:38:40.0762 0x044c [ E4DC0228AB7492086B96FCC8298CF3B6, 5CB0ACC01F7F8B8B24365B2E0A7699A453235523E67A8D39BC8615B541D7F5B0 ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys
12:38:40.0825 0x044c avfwot - ok
12:38:40.0872 0x044c [ 0FFC36573D7541155F84AC8F8F9D87A6, 50CE44B544CF365C4E99133C69582154C58DEB263892E3EF02C9886C8D652F60 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:38:40.0934 0x044c avgntflt - ok
12:38:40.0965 0x044c [ B9D3418110A6B4EAADCB2BD1A8CEC617, 2252E518FB0A69699ECF7A940A20E9D77822F7FF7CE14FE5E30E4DDB34546D56 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:38:41.0043 0x044c avipbb - ok
12:38:41.0074 0x044c [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:38:41.0121 0x044c avkmgr - ok
12:38:41.0199 0x044c [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:38:41.0340 0x044c AxInstSV - ok
12:38:41.0636 0x044c [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:38:41.0886 0x044c b06bdrv - ok
12:38:41.0964 0x044c [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:38:42.0073 0x044c b57nd60x - ok
12:38:42.0166 0x044c [ 9FBA01A3989BB0B8F739C5598502D497, 8A598EACC3F6476D430DFF3740E04C2DD64FCED0114E6A8080E7948D0F0325AF ] BazisVirtualCDBus C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
12:38:42.0229 0x044c BazisVirtualCDBus - ok
12:38:42.0291 0x044c [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
12:38:42.0400 0x044c BDESVC - ok
12:38:42.0447 0x044c [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
12:38:42.0572 0x044c Beep - ok
12:38:42.0681 0x044c [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
12:38:42.0837 0x044c BFE - ok
12:38:42.0931 0x044c [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
12:38:43.0258 0x044c BITS - ok
12:38:43.0305 0x044c [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:38:43.0352 0x044c blbdrive - ok
12:38:43.0430 0x044c [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:38:43.0555 0x044c bowser - ok
12:38:43.0602 0x044c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:38:43.0773 0x044c BrFiltLo - ok
12:38:43.0804 0x044c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:38:43.0882 0x044c BrFiltUp - ok
12:38:43.0929 0x044c [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
12:38:44.0054 0x044c Browser - ok
12:38:44.0148 0x044c [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:38:44.0304 0x044c Brserid - ok
12:38:44.0319 0x044c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:38:44.0382 0x044c BrSerWdm - ok
12:38:44.0413 0x044c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:38:44.0491 0x044c BrUsbMdm - ok
12:38:44.0538 0x044c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:38:44.0631 0x044c BrUsbSer - ok
12:38:44.0647 0x044c [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:38:44.0709 0x044c BTHMODEM - ok
12:38:44.0787 0x044c [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
12:38:44.0912 0x044c bthserv - ok
12:38:44.0943 0x044c [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:38:45.0084 0x044c cdfs - ok
12:38:45.0162 0x044c [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:38:45.0255 0x044c cdrom - ok
12:38:45.0318 0x044c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
12:38:45.0442 0x044c CertPropSvc - ok
12:38:45.0489 0x044c [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:38:45.0567 0x044c circlass - ok
12:38:45.0645 0x044c [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS C:\Windows\system32\CLFS.sys
12:38:45.0739 0x044c CLFS - ok
12:38:45.0832 0x044c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:38:45.0895 0x044c clr_optimization_v2.0.50727_32 - ok
12:38:45.0957 0x044c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:38:46.0020 0x044c clr_optimization_v4.0.30319_32 - ok
12:38:46.0066 0x044c [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:38:46.0176 0x044c CmBatt - ok
12:38:46.0207 0x044c [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:38:46.0254 0x044c cmdide - ok
12:38:46.0425 0x044c [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG C:\Windows\system32\Drivers\cng.sys
12:38:46.0581 0x044c CNG - ok
12:38:46.0628 0x044c [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:38:46.0675 0x044c Compbatt - ok
12:38:46.0815 0x044c [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:38:47.0080 0x044c CompositeBus - ok
12:38:47.0127 0x044c COMSysApp - ok
12:38:47.0158 0x044c [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:38:47.0205 0x044c crcdisk - ok
12:38:47.0268 0x044c [ 33F67BBCC3C0499D3F3382473114CFA8, FDDCC41CE005B7C1BEBB6F4ACA9A3F10E5972792ADFD7D294E70A0B781460981 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:38:47.0392 0x044c CryptSvc - ok
12:38:47.0486 0x044c [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
12:38:47.0751 0x044c CSC - ok
12:38:47.0845 0x044c [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
12:38:48.0048 0x044c CscService - ok
12:38:48.0126 0x044c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
12:38:48.0297 0x044c DcomLaunch - ok
12:38:48.0344 0x044c [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
12:38:48.0516 0x044c defragsvc - ok
12:38:48.0609 0x044c [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:38:48.0750 0x044c DfsC - ok
12:38:48.0828 0x044c [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:38:48.0984 0x044c Dhcp - ok
12:38:49.0171 0x044c [ 7AB2DE012C88870C9274E966EC88AB61, CE2098B152B9C039C29C0573C813BFBF13B2D2E6BEE83985374160884A817133 ] DiagTrack C:\Windows\system32\diagtrack.dll
12:38:49.0374 0x044c DiagTrack - ok
12:38:49.0420 0x044c [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
12:38:49.0545 0x044c discache - ok
12:38:49.0639 0x044c [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:38:49.0686 0x044c Disk - ok
12:38:49.0764 0x044c [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:38:49.0904 0x044c Dnscache - ok
12:38:49.0966 0x044c [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
12:38:50.0138 0x044c dot3svc - ok
12:38:50.0216 0x044c [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
12:38:50.0388 0x044c DPS - ok
12:38:50.0481 0x044c [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:38:50.0528 0x044c drmkaud - ok
12:38:50.0622 0x044c [ B2C3F71B86E25C3DF78339DDB40A7562, E8B821B0F9DE213C9C5115FDCE3C59F98CB6C4015B3E4A1F96387C81E3EBA56A ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
12:38:50.0715 0x044c dsNcAdpt - ok
12:38:50.0871 0x044c [ 5538EED60DC1BC13E9E534D067CC0F40, 2E4A400502B05F3CD6210BE32A0DE7D8B2566D7BCC449773F814BC770C4AF6AA ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
12:38:50.0996 0x044c dsNcService - ok
12:38:51.0105 0x044c [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:38:51.0261 0x044c DXGKrnl - ok
12:38:51.0339 0x044c [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
12:38:51.0464 0x044c EapHost - ok
12:38:51.0823 0x044c [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:38:52.0306 0x044c ebdrv - ok
12:38:52.0369 0x044c [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] EFS C:\Windows\System32\lsass.exe
12:38:52.0462 0x044c EFS - ok
12:38:52.0603 0x044c [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:38:52.0806 0x044c ehRecvr - ok
12:38:52.0837 0x044c [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
12:38:52.0946 0x044c ehSched - ok
12:38:53.0055 0x044c [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:38:53.0196 0x044c elxstor - ok
12:38:53.0258 0x044c [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:38:53.0336 0x044c ErrDev - ok
12:38:53.0445 0x044c [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
12:38:53.0632 0x044c EventSystem - ok
12:38:53.0679 0x044c [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
12:38:53.0851 0x044c exfat - ok
12:38:53.0882 0x044c [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:38:54.0022 0x044c fastfat - ok
12:38:54.0147 0x044c [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
12:38:54.0334 0x044c Fax - ok
12:38:54.0381 0x044c [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:38:54.0475 0x044c fdc - ok
12:38:54.0553 0x044c [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
12:38:54.0724 0x044c fdPHost - ok
12:38:54.0756 0x044c [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
12:38:54.0912 0x044c FDResPub - ok
12:38:54.0958 0x044c [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:38:55.0021 0x044c FileInfo - ok
12:38:55.0068 0x044c [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:38:55.0192 0x044c Filetrace - ok
12:38:55.0224 0x044c [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:38:55.0286 0x044c flpydisk - ok
12:38:55.0380 0x044c [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:38:55.0489 0x044c FltMgr - ok
12:38:55.0629 0x044c [ 37DE123FE4276D8EC7F3C5B10C236238, 93CA47B9A96D904DD177FC0E04DECDF13756C8FA3C7613913DB4BF29A70ECE96 ] FontCache C:\Windows\system32\FntCache.dll
12:38:55.0801 0x044c FontCache - ok
12:38:55.0894 0x044c [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:38:55.0941 0x044c FontCache3.0.0.0 - ok
12:38:55.0972 0x044c [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:38:56.0019 0x044c FsDepends - ok
12:38:56.0066 0x044c [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:38:56.0113 0x044c Fs_Rec - ok
12:38:56.0191 0x044c [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:38:56.0284 0x044c fvevol - ok
12:38:56.0331 0x044c [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:38:56.0378 0x044c gagp30kx - ok
12:38:56.0487 0x044c [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
12:38:56.0659 0x044c gpsvc - ok
12:38:56.0706 0x044c [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:38:56.0799 0x044c hcw85cir - ok
12:38:56.0940 0x044c [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:38:57.0096 0x044c HdAudAddService - ok
12:38:57.0158 0x044c [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:38:57.0252 0x044c HDAudBus - ok
12:38:57.0298 0x044c [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:38:57.0408 0x044c HidBatt - ok
12:38:57.0454 0x044c [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:38:57.0548 0x044c HidBth - ok
12:38:57.0595 0x044c [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:38:57.0673 0x044c HidIr - ok
12:38:57.0751 0x044c [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
12:38:57.0876 0x044c hidserv - ok
12:38:57.0954 0x044c [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:38:58.0063 0x044c HidUsb - ok
12:38:58.0141 0x044c [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
12:38:58.0250 0x044c hkmsvc - ok
12:38:58.0359 0x044c [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:38:58.0546 0x044c HomeGroupListener - ok
12:38:58.0624 0x044c [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:38:58.0734 0x044c HomeGroupProvider - ok
12:38:58.0796 0x044c [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:38:58.0890 0x044c HpSAMD - ok
12:38:58.0983 0x044c [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:38:59.0155 0x044c HTTP - ok
12:38:59.0217 0x044c [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:38:59.0264 0x044c hwpolicy - ok
12:38:59.0342 0x044c [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:38:59.0420 0x044c i8042prt - ok
12:38:59.0482 0x044c [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:38:59.0576 0x044c iaStorV - ok
12:38:59.0732 0x044c [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:38:59.0904 0x044c idsvc - ok
12:38:59.0935 0x044c IEEtwCollectorService - ok
12:38:59.0966 0x044c [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:39:00.0028 0x044c iirsp - ok
12:39:00.0169 0x044c [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
12:39:00.0340 0x044c IKEEXT - ok
12:39:00.0403 0x044c [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
12:39:00.0450 0x044c intelide - ok
12:39:00.0496 0x044c [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:39:00.0559 0x044c intelppm - ok
12:39:00.0606 0x044c [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:39:00.0715 0x044c IPBusEnum - ok
12:39:00.0762 0x044c [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:39:00.0871 0x044c IpFilterDriver - ok
12:39:00.0964 0x044c [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:39:01.0105 0x044c iphlpsvc - ok
12:39:01.0167 0x044c [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:39:01.0261 0x044c IPMIDRV - ok
12:39:01.0308 0x044c [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:39:01.0448 0x044c IPNAT - ok
12:39:01.0495 0x044c [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:39:01.0620 0x044c IRENUM - ok
12:39:01.0713 0x044c [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:39:01.0760 0x044c isapnp - ok
12:39:01.0869 0x044c [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:39:01.0994 0x044c iScsiPrt - ok
12:39:02.0041 0x044c [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:39:02.0088 0x044c kbdclass - ok
12:39:02.0150 0x044c [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:39:02.0228 0x044c kbdhid - ok
12:39:02.0259 0x044c [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] KeyIso C:\Windows\system32\lsass.exe
12:39:02.0322 0x044c KeyIso - ok
12:39:02.0384 0x044c [ 48732BFA0C692BEC15DBBFE754E594C6, A39DD1181CF51534C18C2ECFE02E961363769482BAF9F206E57B014C5B246921 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:39:02.0431 0x044c KSecDD - ok
12:39:02.0493 0x044c [ 46B1F590C06AF25BCADCCAE0148C2074, 62447A906E5D7D20B3955A1EF99C971F1E0522A7D68C3D2C88EF174A5A5ECD29 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:39:02.0571 0x044c KSecPkg - ok
12:39:02.0649 0x044c [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:39:02.0821 0x044c KtmRm - ok
12:39:02.0868 0x044c [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:39:03.0024 0x044c LanmanServer - ok
12:39:03.0086 0x044c [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:39:03.0195 0x044c LanmanWorkstation - ok
12:39:03.0304 0x044c [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:39:03.0398 0x044c lltdio - ok
12:39:03.0460 0x044c [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:39:03.0679 0x044c lltdsvc - ok
12:39:03.0726 0x044c [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:39:03.0850 0x044c lmhosts - ok
12:39:03.0913 0x044c [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:39:03.0960 0x044c LSI_FC - ok
12:39:04.0006 0x044c [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:39:04.0038 0x044c LSI_SAS - ok
12:39:04.0084 0x044c [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:39:04.0116 0x044c LSI_SAS2 - ok
12:39:04.0147 0x044c [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:39:04.0194 0x044c LSI_SCSI - ok
12:39:04.0225 0x044c [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
12:39:04.0350 0x044c luafv - ok
12:39:04.0443 0x044c [ B4CD87E78A01562E3DA67FE1C2779204, 536AC01C53A18E7B43F02F345FC3088C189A2D01F5E060714C0534FE7ECA2356 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:39:04.0474 0x044c MBAMProtector - ok
12:39:04.0755 0x044c [ 301E3FDFCF33640BB8763BA444BC5093, 362B069BB9A313A06B376CE27E6F7F8D569F6CA39A8ABC96D9DF231EE462C604 ] MBAMScheduler C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
12:39:05.0005 0x044c MBAMScheduler - ok
12:39:05.0130 0x044c [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
12:39:05.0317 0x044c MBAMService - ok
12:39:05.0364 0x044c [ 490F0F3ED8A970E2BAA38F719242B8F7, 03F902365372639424AB654AEBF6EB2B6B73363275435ADC2D086EAA7112AC3D ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
12:39:05.0410 0x044c MBAMWebAccessControl - ok
12:39:05.0473 0x044c [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:39:05.0535 0x044c Mcx2Svc - ok
12:39:05.0582 0x044c [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:39:05.0629 0x044c megasas - ok
12:39:05.0676 0x044c [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:39:05.0769 0x044c MegaSR - ok
12:39:05.0925 0x044c [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:39:06.0019 0x044c Microsoft Office Groove Audit Service - ok
12:39:06.0066 0x044c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
12:39:06.0206 0x044c MMCSS - ok
12:39:06.0253 0x044c [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
12:39:06.0378 0x044c Modem - ok
12:39:06.0440 0x044c [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:39:06.0518 0x044c monitor - ok
12:39:06.0596 0x044c [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:39:06.0643 0x044c mouclass - ok
12:39:06.0674 0x044c [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:39:06.0768 0x044c mouhid - ok
12:39:06.0814 0x044c [ BAD9C0366134BA181514E9263C8CE606, 7976B2D3DC283ACDBC21C7D197C0E2A650E6555F6569283302766B17D736BDB8 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:39:06.0877 0x044c mountmgr - ok
12:39:06.0986 0x044c [ CC11EEB7AF4617D65DF0E9A21FC1ABD0, A683A5FB26E1B9FB4EEB40A9C7186F8433E3FB0A45848DF6102EF07B4DC75AC8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:39:07.0064 0x044c MozillaMaintenance - ok
12:39:07.0142 0x044c [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
12:39:07.0204 0x044c mpio - ok
12:39:07.0236 0x044c [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:39:07.0360 0x044c mpsdrv - ok
12:39:07.0454 0x044c [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:39:07.0672 0x044c MpsSvc - ok
12:39:07.0719 0x044c [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:39:07.0844 0x044c MRxDAV - ok
12:39:07.0906 0x044c [ FEDAAB6716B44DE8B9EFC14DD9A26215, 765890CDEADF6851C5C9014D12422733D7E7833690F560B94AE2BE9E7E08F130 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:39:08.0000 0x044c mrxsmb - ok
12:39:08.0094 0x044c [ 77DD652AB8708CDB55FDB7073B868784, AC88E2BFFE3EC62269216FD1B52DA8D85AFD0AF3E69B7B876F531258977BA372 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:39:08.0172 0x044c mrxsmb10 - ok
12:39:08.0218 0x044c [ 4ACDB6414918D8920875B00B286E1FBC, 404F5AC75DFD7C5CEF08A8D2FC24CD806941BF2B16FF7BC3BECBEABCBFA1B64A ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:39:08.0281 0x044c mrxsmb20 - ok
12:39:08.0343 0x044c [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
12:39:08.0406 0x044c msahci - ok
12:39:08.0515 0x044c [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:39:08.0577 0x044c msdsm - ok
12:39:08.0655 0x044c [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
12:39:08.0764 0x044c MSDTC - ok
12:39:08.0827 0x044c [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:39:08.0936 0x044c Msfs - ok
12:39:08.0952 0x044c [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:39:09.0076 0x044c mshidkmdf - ok
12:39:09.0108 0x044c [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:39:09.0154 0x044c msisadrv - ok
12:39:09.0232 0x044c [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:39:09.0357 0x044c MSiSCSI - ok
12:39:09.0373 0x044c msiserver - ok
12:39:09.0435 0x044c [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:39:09.0576 0x044c MSKSSRV - ok
12:39:09.0622 0x044c [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:39:09.0716 0x044c MSPCLOCK - ok
12:39:09.0747 0x044c [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:39:09.0856 0x044c MSPQM - ok
12:39:09.0888 0x044c [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:39:09.0950 0x044c MsRPC - ok
12:39:09.0997 0x044c [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:39:10.0044 0x044c mssmbios - ok
12:39:10.0059 0x044c [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:39:10.0168 0x044c MSTEE - ok
12:39:10.0200 0x044c [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:39:10.0324 0x044c MTConfig - ok
12:39:10.0356 0x044c [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
12:39:10.0402 0x044c Mup - ok
12:39:10.0480 0x044c [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
12:39:10.0668 0x044c napagent - ok
12:39:10.0746 0x044c [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:39:10.0886 0x044c NativeWifiP - ok
12:39:11.0026 0x044c [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:39:11.0167 0x044c NDIS - ok
12:39:11.0198 0x044c [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:39:11.0338 0x044c NdisCap - ok
12:39:11.0370 0x044c [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:39:11.0541 0x044c NdisTapi - ok
12:39:11.0650 0x044c [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:39:11.0728 0x044c Ndisuio - ok
12:39:11.0791 0x044c [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:39:11.0916 0x044c NdisWan - ok
12:39:11.0994 0x044c [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:39:12.0103 0x044c NDProxy - ok
12:39:12.0165 0x044c [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:39:12.0337 0x044c NetBIOS - ok
12:39:12.0399 0x044c [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:39:12.0524 0x044c NetBT - ok
12:39:12.0571 0x044c [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] Netlogon C:\Windows\system32\lsass.exe
12:39:12.0664 0x044c Netlogon - ok
12:39:12.0774 0x044c [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
12:39:12.0976 0x044c Netman - ok
12:39:13.0070 0x044c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:39:13.0164 0x044c NetMsmqActivator - ok
12:39:13.0195 0x044c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:39:13.0257 0x044c NetPipeActivator - ok
12:39:13.0304 0x044c [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
12:39:13.0600 0x044c netprofm - ok
12:39:13.0678 0x044c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:39:13.0788 0x044c NetTcpActivator - ok
12:39:13.0866 0x044c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:39:13.0959 0x044c NetTcpPortSharing - ok
12:39:14.0053 0x044c [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:39:14.0115 0x044c nfrd960 - ok
12:39:14.0209 0x044c [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:39:14.0380 0x044c NlaSvc - ok
12:39:14.0427 0x044c [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:39:14.0552 0x044c Npfs - ok
12:39:14.0614 0x044c [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
12:39:14.0739 0x044c nsi - ok
12:39:14.0770 0x044c [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:39:14.0880 0x044c nsiproxy - ok
12:39:15.0098 0x044c [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:39:15.0348 0x044c Ntfs - ok
12:39:15.0363 0x044c [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
12:39:15.0457 0x044c Null - ok
12:39:15.0550 0x044c [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:39:15.0597 0x044c nvraid - ok
12:39:15.0675 0x044c [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:39:15.0738 0x044c nvstor - ok
12:39:15.0800 0x044c [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:39:15.0847 0x044c nv_agp - ok
12:39:16.0018 0x044c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:39:16.0143 0x044c odserv - ok
12:39:16.0206 0x044c [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:39:16.0299 0x044c ohci1394 - ok
12:39:16.0362 0x044c [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:39:16.0424 0x044c ose - ok
12:39:16.0518 0x044c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:39:16.0705 0x044c p2pimsvc - ok
12:39:16.0767 0x044c [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
12:39:16.0908 0x044c p2psvc - ok
12:39:16.0970 0x044c [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:39:17.0064 0x044c Parport - ok
12:39:17.0110 0x044c [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:39:17.0157 0x044c partmgr - ok
12:39:17.0204 0x044c [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:39:17.0282 0x044c Parvdm - ok
12:39:17.0376 0x044c [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc C:\Windows\System32\pcasvc.dll
12:39:17.0500 0x044c PcaSvc - ok
12:39:17.0547 0x044c [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
12:39:17.0625 0x044c pci - ok
12:39:17.0703 0x044c [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
12:39:17.0750 0x044c pciide - ok
12:39:17.0797 0x044c [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:39:17.0859 0x044c pcmcia - ok
12:39:17.0906 0x044c [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
12:39:17.0953 0x044c pcw - ok
12:39:18.0062 0x044c [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:39:18.0202 0x044c PEAUTH - ok
12:39:18.0343 0x044c [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:39:18.0592 0x044c PeerDistSvc - ok
12:39:18.0858 0x044c [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
12:39:19.0170 0x044c pla - ok
12:39:19.0294 0x044c [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:39:19.0466 0x044c PlugPlay - ok
12:39:19.0528 0x044c [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:39:19.0622 0x044c PNRPAutoReg - ok
12:39:19.0684 0x044c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:39:19.0747 0x044c PNRPsvc - ok
12:39:19.0840 0x044c [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:39:19.0981 0x044c PolicyAgent - ok
12:39:20.0043 0x044c [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
12:39:20.0184 0x044c Power - ok
12:39:20.0215 0x044c [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:39:20.0355 0x044c PptpMiniport - ok
12:39:20.0402 0x044c [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:39:20.0480 0x044c Processor - ok
12:39:20.0574 0x044c [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll
12:39:20.0714 0x044c ProfSvc - ok
12:39:20.0745 0x044c [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] ProtectedStorage C:\Windows\system32\lsass.exe
12:39:20.0792 0x044c ProtectedStorage - ok
12:39:20.0854 0x044c [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:39:20.0964 0x044c Psched - ok
12:39:21.0135 0x044c [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:39:21.0369 0x044c ql2300 - ok
12:39:21.0416 0x044c [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:39:21.0478 0x044c ql40xx - ok
12:39:21.0541 0x044c [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
12:39:21.0681 0x044c QWAVE - ok
12:39:21.0712 0x044c [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:39:21.0806 0x044c QWAVEdrv - ok
12:39:21.0853 0x044c [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:39:21.0978 0x044c RasAcd - ok
12:39:22.0056 0x044c [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:39:22.0180 0x044c RasAgileVpn - ok
12:39:22.0243 0x044c [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
12:39:22.0368 0x044c RasAuto - ok
12:39:22.0414 0x044c [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:39:22.0539 0x044c Rasl2tp - ok
12:39:22.0648 0x044c [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
12:39:22.0820 0x044c RasMan - ok
12:39:22.0867 0x044c [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:39:23.0023 0x044c RasPppoe - ok
12:39:23.0132 0x044c [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:39:23.0257 0x044c RasSstp - ok
12:39:23.0335 0x044c [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:39:23.0522 0x044c rdbss - ok
12:39:23.0631 0x044c [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:39:23.0740 0x044c rdpbus - ok
12:39:23.0803 0x044c [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:39:23.0896 0x044c RDPCDD - ok
12:39:23.0974 0x044c [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:39:24.0068 0x044c RDPDR - ok
12:39:24.0099 0x044c [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:39:24.0208 0x044c RDPENCDD - ok
12:39:24.0286 0x044c [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:39:24.0427 0x044c RDPREFMP - ok
12:39:24.0583 0x044c [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:39:24.0661 0x044c RdpVideoMiniport - ok
12:39:24.0723 0x044c [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:39:24.0848 0x044c RDPWD - ok
12:39:24.0942 0x044c [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:39:25.0035 0x044c rdyboost - ok
12:39:25.0082 0x044c [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:39:25.0222 0x044c RemoteAccess - ok
12:39:25.0285 0x044c [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:39:25.0425 0x044c RemoteRegistry - ok
12:39:25.0488 0x044c [ F17713D108ACA124A139FDE877EEF68A, AB254B8B4BDB10685280A8595CA69FEA2F1E68923E676C8CAF3F5468AE4C566E ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
12:39:25.0581 0x044c RimUsb - ok
12:39:25.0612 0x044c [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:39:25.0722 0x044c RpcEptMapper - ok
12:39:25.0768 0x044c [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
12:39:25.0862 0x044c RpcLocator - ok
12:39:25.0971 0x044c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
12:39:26.0174 0x044c RpcSs - ok
12:39:26.0268 0x044c [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:39:26.0392 0x044c rspndr - ok
12:39:26.0470 0x044c [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:39:26.0517 0x044c s3cap - ok
12:39:26.0548 0x044c [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] SamSs C:\Windows\system32\lsass.exe
12:39:26.0626 0x044c SamSs - ok
12:39:26.0689 0x044c [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:39:26.0751 0x044c sbp2port - ok
12:39:26.0814 0x044c [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:39:26.0985 0x044c SCardSvr - ok
12:39:27.0016 0x044c [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:39:27.0172 0x044c scfilter - ok
12:39:27.0297 0x044c [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
12:39:27.0500 0x044c Schedule - ok
12:39:27.0547 0x044c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:39:27.0656 0x044c SCPolicySvc - ok
12:39:27.0703 0x044c [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:39:27.0828 0x044c SDRSVC - ok
12:39:27.0874 0x044c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:39:27.0984 0x044c secdrv - ok
12:39:28.0030 0x044c [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
12:39:28.0171 0x044c seclogon - ok
12:39:28.0218 0x044c [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
12:39:28.0374 0x044c SENS - ok
12:39:28.0420 0x044c [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:39:28.0514 0x044c SensrSvc - ok
12:39:28.0545 0x044c [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:39:28.0623 0x044c Serenum - ok
12:39:28.0670 0x044c [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:39:28.0748 0x044c Serial - ok
12:39:28.0795 0x044c [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:39:28.0857 0x044c sermouse - ok
12:39:28.0951 0x044c [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
12:39:29.0076 0x044c SessionEnv - ok
12:39:29.0122 0x044c [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:39:29.0185 0x044c sffdisk - ok
12:39:29.0216 0x044c [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:39:29.0325 0x044c sffp_mmc - ok
12:39:29.0356 0x044c [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:39:29.0450 0x044c sffp_sd - ok
12:39:29.0497 0x044c [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:39:29.0559 0x044c sfloppy - ok
12:39:29.0622 0x044c [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:39:29.0793 0x044c SharedAccess - ok
12:39:29.0887 0x044c [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:39:30.0027 0x044c ShellHWDetection - ok
12:39:30.0105 0x044c [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:39:30.0168 0x044c sisagp - ok
12:39:30.0214 0x044c [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:39:30.0261 0x044c SiSRaid2 - ok
12:39:30.0308 0x044c [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:39:30.0355 0x044c SiSRaid4 - ok
12:39:30.0526 0x044c [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:39:30.0636 0x044c SkypeUpdate - ok
12:39:30.0729 0x044c [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:39:30.0870 0x044c Smb - ok
12:39:31.0010 0x044c [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:39:31.0072 0x044c SNMPTRAP - ok
12:39:31.0275 0x044c [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
12:39:31.0322 0x044c spldr - ok
12:39:31.0400 0x044c [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
12:39:31.0556 0x044c Spooler - ok
12:39:31.0930 0x044c [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
12:39:32.0383 0x044c sppsvc - ok
12:39:32.0461 0x044c [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:39:32.0570 0x044c sppuinotify - ok
12:39:32.0648 0x044c [ 4E636465A8653BA3BF29F929AA578E6F, 8D9F0BD9661578C98310317465E995448BED8F49D55EA74E7E60F6775075A98E ] srv C:\Windows\system32\DRIVERS\srv.sys
12:39:32.0788 0x044c srv - ok
12:39:32.0835 0x044c [ 4E4E17A3865F650EE8C67726872D9431, F03E73BB3A1C4C5D821AE09EF4F7A159E5681D640AB52137BBD3A0A4969597DF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:39:32.0929 0x044c srv2 - ok
12:39:32.0991 0x044c [ 1346DFF5BE932939997D373D61A35626, D05312260BC5BC6F114EE173511D348145B7AAB4DB8562640C4090031B706EAD ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:39:33.0085 0x044c srvnet - ok
12:39:33.0147 0x044c [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:39:33.0319 0x044c SSDPSRV - ok
12:39:33.0381 0x044c [ 11587A49B8755243ED4A0963A3EED0B8, 0F387C159FB68C0E373266B775122343A13F5A4AAE81875C2728AF49BCBEB0C7 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
12:39:33.0428 0x044c ssmdrv - ok
12:39:33.0459 0x044c [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:39:33.0568 0x044c SstpSvc - ok
12:39:33.0615 0x044c [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:39:33.0662 0x044c stexstor - ok
12:39:33.0771 0x044c [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
12:39:33.0912 0x044c StiSvc - ok
12:39:33.0958 0x044c [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:39:34.0005 0x044c storflt - ok
12:39:34.0036 0x044c [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
12:39:34.0099 0x044c StorSvc - ok
12:39:34.0146 0x044c [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:39:34.0192 0x044c storvsc - ok
12:39:34.0224 0x044c [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
12:39:34.0270 0x044c swenum - ok
12:39:34.0348 0x044c [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
12:39:34.0536 0x044c swprv - ok
12:39:34.0692 0x044c [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain C:\Windows\system32\sysmain.dll
12:39:34.0957 0x044c SysMain - ok
12:39:35.0019 0x044c [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
12:39:35.0128 0x044c TabletInputService - ok
12:39:35.0222 0x044c [ 11D34FC869F5BDA29949FE3858380894, 07147942CEE61570653D617B42C90ABCABF55C690A162E2B3C89EF6BD4C32E89 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
12:39:35.0316 0x044c tap0901 - ok
12:39:35.0394 0x044c [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
12:39:35.0565 0x044c TapiSrv - ok
12:39:35.0612 0x044c [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
12:39:35.0752 0x044c TBS - ok
12:39:35.0908 0x044c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:39:36.0158 0x044c Tcpip - ok
12:39:36.0314 0x044c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:39:36.0486 0x044c TCPIP6 - ok
12:39:36.0564 0x044c [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:39:36.0642 0x044c tcpipreg - ok
12:39:36.0688 0x044c [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:39:36.0798 0x044c TDPIPE - ok
12:39:36.0829 0x044c [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:39:36.0891 0x044c TDTCP - ok
12:39:36.0938 0x044c [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:39:37.0047 0x044c tdx - ok
12:39:37.0110 0x044c [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:39:37.0156 0x044c TermDD - ok
12:39:37.0266 0x044c [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
12:39:37.0453 0x044c TermService - ok
12:39:37.0500 0x044c [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
12:39:37.0593 0x044c Themes - ok
12:39:37.0640 0x044c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
12:39:37.0749 0x044c THREADORDER - ok
12:39:37.0796 0x044c [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
12:39:37.0936 0x044c TrkWks - ok
12:39:38.0046 0x044c [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:39:38.0186 0x044c TrustedInstaller - ok
12:39:38.0264 0x044c [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:39:38.0311 0x044c tssecsrv - ok
12:39:38.0404 0x044c [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:39:38.0514 0x044c TsUsbFlt - ok
12:39:38.0592 0x044c [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:39:38.0716 0x044c tunnel - ok
12:39:38.0763 0x044c [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:39:38.0826 0x044c uagp35 - ok
12:39:38.0904 0x044c [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:39:39.0075 0x044c udfs - ok
12:39:39.0138 0x044c [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:39:39.0200 0x044c UI0Detect - ok
12:39:39.0247 0x044c [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:39:39.0309 0x044c uliagpkx - ok
12:39:39.0372 0x044c [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
12:39:39.0450 0x044c umbus - ok
12:39:39.0512 0x044c [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:39:39.0590 0x044c UmPass - ok
12:39:39.0652 0x044c [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
12:39:39.0777 0x044c UmRdpService - ok
12:39:39.0855 0x044c [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
12:39:40.0042 0x044c upnphost - ok
12:39:40.0105 0x044c [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:39:40.0167 0x044c usbccgp - ok
12:39:40.0230 0x044c [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:39:40.0308 0x044c usbcir - ok
12:39:40.0323 0x044c [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:39:40.0401 0x044c usbehci - ok
12:39:40.0479 0x044c [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:39:40.0604 0x044c usbhub - ok
12:39:40.0666 0x044c [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:39:40.0729 0x044c usbohci - ok
12:39:40.0791 0x044c [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:39:40.0869 0x044c usbprint - ok
12:39:40.0963 0x044c [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:39:41.0025 0x044c usbscan - ok
12:39:41.0088 0x044c [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:39:41.0166 0x044c USBSTOR - ok
12:39:41.0212 0x044c [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:39:41.0290 0x044c usbuhci - ok
12:39:41.0353 0x044c [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:39:41.0446 0x044c usbvideo - ok
12:39:41.0493 0x044c [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
12:39:41.0618 0x044c UxSms - ok
12:39:41.0649 0x044c [ 3AD57B7A84035A05079226D1DE47E771, 4DABE420AB2CDAA1D7214B2569DA4AF335E49D31731CBE91DC18B450874F494B ] VaultSvc C:\Windows\system32\lsass.exe
12:39:41.0712 0x044c VaultSvc - ok
12:39:41.0758 0x044c [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:39:41.0805 0x044c vdrvroot - ok
12:39:41.0914 0x044c [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
12:39:42.0102 0x044c vds - ok
12:39:42.0148 0x044c [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:39:42.0242 0x044c vga - ok
12:39:42.0351 0x044c [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:39:42.0538 0x044c VgaSave - ok
12:39:43.0100 0x044c [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:39:43.0162 0x044c vhdmp - ok
12:39:43.0225 0x044c [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:39:43.0272 0x044c viaagp - ok
12:39:43.0303 0x044c [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:39:43.0381 0x044c ViaC7 - ok
12:39:43.0412 0x044c [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
12:39:43.0474 0x044c viaide - ok
12:39:43.0506 0x044c [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:39:43.0584 0x044c vmbus - ok
12:39:43.0599 0x044c [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:39:43.0662 0x044c VMBusHID - ok
12:39:43.0693 0x044c [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:39:43.0740 0x044c volmgr - ok
12:39:43.0786 0x044c [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:39:43.0896 0x044c volmgrx - ok
12:39:43.0942 0x044c [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:39:44.0036 0x044c volsnap - ok
12:39:44.0223 0x044c [ 80E63B86C40C5E067475DC98F845A6DD, A9B5211E1038DCDDB35D2E4496DDE455B8610933918E705A8323E3F283E98A8D ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
12:39:44.0301 0x044c vpnagent - ok
12:39:44.0348 0x044c [ EA39F36302DACBCDCDB113313718E768, BE26A4DA68D5A15047941215CFC6D687FEE3F56573DDABE21AD7176C1C79CC5F ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
12:39:44.0395 0x044c vpnva - ok
12:39:44.0442 0x044c [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:39:44.0520 0x044c vsmraid - ok
12:39:44.0660 0x044c [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
12:39:44.0925 0x044c VSS - ok
12:39:44.0956 0x044c [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:39:45.0050 0x044c vwifibus - ok
12:39:45.0081 0x044c [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:39:45.0159 0x044c vwififlt - ok
12:39:45.0206 0x044c [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
12:39:45.0393 0x044c W32Time - ok
12:39:45.0440 0x044c [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:39:45.0502 0x044c WacomPen - ok
12:39:45.0596 0x044c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:39:45.0705 0x044c WANARP - ok
12:39:45.0721 0x044c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:39:45.0814 0x044c Wanarpv6 - ok
12:39:45.0986 0x044c [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
12:39:46.0236 0x044c wbengine - ok
12:39:46.0298 0x044c [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:39:46.0438 0x044c WbioSrvc - ok
12:39:46.0516 0x044c [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:39:46.0641 0x044c wcncsvc - ok
12:39:46.0688 0x044c [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:39:46.0797 0x044c WcsPlugInService - ok
12:39:46.0844 0x044c [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:39:46.0891 0x044c Wd - ok
12:39:46.0984 0x044c [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:39:47.0109 0x044c Wdf01000 - ok
12:39:47.0172 0x044c [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:39:47.0281 0x044c WdiServiceHost - ok
12:39:47.0296 0x044c [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:39:47.0359 0x044c WdiSystemHost - ok
12:39:47.0437 0x044c [ 55C70654420DBF429604FD567E6F3CD3, 22191B049BCA76EF13AEDF8078E452E6B35E998A75AD63F14C542B541EA9F67D ] WebClient C:\Windows\System32\webclnt.dll
12:39:47.0546 0x044c WebClient - ok
12:39:47.0608 0x044c [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:39:47.0749 0x044c Wecsvc - ok
12:39:47.0780 0x044c [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:39:47.0920 0x044c wercplsupport - ok
12:39:47.0983 0x044c [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
12:39:48.0123 0x044c WerSvc - ok
12:39:48.0186 0x044c [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:39:48.0295 0x044c WfpLwf - ok
12:39:48.0310 0x044c [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:39:48.0357 0x044c WIMMount - ok
12:39:48.0498 0x044c [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:39:48.0654 0x044c WinDefend - ok
12:39:48.0685 0x044c WinHttpAutoProxySvc - ok
12:39:48.0778 0x044c [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:39:48.0919 0x044c Winmgmt - ok
12:39:49.0090 0x044c [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
12:39:49.0387 0x044c WinRM - ok
12:39:49.0465 0x044c [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
12:39:49.0543 0x044c WinUsb - ok
12:39:49.0652 0x044c [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:39:49.0870 0x044c Wlansvc - ok
12:39:49.0933 0x044c [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:39:49.0980 0x044c WmiAcpi - ok
12:39:50.0058 0x044c [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:39:50.0136 0x044c wmiApSrv - ok
12:39:50.0354 0x044c [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:39:50.0728 0x044c WMPNetworkSvc - ok
12:39:50.0775 0x044c [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:39:50.0838 0x044c WPCSvc - ok
12:39:50.0900 0x044c [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:39:50.0962 0x044c WPDBusEnum - ok
12:39:51.0009 0x044c [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:39:51.0103 0x044c ws2ifsl - ok
12:39:51.0150 0x044c [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
12:39:51.0243 0x044c wscsvc - ok
12:39:51.0259 0x044c WSearch - ok
12:39:51.0524 0x044c [ A7A67674E51F2B050AAC4C477297EEE2, FA6DA2AA7869A99AB3D19509D7F2411E5E2C9ADB6D8DB97D7B8FAF1F6E160687 ] wuauserv C:\Windows\system32\wuaueng.dll
12:39:51.0883 0x044c wuauserv - ok
12:39:51.0945 0x044c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:39:52.0023 0x044c WudfPf - ok
12:39:52.0086 0x044c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:39:52.0179 0x044c WUDFRd - ok
12:39:52.0242 0x044c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:39:52.0304 0x044c wudfsvc - ok
12:39:52.0382 0x044c [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
12:39:52.0522 0x044c WwanSvc - ok
12:39:52.0616 0x044c [ 6DB01688FDBF299F426EEB01DDEC684A, B183578E52662CAC6253E418B25BA1B9E4FF825485531C8749A130358D98A856 ] ZAtheros Wlan Agent C:\Program Files\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
12:39:52.0694 0x044c ZAtheros Wlan Agent - detected UnsignedFile.Multi.Generic ( 1 )
12:39:55.0861 0x044c Detect skipped due to KSN trusted
12:39:55.0861 0x044c ZAtheros Wlan Agent - ok
12:39:55.0923 0x044c ================ Scan global ===============================
12:39:55.0970 0x044c [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\Windows\system32\basesrv.dll
12:39:56.0048 0x044c [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
12:39:56.0110 0x044c [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
12:39:56.0173 0x044c [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
12:39:56.0235 0x044c [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
12:39:56.0298 0x044c [ Global ] - ok
12:39:56.0298 0x044c ================ Scan MBR ==================================
12:39:56.0313 0x044c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:39:56.0937 0x044c \Device\Harddisk0\DR0 - ok
12:39:56.0953 0x044c [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
12:39:57.0358 0x044c \Device\Harddisk1\DR1 - ok
12:39:57.0374 0x044c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
12:39:57.0686 0x044c \Device\Harddisk2\DR2 - ok
12:39:57.0686 0x044c ================ Scan VBR ==================================
12:39:57.0686 0x044c [ 1C91D4DE58F4A06A259F60D01A1081BB ] \Device\Harddisk0\DR0\Partition1
12:39:57.0702 0x044c \Device\Harddisk0\DR0\Partition1 - ok
12:39:57.0717 0x044c [ D60140E0A8C9D25FB893731840A2358E ] \Device\Harddisk1\DR1\Partition1
12:39:57.0733 0x044c \Device\Harddisk1\DR1\Partition1 - ok
12:39:57.0748 0x044c [ DBD58432584A467DD1DB67B4CFDEE8F0 ] \Device\Harddisk2\DR2\Partition1
12:39:57.0748 0x044c \Device\Harddisk2\DR2\Partition1 - ok
12:39:57.0764 0x044c ================ Scan generic autorun ======================
12:39:57.0873 0x044c [ A5A39BAA44C805C4C6E9615BEF5A69B5, EC55EAADE2D41A2393C761A8262CB6C9F3891FDA04F7D2D3430F3A10251DE71D ] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
12:39:57.0982 0x044c Cisco AnyConnect Secure Mobility Agent for Windows - ok
12:39:58.0123 0x044c [ 7C73B5C50CAEDB1771A049142026906B, A4992339D71A9297963C70616C4124BD701E46AEE439E09C392C2B2EBAE624E6 ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
12:39:58.0294 0x044c StartCCC - ok
12:39:58.0450 0x044c [ 031663946128C3EA4BE01BFF94B027D9, 7BD2B73DACAC5598843E955305DF003A2CC04DDB3924ADBC727BFCC48887F56D ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
12:39:58.0575 0x044c avgnt - ok
12:39:58.0747 0x044c [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
12:39:58.0794 0x044c GrooveMonitor - ok
12:39:58.0887 0x044c [ 2199723879C9F75A709680E2935C052F, DDD5B5CC86463284D9137372CB8541D1258AC020EA811F1AD3735809F314B086 ] C:\Program Files\PDF24\pdf24.exe
12:39:58.0965 0x044c PDFPrint - ok
12:39:59.0028 0x044c [ 4F9DD96AECDC12373D4203253D665C6D, 871FF2367ACD5F9A378FED53574BF28A8129224C4B7C4AF074809ED7CF870904 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
12:39:59.0106 0x044c SunJavaUpdateSched - ok
12:39:59.0293 0x044c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
12:39:59.0496 0x044c Sidebar - ok
12:39:59.0558 0x044c [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
12:39:59.0667 0x044c mctadmin - ok
12:39:59.0776 0x044c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
12:39:59.0948 0x044c Sidebar - ok
12:39:59.0979 0x044c [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
12:40:00.0042 0x044c mctadmin - ok
12:40:00.0042 0x044c SpiderOak - ok
12:40:00.0166 0x044c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
12:40:00.0338 0x044c Sidebar - ok
12:40:00.0463 0x044c [ 33BFEC2B102B196B62ABB9947C7D7E23, 6EAF3462712629401CDBECF63B0848D1762A023FCA156F9FA146B0FEE75C83D0 ] C:\Users\Bine\AppData\Local\Dropbox\Update\DropboxUpdate.exe
12:40:00.0541 0x044c Dropbox Update - ok
12:40:00.0541 0x044c Waiting for KSN requests completion. In queue: 12
12:40:01.0555 0x044c Waiting for KSN requests completion. In queue: 12
12:40:02.0569 0x044c Waiting for KSN requests completion. In queue: 12
12:40:03.0708 0x044c AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.12.260 ), 0x41000 ( enabled : updated )
12:40:03.0708 0x044c FW detected via SS2: FireWall, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.12.260 ), 0x41010 ( enabled )
12:40:06.0656 0x044c ============================================================
12:40:06.0656 0x044c Scan finished
12:40:06.0656 0x044c ============================================================
12:40:06.0687 0x12b8 Detected object count: 0
12:40:06.0687 0x12b8 Actual detected object count: 0
|
|
29.08.2015, 10:47
| #4 |
| /// the machine /// TB-Ausbilder | USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.08.2015, 16:48
| #5 |
| | USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) Hallo Schrauber, hier der log von Combofix Code:
ATTFilter ComboFix 15-08-27.01 - Bine 29.08.2015 9:42.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1771.703 [GMT -5:00]
ausgeführt von:: c:\users\Bine\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: FireWall *Disabled* {753F9273-B322-2907-AC37-03D0F1702F22}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\programdata\msqxolt.exe
c:\users\Bine\AppData\Local\TempDIR
c:\users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-07-28 bis 2015-08-29 ))))))))))))))))))))))))))))))
.
.
2015-08-29 14:58 . 2015-08-29 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-28 16:40 . 2015-08-28 17:34 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-08-28 03:15 . 2015-08-28 03:21 -------- d-----w- C:\FRST
2015-08-28 01:29 . 2015-08-28 16:40 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-28 01:27 . 2015-08-28 16:38 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-28 01:27 . 2015-06-18 13:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-28 01:27 . 2015-08-28 01:27 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware
2015-08-28 01:27 . 2015-08-28 01:27 -------- d-----w- c:\programdata\Malwarebytes
2015-08-28 01:27 . 2015-06-18 13:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-20 14:02 . 2015-08-20 14:02 -------- d-----w- c:\program files\Common Files\Skype
2015-08-20 13:30 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-17 19:32 . 2015-08-17 19:32 -------- d-----w- c:\users\Bine\AppData\Local\SpiderOak
2015-08-17 19:31 . 2015-08-17 19:31 -------- d-----w- c:\program files\SpiderOakONE
2015-08-12 22:05 . 2015-07-30 13:13 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 18:53 . 2015-07-15 17:59 3934656 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-12 18:52 . 2015-07-16 19:12 856064 ----a-w- c:\windows\system32\rdvidcrl.dll
2015-08-12 18:51 . 2015-05-09 18:09 715200 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-12 18:51 . 2015-07-15 02:55 44032 ----a-w- c:\windows\system32\basesrv.dll
2015-08-12 18:40 . 2015-07-15 02:55 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-12 18:40 . 2015-07-15 02:55 1390592 ----a-w- c:\windows\system32\msxml6.dll
2015-08-12 18:40 . 2015-07-15 02:51 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-12 18:40 . 2015-07-15 02:51 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-11 16:45 . 2015-08-11 16:45 -------- d-----w- c:\users\Bine\AppData\Local\Dropbox
2015-08-11 16:45 . 2015-08-11 16:45 -------- d-----w- c:\programdata\Dropbox
2015-08-07 21:08 . 2015-08-07 21:08 -------- d-----w- c:\users\Bine\AppData\Roaming\Scientific Software
2015-08-07 21:05 . 2015-08-07 21:05 -------- d-----w- c:\programdata\Scientific Software
2015-08-07 21:05 . 2015-08-07 21:05 -------- d-----w- c:\program files\Scientific Software
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-26 17:02 . 2012-11-03 11:40 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-26 17:02 . 2011-07-17 15:33 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-26 12:57 . 2013-07-30 15:48 136728 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-08-26 12:57 . 2013-07-30 15:48 108448 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-07-19 04:22 . 2014-12-11 10:38 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-07-15 18:37 . 2015-08-12 18:53 2560 ----a-w- c:\windows\system32\drivers\de-DE\mountmgr.sys.mui
2015-07-04 17:48 . 2015-07-15 16:36 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-06-17 17:39 . 2015-07-15 16:36 305664 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 06:01 . 2015-06-17 06:01 1202856 ----a-w- c:\windows\system32\FM20.DLL
2015-06-15 21:47 . 2015-07-15 16:38 101824 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:43 . 2015-07-15 16:38 2364416 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:43 . 2015-07-15 16:38 337408 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:43 . 2015-07-15 16:38 1805824 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:43 . 2015-07-15 16:38 47104 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:42 . 2015-07-15 16:38 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:37 . 2015-07-15 16:38 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-09 19:35 . 2015-07-15 16:34 2745856 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-09 19:35 . 2015-07-15 16:34 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-06-01 23:47 . 2015-07-15 16:34 210432 ----a-w- c:\windows\system32\cewmdm.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SpiderOakONEOverlay]
@="{6E1010DC-3571-45DE-9CA2-C5890119BBBE}"
[HKEY_CLASSES_ROOT\CLSID\{6E1010DC-3571-45DE-9CA2-C5890119BBBE}]
2015-07-13 15:18 25088 ----a-w- c:\program files\SpiderOakONE\shell_extension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Dropbox Update"="c:\users\Bine\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-08-11 136048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-08-03 685048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-08-26 737712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2014-11-28 193568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-06-09 334896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\ Malwarebytes Anti-Malware \mbamscheduler.exe [2015-06-18 1871160]
R2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2015-06-18 1133880]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2012-08-03 87976]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-06-19 115808]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-07-16 102912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2013-07-30 113024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-14 37352]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-03-29 219136]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-03-28 291840]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2015-08-26 1054976]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2015-08-26 834568]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2015-08-26 456528]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2015-08-26 1012240]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-08-03 537592]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2011-08-10 57344]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2013-07-30 92448]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 16455552
*Deregistered* - 16455552
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
Inhalt des "geplante Tasks" Ordners
.
2015-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-03 17:02]
.
2015-08-28 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3862519716-2807753652-4247563606-1000Core.job
- c:\users\Bine\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-11 16:44]
.
2015-08-29 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3862519716-2807753652-4247563606-1000UA.job
- c:\users\Bine\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-11 16:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://mx.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\
FF - prefs.js: browser.search.selectedEngine - Ecosia
FF - prefs.js: browser.startup.homepage - http://www.trojaner-board.de/170379-...l?#post1508057
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
HKCU-Run-SpiderOak - c:\program files\SpiderOak\SpiderOak.exe
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-08-29 10:04:23
ComboFix-quarantined-files.txt 2015-08-29 15:04
.
Vor Suchlauf: 8 Verzeichnis(se), 168.526.827.520 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 169.090.838.528 Bytes frei
.
- - End Of File - - 1083DA7DB4233EF1F5B154B6D9D1DA9F
A36C5E4F47E84449FF07ED3517B43A31
Die Verknüpfungen, die auf den USB-Sticks sind, führen zu den folgenden Pfaden (falls das hilfreich sein könnte): C:\Windows\System32\rundll32.exe *\CW1JdxQmUTcAUah3lY0.eSm6Vp7Rl5Pl5Pj3Nh1Lfa,dxHLqSoqY5LfzJm5 C:\Windows\System32\rundll32.exe *\qQtCfCOnPC7L.vMoA5PQpa1O7rX,LtRwU2a6eCkGoMul Liebe Grüße! |
|
30.08.2015, 11:35
| #6 |
| /// the machine /// TB-Ausbilder | USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) Wir sind ja auch noch nicht fertig  Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) |
|
30.08.2015, 20:16
| #7 |
| | USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) Okay Also... Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 30.08.2015 Suchlaufzeit: 08:49 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.08.29.05 Rootkit-Datenbank: v2015.08.16.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Bine Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 346470 Abgelaufene Zeit: 36 Min., 24 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.004 - Bericht erstellt 30/08/2015 um 13:21:10
# Aktualisiert 26/08/2015 von Xplode
# Datenbank : 2015-08-30.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : Bine - NINIMAU
# Gestarted von : C:\Users\Bine\Desktop\AdwCleaner_5.004.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\Users\Bine\AppData\Local\YSearchUtil
[-] Ordner Gelöscht : C:\Users\Bine\AppData\LocalLow\Conduit
[-] Ordner Gelöscht : C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\Smartbar
[-] Ordner Gelöscht : C:\Windows\system32\config\systemprofile\AppData\Local\YSearchUtil
***** [ Dateien ] *****
[-] Datei Gelöscht : C:\Users\Bine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Bine\Favorites\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Bine\Favorites\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Bine\Favorites\Links\Startfenster.lnk
[-] Datei Gelöscht : C:\Users\Bine\Favorites\Links\Startfenster.lnk
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKCU\Software\Conduit
[-] Schlüssel Gelöscht : HKCU\Software\Softonic
[-] Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
***** [ Internetbrowser ] *****
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.1000234.TWC_TMP_city", "BERLIN");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.1000234.TWC_TMP_country", "DE");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.1000234.TWC_locId", "GMXX0007");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.1000234.TWC_location", "Berlin, Deutschland");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.1000234.TWC_region", "DE");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.1000234.TWC_temp_dis", "c");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.1000234.TWC_wind_dis", "kmh");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"21°C\",\"temperatureClear\":\"21°C\",\"highTemperature\":\"24°C\",\"lowTemperature\":\"14°C\",\"feelsLike\":\"21°C\",[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.CBOpenMAMSettings.enc", "MA==");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.FirstTime", "true");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.FirstTimeFF3", "true");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.LoginRevertSettingsEnabled", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.PG_ENABLE", "dHJ1ZQ==");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.PG_ENABLE.enc", "ZEhKMVpRPT0=");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.PairingKey", "05E50A71EA2C52A25A64108CB18DCF25202279A5");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.RestartDialogFirstTime", "false");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.RestartDialogShouldDisplay", "false");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.RevertSettingsEnabled", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.SF_JUST_INSTALLED.enc", "RkFMU0U=");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.SF_STATUS.enc", "RU5BQkxFRA==");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.SF_USER_ID.enc", "Y2lkXzg0MjAxMzE5MjM1NzIwODIxMzQ=");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.UserID", "UN73770844433293050");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.addressBarTakeOverEnabledInHidden", "true");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.autoDisableScopes", -1);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.cb_experience_000.enc", "MTE0");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.cb_firstuse0100.enc", "MQ==");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.cb_user_id_000.enc", "Q0I4NTEyOTAxODA1NjFfMTM2MTQ0MTk0MjI5Nl9GaXJlZm94");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.cbcountry_001.enc", "REU=");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.cbfirsttime.enc", "VGh1IE9jdCAyNSAyMDEyIDE5OjAzOjUxIEdNVCswMjAw");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.countryCode", "MX");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.defaultSearch", "FALSE");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.enableAlerts", "always");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.enableFix404ByUser", "FALSE");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.enableSearchFromAddressBar", "FALSE");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.firstTimeDialogOpened", "true");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.fixPageNotFoundError", "true");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.fixPageNotFoundErrorByUser", "true");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.fixPageNotFoundErrorInHidden", "true");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.fixUrls", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.fullUserID", "UN73770844433293050.UP.20130710200916");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.homepageuserchanged", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.hxxp___socialgrowthtechnologies_com_couponbuddy_v002.APP_WIN_FEATURES", "openposition=offset:50;50,savelocation=0,resizable=no,scrollbars=no,titlebar=yes,saveresizedsize=no");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.installId", "fft6CE6.tmp.exe");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.installType", "XPE");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.isCheckedStartAsHidden", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.isFirstTimeToolbarLoading", "false");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.isNewTabEnabled", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.isPerformedSmartBarTransition", "true");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://www.trovigo.com/?gd=&ctid=CT2851647&octid=CT2851647&ISID=ISID_ID&SearchSource=15&CUI=UN73770844433293050&Lay=1&UM[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.lastVersion", "10.38.0.509");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_appStateReportTime.enc", "MTM3NDMwODkzNDIwOQ==");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_appState_CouponBuddy.enc", "b24=");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_appState_PriceGong.enc", "b24=");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_calledSetupService.enc", "MQ==");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiI1YmZmN2RiMi1hNzA0LTRjNDYtYmZiNy1jYTRiNzkwMjkwZTMiLCJ[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_currentBadgeValue.enc", "MQ==");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_currentVersion.enc", "MS45LjAuNA==");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_first_time.enc", "MQ==");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_lastLoginTime.enc", "MTM3NDMwODkzNDE0Mw==");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50LVJpY2h0bGluaWUifSwiZ2FkZ2V0RGVzY3JpcHRpb25QcmltYXJ5Ijp7IlRleHQiOiJWYWx1ZSBBcHBzIGJlcmVpY2hlcnQgSWhy[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_mamEnabled.enc", "ZmFsc2U=");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_newApps.enc", "W10=");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_settings1.4.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_settings1.4.3.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiREUiLCJpc1dlbGNvbWVFeHBlc[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiREUiLCJpc1dlbGNvbWVFeHBlc[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_userId.enc", "ODQzM2YzY2EtYmVjOS00ZWE0LTk0MWQtZjRmMWM0NTE5ZTA4");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.mam_gk_user_apps_selection.enc", "");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.migrateAppsAndComponents", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fespanol.yahoo.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"Yahoo\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp:/[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.openThankYouPage", "true");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.openUninstallPage", "FALSE");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.performedDomainChangesMigration", "true");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.scriptSource", "hxxp://127.0.0.1:10000/gui/");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.search.searchAppId", "129351532245275780");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.search.searchCount", "1");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.searchInNewTabEnabled", "false");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.searchInNewTabEnabledByUser", "false");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.searchInNewTabEnabledInHidden", "true");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.searchSuggestEnabledByUser", "false");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.sendUsageEnabled", "false");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2851647\"}");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentBarDE.OurToolbar.com//xpi\"}");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_DE \"}");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_Configuration_lastUpdate", "1440691895809");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1374309046162");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_appsMetadata_lastUpdate", "1374309046123");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1373391695179");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_location_lastUpdate", "1373391698758");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353335810449");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358368320188");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.14.370.524_lastUpdate", "1363967385677");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.14.40.128_lastUpdate", "1360006835062");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.14.42.7_lastUpdate", "1361211588021");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.14.65.43_lastUpdate", "1373391696253");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369576777529");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372605427734");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374953925984");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.16.70.505_lastUpdate", "1379534321896");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.20.0.513_lastUpdate", "1384714994095");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.22.3.518_lastUpdate", "1386864687509");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.22.5.510_lastUpdate", "1387561421946");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.23.0.822_lastUpdate", "1396537948016");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.29.0.520_lastUpdate", "1399318521570");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.30.1.502_lastUpdate", "1400790614842");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.31.0.526_lastUpdate", "1401454947744");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.31.2.501_lastUpdate", "1404370921515");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_login_10.33.0.505_lastUpdate", "1408605776158");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1373391694974");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_searchAPI_lastUpdate", "1440691896134");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_serviceMap_lastUpdate", "1440691895709");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_setupAPI_lastUpdate", "1373391698732");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_toolbarContextMenu_lastUpdate", "1373391695488");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_toolbarSettings_lastUpdate", "1440720963831");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.serviceLayer_services_translation_lastUpdate", "1440691897200");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.settingsINI", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.shouldFirstTimeDialog", "false");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.showToolbarPermission", "false");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.smartbar.CTID", "CT2851647");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.smartbar.Uninstall", "0");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.smartbar.isHidden", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.smartbar.toolbarName", "uTorrentBar_DE ");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.toolbarBornServerTime", "25-10-2012");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.toolbarCurrentServerTime", "2-8-2014");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.toolbarLoginClientTime", "Wed Mar 13 2013 21:10:59 GMT+0100");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.uTTorrents", "{\"build\":28086,\"label\":[],\"torrents\":[],\"torrentc\":\"792143768\",\"rssfeeds\":[],\"rssfilters\":[]}");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.upgradeFromClearSBVersion", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647.url_history0001.enc", "aHR0cDovL3d3dy5pbnRlcnBvb2wtaHIuY29tL2RlL3RyYWluaW5nL3Byb2pla3QvaW50ZXJrdWx0dXJlbGxlcy10cmFpbmluZy1kZXV0c2NoZS1LdWx0dXI6OjpjbGlja2hhbmRsZXI6OjoxMzc0MDg1ODU0[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("CT2851647_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1440725430485,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394175956517");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("smartbar.machineId", "TWQPEIORKS0L2N9YGCRSNXQ3CQPKYFC15XUGQHZYYOZPS5J1BSA068YAJTE5E1SXGTCACRTNWZDXUVZTQGKJJQ");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E+x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E,x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E-x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E.:2z527.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E.x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E/x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E06CG5EL8:", "6E6C716C6C6B736E7775");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E06CG5EL8:.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E06CG5EL;8I:K", "247E2D2F226A74727772727179747D7B242F4B49474F42357D5D5C3D");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E06CG5EL;8I:K.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E0x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E1x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E2x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E31;CJ7B?4?\"LL", "247E61393F236B2576727976742B222D6F4250454E337B35444F4C414C2F59593E3540236055505853565049324B2A2A4E455033707361553E57484B5A515C3F6B6C75614A6354536[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E31;CJ7B?4?\"LL.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E31;CJ7FK;KG#8QKEF)TIL.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E31;CJ7FK;KG#NCEP@MC+VKN.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E31;CJC<=FBJ#MM.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E31;CJC<=FBJ#NCF.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E31;CJF@J JJ", "247E61393F236B257672797A732B222D6F4250454E337B35534D572D57573C333E215E534E5651544E47304928284C434E316E715F533C554649584F5A3D696A735F48615251645B6673[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E31;CJF@J JJ.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E31;CJH?K8!KK.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E31;CJHF:AEA#MM", "247E61393F236B257475797A722B222D6F4250454E337B355553474E524E305A5A3F364124615651595457514A334C2B2B4F4651636266726275655942615C3F6C7B6F6C7A2221654[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E31;CJHF:AEA#MM.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E3x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E4x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E5x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E6x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E7x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E8x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E9x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E:x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E;x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E<x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E=x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E>x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E?x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7E@x305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7EAx305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7EBE3G=;D9N9=D.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7EBx305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7ECx305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7EDx305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B+7Etx305.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B-0?3G>D", "3E3F6D3D3F4075437A734774732078497879257D237D542A2720262A285A2E262A2A5F2F");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B-0?3G>D.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B-0?3G@6:5;", "");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B-0?3G@6:5;.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B-0?3GFA7EF", "2B2E2C3D");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B-0?3GFA7EF.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B-3=3ECCJA=F>.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B3=>@44I48?.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B5BA==9CJAG", "3A6F7171737273437A7843747278787C7B4E4B4C51");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B5BA==9CJAG.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B6B11G4C56B>F;P;ANR@P", "6E6C716C6C6B736E7677787A73");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B9643G3/9E", "6A");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B9643G3/9E.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B;45>:BI9I7IE", "2B2E2C3D");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B;45>:BI9I7IE.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B<:222H64<", "393F352F3E");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B<:222H64<.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B<:222H64<L8DAJ", "6D70706E7674717977742A797B727B78757B7A");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B<:222H64<L8DAJ.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B=+03EH8H8J?:", "4443");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B=+03EH8H8J?:.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B?+E2A52D8.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B?B0D:8AJ62<H", "6D");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9B?B0D:8AJ62<H.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9BA@0<0BI6A7GN:6@L?", "6C");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.PG_ENABLE", "74727565");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.PG_ENABLE.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.SF_JUST_INSTALLED", "46414C5345");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.SF_JUST_INSTALLED.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.SF_STATUS", "454E41424C4544");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.SF_STATUS.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.SF_USER_ID", "6369645F34343230313431323236333838353030343132");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.SF_USER_ID.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647._key_cl_active", "33393365653062342D633164622D343662382D383039332D316363356136376334633430");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647._key_cl_active.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.cb_experience_000", "3532");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.cb_experience_000.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.cb_firstuse0100", "31");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.cb_firstuse0100.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.cb_user_id_000", "43423634343637363938393632345F313430333230383139383137375F46697265666F78");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.cb_user_id_000.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.cbfirsttime", "4672692041707220303420323031342031323A32363A343020474D542B30323030");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.cbfirsttime.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appStateReportTime", "31343036383734353530373937");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appStateReportTime.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appState_Clarity_Active", "6F6E");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appState_Clarity_Active.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appState_CouponBuddy", "6F6E");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appState_CouponBuddy.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appState_Easytobook", "6F6E");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appState_Easytobook.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appState_Easytobook_targeted", "6F6E");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appState_Easytobook_targeted.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appState_PriceGong", "6F6E");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appState_PriceGong.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appState_WindowShopper", "6F6E");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appState_WindowShopper.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appsConfig.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appsDefaultEnabled", "6E756C6C");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_appsDefaultEnabled.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_calledSetupService", "31");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_calledSetupService.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_currentVersion", "312E31332E302E3137");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_currentVersion.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_eventsCache", "7B2233306235666634642D653234332D346438352D383663322D353165616664303463316565223A7B22746F706963223A2273656E645573616765222C2264617461223A7B226361746[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_eventsCache.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_existingUsersRecoveryDone", "31");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_existingUsersRecoveryDone.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_first_time", "31");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_first_time.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_gadgetOpen", "30");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_gadgetOpen.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_lastLoginTime", "31343036383734353531353336");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_lastLoginTime.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_localization.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_mamEnabled", "66616C7365");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_mamEnabled.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_migrated_from_ls", "31");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_migrated_from_ls.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_new_welcome_experience", "31");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_new_welcome_experience.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_settings1.13.0.17.storedInFile", true);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_showWelcomeGadget", "66616C7365");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_showWelcomeGadget.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_stamp", "38345F30");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_stamp.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_userBornDate", "4E2F41");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_userBornDate.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_userId", "64313965613530652D656330352D343532352D613330322D663163616530666261633430");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_userId.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_user_approval_interacted", "31");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_user_approval_interacted.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_welcomeDialogMode", "31");
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.mam_gk_welcomeDialogMode.storedInFile", false);
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.url_history0001", "687474703A2F2F6D65696E6665726E6275732E64652F233A3A3A636C69636B68616E646C65723A3A3A313339363630393431343337312C2C2C687474703A2F2F6D65696E6665726E627573[...]
[-] [C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\prefs.js] [Preference] Gelöscht : user_pref("valueApps.CT2851647.url_history0001.storedInFile", true);
*************************
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [60553 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 7 Professional x86
Ran by Bine on 30.08.2015 at 13:47:39,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\Users\Bine\Appdata\Local\cre
~~~ FireFox
Successfully deleted: [File] C:\Users\Bine\AppData\Roaming\mozilla\firefox\profiles\qg1imu4n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Successfully deleted the following from C:\Users\Bine\AppData\Roaming\mozilla\firefox\profiles\qg1imu4n.default\prefs.js
user_pref(valueApps.storage.mam_gk_userId, 64313965613530652D656330352D343532352D613330322D663163616530666261633430);
Emptied folder: C:\Users\Bine\AppData\Roaming\mozilla\firefox\profiles\qg1imu4n.default\minidumps [358 files]
~~~ Chrome
[C:\Users\Bine\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Bine\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Bine\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Bine\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.08.2015 at 13:57:17,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:27-08-2015
durchgeführt von Bine (Administrator) auf NINIMAU (30-08-2015 14:04:23)
Gestartet von C:\Users\Bine\Desktop
Geladene Profile: Bine (Verfügbare Profile: Bine)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737712 2015-08-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-3862519716-2807753652-4247563606-1000\...\Run: [Dropbox Update] => C:\Users\Bine\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SpiderOakONEOverlay] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBE} => C:\Program Files\SpiderOakONE\shell_extension.dll [2015-07-13] (SpiderOakONE)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3862519716-2807753652-4247563606-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3862519716-2807753652-4247563606-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mx.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000 -> {6A7726B4-1004-400B-9DA3-A1646EC42A16} URL = hxxps://mx.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-18] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-18] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{A6F5284D-4211-44AC-A452-C326DE0C73AB}: [DhcpNameServer] 192.168.100.1
FireFox:
========
FF ProfilePath: C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Ecosia
FF Homepage: http://www.trojaner-board.de/170379-...l?#post1508057
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-26] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-18] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\searchplugins\ecosia.xml [2015-05-29]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\Extensions\artur.dubovoy@gmail.com [2015-08-14]
FF Extension: YouTube mp3 - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\Extensions\info@youtube-mp3.org.xpi [2012-08-27]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-06-05]
FF Extension: Adblock Plus - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-14]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-01-24]
Chrome:
=======
CHR Profile: C:\Users\Bine\AppData\Local\Google\Chrome\User Data\Default
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 AntiVirFirewallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [1054976 2015-08-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [834568 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [456528 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [456528 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1012240 2015-08-26] (Avira Operations GmbH & Co. KG)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [660848 2010-12-16] (Juniper Networks)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [Datei ist nicht signiert]
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2013-07-30] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2013-07-30] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-08-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-08-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [115808 2011-06-19] (SysProgs.org)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2010-12-16] (Juniper Networks)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [27696 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2010-08-20] (The OpenVPN Project)
S3 catchme; \??\C:\Users\Bine\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-30 13:57 - 2015-08-30 13:57 - 00001755 _____ C:\Users\Bine\Desktop\JRT.txt
2015-08-30 13:46 - 2015-08-30 13:46 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Bine\Desktop\JRT.exe
2015-08-30 13:44 - 2015-08-30 13:44 - 00060633 _____ C:\Users\Bine\Desktop\AdwCleaner[C1].txt
2015-08-30 13:10 - 2015-08-30 13:21 - 00000000 ____D C:\AdwCleaner
2015-08-30 09:27 - 2015-08-30 09:27 - 01618432 _____ C:\Users\Bine\Desktop\AdwCleaner_5.004.exe
2015-08-30 09:26 - 2015-08-30 09:26 - 00001198 _____ C:\Users\Bine\Desktop\mbam.txt
2015-08-29 10:04 - 2015-08-29 10:04 - 00016318 _____ C:\ComboFix.txt
2015-08-29 09:37 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-29 09:37 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-29 09:37 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-29 09:37 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-29 09:37 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-29 09:37 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-29 09:37 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-29 09:37 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-29 09:36 - 2015-08-29 10:04 - 00000000 ____D C:\Qoobox
2015-08-29 09:35 - 2015-08-29 10:01 - 00000000 ____D C:\Windows\erdnt
2015-08-29 09:26 - 2015-08-29 09:27 - 05636265 ____R (Swearware) C:\Users\Bine\Desktop\ComboFix.exe
2015-08-28 12:35 - 2015-08-28 12:35 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Bine\Desktop\tdsskiller.exe
2015-08-28 11:40 - 2015-08-28 12:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-28 11:38 - 2015-08-28 12:34 - 00000000 ____D C:\Users\Bine\Desktop\mbar
2015-08-28 11:10 - 2015-08-29 10:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-28 11:00 - 2015-08-28 11:01 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Bine\Desktop\mbar-1.09.2.1008.exe
2015-08-27 23:41 - 2015-08-27 23:41 - 00016674 _____ C:\Users\Bine\Desktop\Logs.zip
2015-08-27 23:12 - 2015-08-27 23:13 - 00085202 _____ C:\Users\Bine\Desktop\Avira.txt
2015-08-27 23:07 - 2015-08-27 23:07 - 00141861 _____ C:\Users\Bine\Desktop\malwarebytes.txt
2015-08-27 23:02 - 2015-08-27 23:02 - 00011962 _____ C:\Users\Bine\Desktop\gmer.txt
2015-08-27 22:22 - 2015-08-27 22:22 - 00380416 _____ C:\Users\Bine\Desktop\Gmer-19357.exe
2015-08-27 22:19 - 2015-08-27 22:21 - 00041796 _____ C:\Users\Bine\Desktop\Addition.txt
2015-08-27 22:15 - 2015-08-30 14:04 - 00013221 _____ C:\Users\Bine\Desktop\FRST.txt
2015-08-27 22:15 - 2015-08-30 14:04 - 00000000 ____D C:\FRST
2015-08-27 22:13 - 2015-08-27 22:14 - 01690624 _____ (Farbar) C:\Users\Bine\Desktop\FRST.exe
2015-08-27 22:11 - 2015-08-27 22:12 - 00000470 _____ C:\Users\Bine\Desktop\defogger_disable.log
2015-08-27 22:11 - 2015-08-27 22:11 - 00000000 _____ C:\Users\Bine\defogger_reenable
2015-08-27 22:09 - 2015-08-27 22:09 - 00050477 _____ C:\Users\Bine\Desktop\Defogger.exe
2015-08-27 21:24 - 2015-08-29 10:11 - 00200422 _____ C:\Windows\PFRO.log
2015-08-27 20:29 - 2015-08-30 13:29 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-27 20:27 - 2015-08-28 11:38 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-27 20:27 - 2015-08-27 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-08-27 20:27 - 2015-08-27 20:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-27 20:27 - 2015-08-27 20:27 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2015-08-27 20:27 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-27 20:27 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-27 20:23 - 2015-08-27 20:24 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Bine\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-26 11:56 - 2015-08-26 11:57 - 01190104 _____ (Adobe Systems Incorporated) C:\Users\Bine\Downloads\flashplayer18_ha_install.exe
2015-08-25 07:45 - 2015-08-30 13:24 - 00001848 _____ C:\Windows\setupact.log
2015-08-25 07:45 - 2015-08-25 07:45 - 00000000 _____ C:\Windows\setuperr.log
2015-08-20 09:02 - 2015-08-20 09:02 - 00002687 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-20 09:02 - 2015-08-20 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-20 09:02 - 2015-08-20 09:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-20 08:30 - 2015-08-10 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-20 08:30 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-17 14:32 - 2015-08-17 14:32 - 00000000 ____D C:\Users\Bine\AppData\Local\SpiderOak
2015-08-17 14:31 - 2015-08-17 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpiderOakONE
2015-08-17 14:31 - 2015-08-17 14:31 - 00000000 ____D C:\Program Files\SpiderOakONE
2015-08-17 14:19 - 2015-08-17 14:19 - 26113560 _____ C:\Users\Bine\Downloads\SpiderOakONESetup-6.0.exe
2015-08-12 17:05 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 13:54 - 2015-07-28 15:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 13:54 - 2015-07-28 15:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 13:54 - 2015-07-28 15:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 13:54 - 2015-07-28 15:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 13:54 - 2015-07-28 15:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 13:54 - 2015-07-28 15:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 13:54 - 2015-07-28 15:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 13:54 - 2015-07-28 14:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 13:54 - 2015-07-20 12:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 13:54 - 2015-07-20 12:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 13:54 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 13:54 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 13:54 - 2015-07-20 12:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 13:54 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 13:54 - 2015-07-20 12:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 13:54 - 2015-07-20 12:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 13:54 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 13:54 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 13:54 - 2015-07-20 12:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 13:54 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 13:54 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 13:54 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 13:54 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 13:53 - 2015-07-16 14:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 13:53 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-12 13:53 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 13:53 - 2015-07-15 12:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 13:53 - 2015-07-15 12:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 13:53 - 2015-07-15 12:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 13:53 - 2015-07-15 12:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 13:53 - 2015-07-15 12:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 13:53 - 2015-07-15 12:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 13:53 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 13:53 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 13:53 - 2015-07-15 12:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 13:53 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 13:53 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 13:53 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 13:53 - 2015-07-15 12:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 13:53 - 2015-07-15 12:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 13:53 - 2015-07-15 12:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 13:53 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 13:53 - 2015-07-15 12:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 13:53 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 13:53 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 13:53 - 2015-07-15 12:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 13:53 - 2015-07-15 12:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 13:53 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 13:53 - 2015-07-15 12:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 13:53 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 13:53 - 2015-07-15 12:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 13:53 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 13:53 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 13:53 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 13:53 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 13:53 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 13:53 - 2015-07-15 11:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 13:53 - 2015-07-15 11:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 13:53 - 2015-07-15 11:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 13:52 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 13:52 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 13:52 - 2015-07-30 12:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 13:52 - 2015-07-30 12:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 13:52 - 2015-07-30 12:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 13:52 - 2015-07-30 12:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 13:52 - 2015-07-30 12:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 13:52 - 2015-07-30 11:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 13:52 - 2015-07-30 11:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 13:52 - 2015-07-20 19:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 13:52 - 2015-07-16 15:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 13:52 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 13:52 - 2015-07-16 14:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 13:52 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 13:52 - 2015-07-16 14:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 13:52 - 2015-07-16 14:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 13:52 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 13:52 - 2015-07-16 14:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 13:52 - 2015-07-16 14:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 13:52 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 13:52 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 13:52 - 2015-07-16 14:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 13:52 - 2015-07-16 14:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 13:52 - 2015-07-16 14:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 13:52 - 2015-07-16 14:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 13:52 - 2015-07-16 14:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 13:52 - 2015-07-16 14:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 13:52 - 2015-07-16 14:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 13:52 - 2015-07-16 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 13:52 - 2015-07-16 14:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 13:52 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 13:52 - 2015-07-16 14:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-12 13:52 - 2015-07-16 14:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 13:52 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 13:52 - 2015-07-16 14:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 13:52 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 13:52 - 2015-07-16 14:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 13:52 - 2015-07-16 14:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 13:52 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 13:52 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 13:52 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 13:52 - 2015-07-16 10:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-12 13:51 - 2015-07-14 21:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 13:51 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 13:51 - 2015-05-09 13:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-12 13:40 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 13:40 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 13:40 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 13:40 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 11:49 - 2015-08-11 11:49 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-11 11:45 - 2015-08-30 13:54 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3862519716-2807753652-4247563606-1000UA.job
2015-08-11 11:45 - 2015-08-30 12:50 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3862519716-2807753652-4247563606-1000Core.job
2015-08-11 11:45 - 2015-08-11 11:45 - 00000000 ____D C:\Users\Bine\AppData\Local\Dropbox
2015-08-11 11:45 - 2015-08-11 11:45 - 00000000 ____D C:\ProgramData\Dropbox
2015-08-10 15:44 - 2015-08-10 15:53 - 46242307 _____ C:\Users\Bine\Downloads\Fotos Tapachula.zip
2015-08-07 16:08 - 2015-08-07 16:08 - 00000000 ____D C:\Users\Bine\Documents\Scientific Software
2015-08-07 16:08 - 2015-08-07 16:08 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Scientific Software
2015-08-07 16:05 - 2015-08-07 16:05 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATLAS.ti.lnk
2015-08-07 16:05 - 2015-08-07 16:05 - 00002147 _____ C:\Users\Public\Desktop\ATLAS.ti.lnk
2015-08-07 16:05 - 2015-08-07 16:05 - 00000000 ____D C:\Users\Public\Documents\Scientific Software
2015-08-07 16:05 - 2015-08-07 16:05 - 00000000 ____D C:\ProgramData\Scientific Software
2015-08-07 16:05 - 2015-08-07 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scientific Software
2015-08-07 16:05 - 2015-08-07 16:05 - 00000000 ____D C:\Program Files\Scientific Software
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-30 13:35 - 2009-07-13 23:34 - 00025328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-30 13:35 - 2009-07-13 23:34 - 00025328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-30 13:28 - 2014-12-14 09:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-30 13:24 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-30 13:23 - 2014-02-13 02:13 - 01538005 _____ C:\Windows\WindowsUpdate.log
2015-08-29 10:11 - 2012-09-02 03:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-29 10:09 - 2015-03-16 11:46 - 00000000 ___RD C:\Users\Bine\Documents\SpiderOak Hive
2015-08-29 10:04 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Default
2015-08-29 10:04 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2015-08-29 09:59 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2015-08-28 13:50 - 2011-07-19 05:11 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Skype
2015-08-27 22:11 - 2011-07-14 03:02 - 00000000 ____D C:\Users\Bine
2015-08-27 21:24 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\TAPI
2015-08-27 20:34 - 2011-07-14 03:05 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-27 18:55 - 2014-10-06 05:29 - 00000000 ____D C:\Users\Bine\Documents\Diversität LAI
2015-08-27 11:42 - 2013-01-24 08:36 - 00000000 ____D C:\Users\Bine\Documents\Citavi 3
2015-08-26 12:03 - 2011-07-14 05:12 - 00000000 ____D C:\Users\Bine\AppData\Local\Adobe
2015-08-26 12:02 - 2012-11-03 06:40 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-26 12:02 - 2011-07-17 10:33 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-26 07:57 - 2013-07-30 10:48 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-08-26 07:57 - 2013-07-30 10:48 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-22 21:07 - 2015-05-22 10:28 - 00000000 ____D C:\Users\Bine\.freemind
2015-08-20 09:02 - 2014-09-22 12:06 - 00000000 ___RD C:\Program Files\Skype
2015-08-20 09:01 - 2011-07-19 05:08 - 00000000 ____D C:\ProgramData\Skype
2015-08-17 19:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-08-12 21:58 - 2009-07-13 23:33 - 00448136 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 21:55 - 2014-12-12 03:51 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 21:55 - 2014-05-02 02:06 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 21:55 - 2009-07-14 03:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2015-08-12 21:55 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-08-12 17:40 - 2014-12-11 06:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 17:27 - 2013-08-16 02:45 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 17:19 - 2011-08-02 02:02 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 14:17 - 2009-07-13 23:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-11 11:52 - 2012-08-29 09:03 - 00000000 ___RD C:\Users\Bine\Dropbox
2015-08-11 11:51 - 2012-08-29 08:58 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Dropbox
2015-08-03 21:41 - 2013-01-24 08:25 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Swiss Academic Software
2015-08-03 10:11 - 2011-07-14 03:40 - 00000000 ____D C:\Windows\Panther
2015-08-03 09:59 - 2015-07-10 08:39 - 00000000 ____D C:\$Windows.~BT
2015-08-02 12:44 - 2015-04-13 14:43 - 00000000 ___SD C:\Windows\system32\GWX
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-03-14 13:41 - 2015-03-15 05:55 - 0007598 _____ () C:\Users\Bine\AppData\Local\resmon.resmoncfg
Einige Dateien in TEMP:
====================
C:\Users\Bine\AppData\Local\Temp\avgnt.exe
C:\Users\Bine\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-08-22 10:01
==================== Ende vom FRST.txt ============================
|
|
31.08.2015, 15:51
| #8 |
| /// the machine /// TB-Ausbilder | USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7)ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.08.2015, 19:54
| #9 |
| | USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) Hallo Schrauber, Eset hat was gefunden. Auf die Dateien auf meinen USB-Sticks kann ich leider immer noch nicht zugreifen (Speicherplatz ist belegt, aber wenn ich die Laufwerke öffnen will erscheinen leere Ordner). ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2776b336c50d8d4ea7d53dc1f7b2f2c5
# end=init
# utc_time=2015-08-31 03:53:28
# local_time=2015-08-31 10:53:28 (-0600, Central Sommerzeit (Mexiko))
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25532
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2776b336c50d8d4ea7d53dc1f7b2f2c5
# end=updated
# utc_time=2015-08-31 03:57:28
# local_time=2015-08-31 10:57:28 (-0600, Central Sommerzeit (Mexiko))
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2776b336c50d8d4ea7d53dc1f7b2f2c5
# engine=25532
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-08-31 06:20:08
# local_time=2015-08-31 01:20:08 (-0600, Central Sommerzeit (Mexiko))
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1805 16777213 100 100 0 184622781 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 66324724 192589998 0 0
# scanned=182875
# found=1
# cleaned=0
# scan_time=8558
sh=5C7C92418BF887A382AC120FB04BAFCCF33601EE ft=1 fh=dc9d33aaf4355283 vn="Variante von Win32/Kryptik.DTXO Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\msqxolt.exe.vir"
Code:
ATTFilter Results of screen317's Security Check version 1.008 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 8 Update 51 Java version 32-bit out of Date! Adobe Flash Player 18.0.0.232 Adobe Reader XI Mozilla Firefox (40.0.3) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:27-08-2015 durchgeführt von Bine (Administrator) auf NINIMAU (31-08-2015 13:42:01) Gestartet von C:\Users\Bine\Desktop Geladene Profile: Bine (Verfügbare Profile: Bine) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Atheros) C:\Program Files\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe (SpiderOak) C:\Program Files\SpiderOakONE\SpiderOakONE.exe (SpiderOak) C:\Program Files\SpiderOakONE\SpiderOakONE.exe () C:\Program Files\SpiderOakONE\windows_dir_watcher.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737712 2015-08-26] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKU\S-1-5-21-3862519716-2807753652-4247563606-1000\...\Run: [Dropbox Update] => C:\Users\Bine\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bine\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [SpiderOakONEOverlay] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBE} => C:\Program Files\SpiderOakONE\shell_extension.dll [2015-07-13] (SpiderOakONE) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3862519716-2807753652-4247563606-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3862519716-2807753652-4247563606-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mx.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3862519716-2807753652-4247563606-1000 -> {6A7726B4-1004-400B-9DA3-A1646EC42A16} URL = hxxps://mx.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-18] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-18] (Oracle Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{A6F5284D-4211-44AC-A452-C326DE0C73AB}: [DhcpNameServer] 192.168.100.1 FireFox: ======== FF ProfilePath: C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default FF DefaultSearchEngine: Ecosia FF SelectedSearchEngine: Ecosia FF Homepage: http://www.trojaner-board.de/170379-...l?#post1508057 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-26] () FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-18] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\searchplugins\ecosia.xml [2015-05-29] FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\Extensions\artur.dubovoy@gmail.com [2015-08-14] FF Extension: YouTube mp3 - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\Extensions\info@youtube-mp3.org.xpi [2012-08-27] FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-06-05] FF Extension: Adblock Plus - C:\Users\Bine\AppData\Roaming\Mozilla\Firefox\Profiles\qg1imu4n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-14] FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-01-24] Chrome: ======= CHR Profile: C:\Users\Bine\AppData\Local\Google\Chrome\User Data\Default ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] R2 AntiVirFirewallService; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [1054976 2015-08-26] (Avira Operations GmbH & Co. KG) S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [834568 2015-08-26] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [456528 2015-08-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [456528 2015-08-26] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1012240 2015-08-26] (Avira Operations GmbH & Co. KG) R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [660848 2010-12-16] (Juniper Networks) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [Datei ist nicht signiert] S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.) R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [92448 2013-07-30] (Avira GmbH) R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [113024 2013-07-30] (Avira GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-08-26] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-08-26] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG) S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [115808 2011-06-19] (SysProgs.org) R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2010-12-16] (Juniper Networks) R3 eapihdrv; C:\Users\Bine\AppData\Local\Temp\ehdrv.sys [135760 2015-08-31] (ESET) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-31] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [27696 2015-06-16] (Avira Operations GmbH & Co. KG) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2010-08-20] (The OpenVPN Project) S3 catchme; \??\C:\Users\Bine\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-31 13:42 - 2015-08-31 13:43 - 00014508 _____ C:\Users\Bine\Desktop\FRST.txt 2015-08-31 13:42 - 2015-08-31 13:42 - 00000971 _____ C:\Users\Bine\Desktop\checkup.txt 2015-08-31 13:32 - 2015-08-31 13:32 - 00852704 _____ C:\Users\Bine\Desktop\SecurityCheck.exe 2015-08-31 13:29 - 2015-08-31 13:20 - 00001606 _____ C:\Users\Bine\Desktop\eset.txt 2015-08-31 10:50 - 2015-08-31 10:50 - 02870984 _____ (ESET) C:\Users\Bine\Desktop\esetsmartinstaller_deu.exe 2015-08-30 13:46 - 2015-08-30 13:46 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Bine\Desktop\JRT.exe 2015-08-30 13:10 - 2015-08-30 13:21 - 00000000 ____D C:\AdwCleaner 2015-08-30 09:27 - 2015-08-30 09:27 - 01618432 _____ C:\Users\Bine\Desktop\AdwCleaner_5.004.exe 2015-08-29 10:04 - 2015-08-29 10:04 - 00016318 _____ C:\ComboFix.txt 2015-08-29 09:37 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe 2015-08-29 09:37 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe 2015-08-29 09:37 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-08-29 09:37 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-08-29 09:37 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-08-29 09:37 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe 2015-08-29 09:37 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe 2015-08-29 09:37 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe 2015-08-29 09:36 - 2015-08-29 10:04 - 00000000 ____D C:\Qoobox 2015-08-29 09:35 - 2015-08-29 10:01 - 00000000 ____D C:\Windows\erdnt 2015-08-29 09:26 - 2015-08-29 09:27 - 05636265 ____R (Swearware) C:\Users\Bine\Desktop\ComboFix.exe 2015-08-28 12:35 - 2015-08-28 12:35 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Bine\Desktop\tdsskiller.exe 2015-08-28 11:40 - 2015-08-28 12:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-08-28 11:38 - 2015-08-28 12:34 - 00000000 ____D C:\Users\Bine\Desktop\mbar 2015-08-28 11:10 - 2015-08-29 10:11 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-28 11:00 - 2015-08-28 11:01 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Bine\Desktop\mbar-1.09.2.1008.exe 2015-08-27 23:41 - 2015-08-27 23:41 - 00016674 _____ C:\Users\Bine\Desktop\Logs.zip 2015-08-27 22:22 - 2015-08-27 22:22 - 00380416 _____ C:\Users\Bine\Desktop\Gmer-19357.exe 2015-08-27 22:15 - 2015-08-31 13:42 - 00000000 ____D C:\FRST 2015-08-27 22:13 - 2015-08-27 22:14 - 01690624 _____ (Farbar) C:\Users\Bine\Desktop\FRST.exe 2015-08-27 22:11 - 2015-08-27 22:11 - 00000000 _____ C:\Users\Bine\defogger_reenable 2015-08-27 22:09 - 2015-08-27 22:09 - 00050477 _____ C:\Users\Bine\Desktop\Defogger.exe 2015-08-27 21:24 - 2015-08-29 10:11 - 00200422 _____ C:\Windows\PFRO.log 2015-08-27 20:29 - 2015-08-31 13:44 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-27 20:27 - 2015-08-28 11:38 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-27 20:27 - 2015-08-27 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-08-27 20:27 - 2015-08-27 20:27 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-08-27 20:27 - 2015-08-27 20:27 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 2015-08-27 20:27 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-27 20:27 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-27 20:23 - 2015-08-27 20:24 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Bine\Downloads\mbam-setup-2.1.8.1057.exe 2015-08-26 11:56 - 2015-08-26 11:57 - 01190104 _____ (Adobe Systems Incorporated) C:\Users\Bine\Downloads\flashplayer18_ha_install.exe 2015-08-25 07:45 - 2015-08-31 08:25 - 00002352 _____ C:\Windows\setupact.log 2015-08-25 07:45 - 2015-08-25 07:45 - 00000000 _____ C:\Windows\setuperr.log 2015-08-20 09:02 - 2015-08-20 09:02 - 00002687 _____ C:\Users\Public\Desktop\Skype.lnk 2015-08-20 09:02 - 2015-08-20 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-08-20 09:02 - 2015-08-20 09:02 - 00000000 ____D C:\Program Files\Common Files\Skype 2015-08-20 08:30 - 2015-08-10 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-20 08:30 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-17 14:32 - 2015-08-17 14:32 - 00000000 ____D C:\Users\Bine\AppData\Local\SpiderOak 2015-08-17 14:31 - 2015-08-17 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpiderOakONE 2015-08-17 14:31 - 2015-08-17 14:31 - 00000000 ____D C:\Program Files\SpiderOakONE 2015-08-17 14:19 - 2015-08-17 14:19 - 26113560 _____ C:\Users\Bine\Downloads\SpiderOakONESetup-6.0.exe 2015-08-12 17:05 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 13:54 - 2015-07-28 15:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-08-12 13:54 - 2015-07-28 15:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-08-12 13:54 - 2015-07-28 15:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-08-12 13:54 - 2015-07-28 15:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-08-12 13:54 - 2015-07-28 15:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-08-12 13:54 - 2015-07-28 15:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-08-12 13:54 - 2015-07-28 15:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-08-12 13:54 - 2015-07-28 14:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-08-12 13:54 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-08-12 13:54 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-08-12 13:54 - 2015-07-20 12:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-08-12 13:54 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-12 13:54 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-12 13:54 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-12 13:54 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-08-12 13:53 - 2015-07-16 14:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-12 13:53 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-08-12 13:53 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-12 13:53 - 2015-07-15 12:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-08-12 13:53 - 2015-07-15 12:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-12 13:53 - 2015-07-15 12:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-08-12 13:53 - 2015-07-15 12:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-08-12 13:53 - 2015-07-15 12:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-08-12 13:53 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-08-12 13:53 - 2015-07-15 12:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-08-12 13:53 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-08-12 13:53 - 2015-07-15 12:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-12 13:53 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-08-12 13:53 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-08-12 13:53 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-08-12 13:53 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-08-12 13:53 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-08-12 13:53 - 2015-07-15 11:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-08-12 13:53 - 2015-07-15 11:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-08-12 13:53 - 2015-07-15 11:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-08-12 13:52 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-12 13:52 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-12 13:52 - 2015-07-30 12:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-12 13:52 - 2015-07-30 12:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-08-12 13:52 - 2015-07-30 12:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-12 13:52 - 2015-07-30 12:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-08-12 13:52 - 2015-07-30 12:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-08-12 13:52 - 2015-07-30 11:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-12 13:52 - 2015-07-30 11:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-12 13:52 - 2015-07-20 19:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-08-12 13:52 - 2015-07-16 15:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-08-12 13:52 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-12 13:52 - 2015-07-16 14:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-08-12 13:52 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-12 13:52 - 2015-07-16 14:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-08-12 13:52 - 2015-07-16 14:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-08-12 13:52 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-12 13:52 - 2015-07-16 14:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-12 13:52 - 2015-07-16 14:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-08-12 13:52 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-12 13:52 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-12 13:52 - 2015-07-16 14:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-12 13:52 - 2015-07-16 14:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-08-12 13:52 - 2015-07-16 14:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-08-12 13:52 - 2015-07-16 14:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-08-12 13:52 - 2015-07-16 14:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-12 13:52 - 2015-07-16 14:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-08-12 13:52 - 2015-07-16 14:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-08-12 13:52 - 2015-07-16 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-12 13:52 - 2015-07-16 14:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-12 13:52 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-12 13:52 - 2015-07-16 14:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-08-12 13:52 - 2015-07-16 14:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-08-12 13:52 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-12 13:52 - 2015-07-16 14:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-12 13:52 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-12 13:52 - 2015-07-16 14:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-08-12 13:52 - 2015-07-16 14:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-08-12 13:52 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-12 13:52 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-12 13:52 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-08-12 13:52 - 2015-07-16 10:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2015-08-12 13:51 - 2015-07-14 21:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-12 13:51 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-12 13:51 - 2015-05-09 13:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-08-12 13:40 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-12 13:40 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-12 13:40 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-08-12 13:40 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-08-11 11:49 - 2015-08-11 11:49 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-08-11 11:45 - 2015-08-31 12:50 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3862519716-2807753652-4247563606-1000UA.job 2015-08-11 11:45 - 2015-08-31 12:01 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3862519716-2807753652-4247563606-1000Core.job 2015-08-11 11:45 - 2015-08-11 11:45 - 00000000 ____D C:\Users\Bine\AppData\Local\Dropbox 2015-08-11 11:45 - 2015-08-11 11:45 - 00000000 ____D C:\ProgramData\Dropbox 2015-08-10 15:44 - 2015-08-10 15:53 - 46242307 _____ C:\Users\Bine\Downloads\Fotos Tapachula.zip 2015-08-07 16:08 - 2015-08-07 16:08 - 00000000 ____D C:\Users\Bine\Documents\Scientific Software 2015-08-07 16:08 - 2015-08-07 16:08 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Scientific Software 2015-08-07 16:05 - 2015-08-07 16:05 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATLAS.ti.lnk 2015-08-07 16:05 - 2015-08-07 16:05 - 00002147 _____ C:\Users\Public\Desktop\ATLAS.ti.lnk 2015-08-07 16:05 - 2015-08-07 16:05 - 00000000 ____D C:\Users\Public\Documents\Scientific Software 2015-08-07 16:05 - 2015-08-07 16:05 - 00000000 ____D C:\ProgramData\Scientific Software 2015-08-07 16:05 - 2015-08-07 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scientific Software 2015-08-07 16:05 - 2015-08-07 16:05 - 00000000 ____D C:\Program Files\Scientific Software ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-08-31 13:28 - 2014-12-14 09:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-31 13:19 - 2014-02-13 02:13 - 01618158 _____ C:\Windows\WindowsUpdate.log 2015-08-31 08:41 - 2009-07-13 23:34 - 00025328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-31 08:41 - 2009-07-13 23:34 - 00025328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-31 08:25 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-30 18:09 - 2011-07-19 05:11 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Skype 2015-08-29 10:11 - 2012-09-02 03:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-29 10:09 - 2015-03-16 11:46 - 00000000 ___RD C:\Users\Bine\Documents\SpiderOak Hive 2015-08-29 10:04 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Default 2015-08-29 10:04 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public 2015-08-29 09:59 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini 2015-08-27 22:11 - 2011-07-14 03:02 - 00000000 ____D C:\Users\Bine 2015-08-27 21:24 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\TAPI 2015-08-27 20:34 - 2011-07-14 03:05 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-27 18:55 - 2014-10-06 05:29 - 00000000 ____D C:\Users\Bine\Documents\Diversität LAI 2015-08-27 11:42 - 2013-01-24 08:36 - 00000000 ____D C:\Users\Bine\Documents\Citavi 3 2015-08-26 12:03 - 2011-07-14 05:12 - 00000000 ____D C:\Users\Bine\AppData\Local\Adobe 2015-08-26 12:02 - 2012-11-03 06:40 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-08-26 12:02 - 2011-07-17 10:33 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-08-26 07:57 - 2013-07-30 10:48 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-08-26 07:57 - 2013-07-30 10:48 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-08-22 21:07 - 2015-05-22 10:28 - 00000000 ____D C:\Users\Bine\.freemind 2015-08-20 09:02 - 2014-09-22 12:06 - 00000000 ___RD C:\Program Files\Skype 2015-08-20 09:01 - 2011-07-19 05:08 - 00000000 ____D C:\ProgramData\Skype 2015-08-17 19:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache 2015-08-12 21:58 - 2009-07-13 23:33 - 00448136 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-12 21:55 - 2014-12-12 03:51 - 00000000 ____D C:\Windows\system32\appraiser 2015-08-12 21:55 - 2014-05-02 02:06 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-08-12 21:55 - 2009-07-14 03:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE 2015-08-12 21:55 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\de-DE 2015-08-12 17:40 - 2014-12-11 06:03 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-12 17:27 - 2013-08-16 02:45 - 00000000 ____D C:\Windows\system32\MRT 2015-08-12 17:19 - 2011-08-02 02:02 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-11 14:17 - 2009-07-13 23:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-08-11 11:52 - 2012-08-29 09:03 - 00000000 ___RD C:\Users\Bine\Dropbox 2015-08-11 11:51 - 2012-08-29 08:58 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Dropbox 2015-08-03 21:41 - 2013-01-24 08:25 - 00000000 ____D C:\Users\Bine\AppData\Roaming\Swiss Academic Software 2015-08-03 10:11 - 2011-07-14 03:40 - 00000000 ____D C:\Windows\Panther 2015-08-03 09:59 - 2015-07-10 08:39 - 00000000 ____D C:\$Windows.~BT 2015-08-02 12:44 - 2015-04-13 14:43 - 00000000 ___SD C:\Windows\system32\GWX ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-03-14 13:41 - 2015-03-15 05:55 - 0007598 _____ () C:\Users\Bine\AppData\Local\resmon.resmoncfg Einige Dateien in TEMP: ==================== C:\Users\Bine\AppData\Local\Temp\avgnt.exe C:\Users\Bine\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-22 10:01 ==================== Ende vom FRST.txt ============================ |
|
01.09.2015, 17:25
| #10 |
| /// the machine /// TB-Ausbilder | USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) Screenshot bitte von dem was Du auf den Sticks siehst.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.09.2015, 23:14
| #11 |
| | USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) Hallo Schrauber, also, das sieht so aus: |
|
02.09.2015, 18:02
| #12 |
| /// the machine /// TB-Ausbilder | USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) Systemsteuerung > Ordneroptionen > versteckte DAteien anzeigen lassen und Haken raus bei geschützte Dateien ausblenden, dann nochmal Screenshots bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.09.2015, 20:55
| #13 |
| | USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) Danke, jetzt kann ich wieder auf die Dateien zugreifen. Aber sieht noch komisch aus. |
|
03.09.2015, 18:13
| #14 |
| /// the machine /// TB-Ausbilder | USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) Genau wie auf den Screenshots musst du in die Ordner gehen. Die Random Datei und die IndexerVolumeGuid löschen, und deine Dateien in einen Ordner auf den Desktop kopieren. Dann den Stick formatieren. Dateien wieder zurück schieben.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.09.2015, 21:46
| #15 |
| | USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) Fein! Jetzt sieht alles wieder schick aus  Muss ich jetzt noch irgendwas machen / beachten, oder sind wir durch? |
|
| Themen zu USB-Sticks zeigen Verknüpfung zu sich selbst statt Dateien an (Windows 7) |
| adobe, antivir, defender, dnsapi.dll, downloader, error, excel, firefox, flash player, google, helper, homepage, mozilla, mp3, prozesse, registry, rundll, scan, security, services.exe, software, svchost.exe, system, udp, windows, windows xp |
WARNUNG an die MITLESER: 
Linear-Darstellung
