Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 25.05.2016, 21:39   #1
Tori22
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden



Liebes Trojaner-Team,

vor ca. einer Woche habe ich an einer Online-Umfrage (Programm: Software Unipark), die ich im Rahmen meiner Masterarbeit an der Uni erstellt habe, gearbeitet. Ganz plötzlich und unerwartet kam eine Meldung, dass der PC mit einem Virus infiziert ist:
Windows-Firewall INFECTED !!

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT (Network Threat Protection) Kernel gefunden

Virus Quelle: kostenlose Spiele, Porno-Websites, und Dritte Internet-Suche. Bitte besuchen Sie das nächste Windows Service-Center oder rufen Sie unter: 0-800-182-5584 (gebührenfrei)

Seitdem habe ich ständig derartige Meldungen am Computer und er stürzt oft von alleine ab. Ich habe meinen Laptop zur Benutzerberatung der Uni gebracht und der Laptop wurde mit dem AdwCleaner auf Viren überprüft. Das Programm hat eine Reihe von Viren entdeckt, allerdings konnten diese nicht entfernt werden.
Nun bin ich verzweifelt und benötige Eure Hilfe.

Liebe Grüße
Ludmilla

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:19-05-2016
durchgeführt von user (Administrator) auf USER-PC (20-05-2016 23:25:31)
Gestartet von C:\Users\user\Desktop
Geladene Profile: user (Verfügbare Profile: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\ProgramData\Guntony\protect\protect.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_242_ActiveX.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1027472 2015-12-23] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-31] (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{36398523-7615-4AF2-A2A6-A18130B35576}: [DhcpNameServer] 192.168.3.2
Tcpip\..\Interfaces\{9D540E77-56BB-4FAB-9711-18067F181277}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=0003446E&OHP=http%3A%2F%2Fwww.msn.com%2F%3Fpc%3DMSSE&OSP=http%3A%2F%2Fdo%2Dsearch.com%2Fweb%2F%3Futm%5Fsource%3Db%26utm%5Fmedium%3D%26utm%5Fcampaign%3Dinstall%5Fie%26utm%5Fcontent%3Dds%26from%3D%26uid%3DST500DM002%2D1BC142%5FW2A27G6AXXXXW2A27G6A%26ts%3D1420373293%26type%3Ddefault%26q%3D%7BsearchTerms%7D
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229
FF Homepage: hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q
FF NewTab: hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Extension: xRocket Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com [2016-05-16] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-29]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-05-13]
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q
CHR StartupUrls: Default -> "hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q" 
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-06]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-06]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-06]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-06]
CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-06]
CHR Extension: (Google Tabellen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-06]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-06]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Citavi Picker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-05-02]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 Guntony_protect; C:\ProgramData\Guntony\protect\protect.exe [302976 2016-05-12] ()
S2 Guntony_update; C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [473472 2016-05-12] ()
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-03] (Elex do Brasil Participações Ltda)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Datei ist nicht signiert]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141920 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-04-04] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-03] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-03] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-04-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-03] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-06-30] (Elex do Brasil Participações Ltda)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-04-20] (Cisco Systems, Inc.)
R2 zntport; C:\Windows\system32\drivers\zntport.sys [13880 2007-12-22] (Zeal SoftStudio)
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-20 23:21 - 2016-05-20 23:24 - 00025693 _____ C:\Users\user\Desktop\Addition.txt
2016-05-20 23:14 - 2016-05-20 23:25 - 00019306 _____ C:\Users\user\Desktop\FRST.txt
2016-05-20 23:13 - 2016-05-20 23:25 - 00000000 ____D C:\FRST
2016-05-20 23:12 - 2016-05-20 23:12 - 02382336 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-05-20 23:06 - 2015-06-30 04:50 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2016-05-20 23:04 - 2016-05-20 23:04 - 00000000 ____D C:\Users\user\AppData\Roaming\Elex-tech
2016-05-20 22:17 - 2016-05-20 22:17 - 00000124 _____ C:\Users\user\Desktop\Singles und Partnersuche bei NEU.DE.url
2016-05-20 14:11 - 2016-05-20 23:00 - 00000000 ____D C:\AdwCleaner
2016-05-20 14:11 - 2016-05-17 13:55 - 03651136 _____ C:\Users\user\Desktop\adwcleaner_5.117.exe
2016-05-18 23:49 - 2016-05-18 23:49 - 00000209 _____ C:\Users\user\Desktop\KenFM-Positionen 1 Krieg oder Frieden in Europa - Wer bestimmt auf dem Kontinent - YouTube.url
2016-05-17 16:12 - 2016-05-17 16:12 - 00000201 _____ C:\Users\user\Desktop\Startseite.url
2016-05-16 15:54 - 2016-05-16 15:54 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
2016-05-16 15:45 - 2016-04-04 17:07 - 00154816 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-05-16 15:45 - 2016-04-04 17:07 - 00141920 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-05-16 15:45 - 2016-04-04 17:07 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-05-16 15:45 - 2016-04-04 17:07 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-05-16 15:39 - 2016-05-16 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-16 15:39 - 2016-05-16 15:39 - 00001210 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\ProgramData\Avira
2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\Program Files (x86)\Avira
2016-05-16 10:26 - 2016-05-16 10:26 - 00000000 ____D C:\ProgramData\Guntony
2016-05-16 10:25 - 2016-05-20 14:17 - 00000000 ____D C:\Windows\system32\log
2016-05-16 10:24 - 2016-05-16 10:24 - 00014744 _____ C:\Windows\System32\Tasks\GuntonyBrowserUpdateUA
2016-05-16 10:24 - 2016-05-16 10:24 - 00014726 _____ C:\Windows\System32\Tasks\GuntonyCheckTask
2016-05-16 10:24 - 2016-05-16 10:24 - 00003804 _____ C:\Windows\System32\Tasks\GuntonyBrowserUpdateCore
2016-05-16 10:24 - 2016-05-16 10:24 - 00000000 ____D C:\Users\user\AppData\Local\Guntony
2016-05-16 10:24 - 2016-05-16 10:24 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2016-05-16 10:23 - 2016-05-20 14:27 - 00000000 ____D C:\Program Files (x86)\Guntony
2016-05-16 10:23 - 2016-05-16 10:23 - 00002102 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-16 10:23 - 2016-05-16 10:23 - 00000000 ____D C:\Users\Public\Documents\Guntony
2016-05-15 22:41 - 2016-05-15 23:09 - 00000000 ____D C:\Users\user\Desktop\15.05.16
2016-05-15 20:17 - 2016-05-18 09:56 - 00000000 ____D C:\Users\user\Desktop\Theorie_MA
2016-05-14 17:41 - 2016-05-14 17:43 - 00000000 ____D C:\Users\user\Desktop\SPSS_16
2016-05-13 07:37 - 2016-05-15 18:36 - 00000000 ____D C:\Users\user\Documents\Citavi 5
2016-05-13 07:37 - 2016-05-13 07:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Swiss Academic Software
2016-05-13 07:36 - 2016-05-13 07:36 - 00001961 _____ C:\Users\Public\Desktop\Citavi 5.lnk
2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5
2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\Program Files (x86)\Citavi 5
2016-05-11 19:07 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 19:07 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 19:07 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 19:07 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 19:07 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 19:07 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 19:07 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 19:07 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 19:07 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 19:07 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 19:07 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 19:07 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 19:07 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 19:07 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 19:07 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 19:07 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 19:07 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 19:07 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 19:07 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 19:07 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 19:07 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 19:07 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 19:07 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 19:07 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 19:07 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 19:07 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 19:07 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 19:07 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 19:07 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 19:07 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 19:07 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 19:07 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 19:07 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 19:07 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 19:07 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 19:07 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 19:07 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 19:06 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 19:06 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 19:06 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 19:06 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 19:06 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 19:06 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 19:06 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 19:06 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 19:06 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 19:06 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 19:06 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 19:06 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 19:06 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 19:06 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 19:06 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 19:06 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 19:06 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 19:06 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 19:06 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 19:06 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 19:06 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 19:06 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 19:06 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 19:06 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 19:06 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 19:06 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 19:06 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 19:06 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 19:06 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 19:04 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 19:04 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 19:04 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 19:03 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 19:03 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 19:03 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 19:02 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 19:02 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 19:02 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 19:02 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 19:02 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 19:02 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 19:02 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 18:58 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 18:58 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 18:58 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 18:58 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 18:58 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 18:58 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 18:58 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 18:58 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 18:58 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 18:58 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 18:58 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 18:58 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 18:58 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 18:58 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 18:58 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 18:58 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 18:58 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 18:58 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 18:58 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 18:58 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 18:58 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 18:58 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 18:58 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 18:58 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 18:57 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 18:57 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-04 21:59 - 2016-05-17 19:30 - 00000000 ____D C:\Users\user\Desktop\MA schreiben
2016-05-04 15:28 - 2016-05-04 15:28 - 00000143 _____ C:\Users\user\Desktop\Osteopathie.url
2016-05-02 20:24 - 2016-05-13 07:37 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2016-05-01 18:44 - 2016-05-17 13:50 - 00000000 ____D C:\Users\user\Desktop\Notizen
2016-04-24 21:35 - 2016-05-16 09:50 - 00000000 ____D C:\Users\user\Desktop\cad
2016-04-24 14:36 - 2016-05-15 20:09 - 00000000 ____D C:\Users\user\Desktop\SRP
2016-04-23 08:41 - 2016-02-05 20:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-23 08:41 - 2016-02-05 20:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-23 08:41 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-23 08:41 - 2015-06-03 22:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-20 23:15 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-20 23:15 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-20 23:04 - 2016-04-06 18:39 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-20 23:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-20 22:54 - 2015-03-15 14:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-20 22:52 - 2016-04-06 18:39 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-20 14:04 - 2009-07-27 11:10 - 00699342 _____ C:\Windows\system32\perfh007.dat
2016-05-20 14:04 - 2009-07-27 11:10 - 00149450 _____ C:\Windows\system32\perfc007.dat
2016-05-20 14:04 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-20 14:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-20 14:01 - 2015-03-27 09:03 - 00000000 ____D C:\Users\user\Desktop\fotos
2016-05-20 11:47 - 2015-03-19 15:25 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner
2016-05-20 10:21 - 2016-04-06 17:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-20 07:01 - 2015-03-18 11:48 - 00000000 ____D C:\Users\user\Desktop\Eigene Dateien
2016-05-16 15:37 - 2016-01-14 00:17 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-16 10:23 - 2016-04-06 18:40 - 00002054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-14 16:27 - 2015-07-13 18:01 - 00000000 ____D C:\Users\user\Desktop\Prüfung
2016-05-13 20:54 - 2015-05-24 19:54 - 00000000 ____D C:\Users\user\Desktop\Uni_2015
2016-05-13 07:32 - 2014-01-25 21:04 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2016-05-13 07:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-05-12 21:55 - 2015-03-15 14:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-12 21:54 - 2015-03-15 14:28 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-12 21:54 - 2015-03-15 14:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 17:16 - 2015-03-15 20:06 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 08:08 - 2009-07-14 06:45 - 00414280 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 08:04 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 23:56 - 2013-10-30 12:16 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 23:19 - 2013-10-30 12:16 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 18:10 - 2015-10-14 11:11 - 00000000 ____D C:\Users\user\Desktop\masterarbeit
2016-05-11 07:47 - 2016-04-06 18:39 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 07:46 - 2016-04-06 18:39 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 22:22 - 2016-04-06 17:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-08 14:10 - 2016-01-15 22:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Millisecond Software
2016-05-06 09:36 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-06 09:36 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-04 23:24 - 2014-07-06 12:11 - 00000000 ____D C:\Users\user\Desktop\Uni
2016-04-24 23:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-23 10:09 - 2014-03-11 18:10 - 01593564 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-21 15:05 - 2013-10-30 11:21 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Einige Dateien in TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-18 08:54

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:19-05-2016
durchgeführt von user (2016-05-20 23:27:39)
Gestartet von C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-10-30 09:00:08)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1718339690-3013972182-446857107-500 - Administrator - Disabled)
Gast (S-1-5-21-1718339690-3013972182-446857107-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1718339690-3013972182-446857107-1002 - Limited - Enabled)
user (S-1-5-21-1718339690-3013972182-446857107-1000 - Administrator - Enabled) => C:\Users\user

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden
Brother MFL-Pro Suite DCP-7055W (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.2.01035 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.2.01035 - Cisco Systems, Inc.) Hidden
Citavi 5  (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deutsche Grammatik (HKLM-x32\...\Deutsche Grammatik_is1) (Version:  - Magnamedia)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.18.07 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MediaLab Research Software v2012 (HKLM-x32\...\{67350CFB-529E-4173-91DC-0AE79DEE1ACC}) (Version: 20.12.4.131 - Empirisoft Corporation)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{DA715959-CFF1-48A2-B3BB-98B9E569C6AC}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinZip (HKLM-x32\...\WinZip) (Version: 2.0.39 - Winzipper Pvt Ltd.) <==== ACHTUNG
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02913145-BEBF-4240-AC37-A7F08F3F748E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {07FB5B5B-8A2D-4A9E-AD85-EB5FD6AF1789} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {2A348BC6-66EA-43AD-8F71-0470B11747E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {5ED97A44-9BAC-4B08-AA04-1069146C9288} - System32\Tasks\GuntonyBrowserUpdateCore => C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [2016-05-12] () <==== ACHTUNG
Task: {7E1A5E0C-D3B1-45BF-BB0C-28E1632744FC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {A8F6F5A3-4864-4473-AB42-C1B7C19A62E7} - System32\Tasks\GuntonyBrowserUpdateUA => C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [2016-05-12] () <==== ACHTUNG
Task: {BD77D142-0DB2-42E3-B606-03C3771D3D92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {D88946E8-79B6-4C3D-885C-B78CC3CF1B02} - System32\Tasks\GuntonyCheckTask => C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [2016-05-12] () <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-02-12 23:13 - 2016-02-12 23:13 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2016-05-16 10:23 - 2016-05-12 10:08 - 00302976 _____ () C:\ProgramData\Guntony\protect\protect.exe
2016-05-16 10:25 - 2016-05-03 11:12 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2016-05-16 10:25 - 2015-06-30 04:50 - 00176976 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2016-05-16 10:25 - 2015-06-30 04:50 - 00087744 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2015-12-23 15:33 - 2015-12-23 15:33 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-05-16 10:25 - 2016-05-03 11:12 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2014-07-17 21:44 - 2009-02-27 14:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{7F0883AE-4217-472B-A0B7-A84CCF3D9383}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{13CEAE4F-40BC-4D7C-9082-D40ECF266D03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3366C49C-020F-42E9-AF6C-01213720ECA0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D2DF957A-0F99-4A9E-A649-2F073FCF7C48}] => (Allow) C:\ProgramData\Guntony\protect\protect.exe
FirewallRules: [{1B37851A-C72D-4876-990F-AC01CD36DFC1}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
FirewallRules: [{86542B32-4B41-4FCA-946D-16ADAE498F7C}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe

==================== Wiederherstellungspunkte =========================

05-05-2016 23:06:11 Windows Update
06-05-2016 09:35:49 Windows Update
10-05-2016 07:00:25 Windows Update
10-05-2016 23:41:04 Windows Update
11-05-2016 23:05:25 Windows Update
12-05-2016 17:16:21 Windows Update
13-05-2016 07:33:44 Installed Citavi 5 .

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/20/2016 11:15:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003225d6
ID des fehlerhaften Prozesses: 0x66c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/20/2016 11:02:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003225d6
ID des fehlerhaften Prozesses: 0x1304
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/20/2016 11:01:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003225d6
ID des fehlerhaften Prozesses: 0x10cc
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/20/2016 11:00:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003225d6
ID des fehlerhaften Prozesses: 0xd54
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/20/2016 10:59:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003225d6
ID des fehlerhaften Prozesses: 0xc70
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/19/2016 06:45:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003225d6
ID des fehlerhaften Prozesses: 0x1380
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/18/2016 12:19:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003225d6
ID des fehlerhaften Prozesses: 0x5c8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/18/2016 09:19:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003225d6
ID des fehlerhaften Prozesses: 0x1094
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/18/2016 09:18:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003225d6
ID des fehlerhaften Prozesses: 0xcf8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/18/2016 09:18:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003225d6
ID des fehlerhaften Prozesses: 0x12bc
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3


Systemfehler:
=============
Error: (05/20/2016 11:06:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "YAC NDIS Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/20/2016 11:06:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
iSafeNetFilter

Error: (05/20/2016 11:00:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Protect Service(Guntony_protect)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/20/2016 11:00:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/20/2016 11:00:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/20/2016 11:00:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BrYNSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/20/2016 11:00:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/20/2016 11:00:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/20/2016 11:00:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDFProFiltSrvPP" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/20/2016 11:00:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Prozentuale Nutzung des RAM: 37%
Installierter physikalischer RAM: 4056.56 MB
Verfügbarer physikalischer RAM: 2545.35 MB
Summe virtueller Speicher: 8111.3 MB
Verfügbarer virtueller Speicher: 6055.13 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:150.36 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D6776FFD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
Code:
ATTFilter
Emsisoft Anti-Malware - Version 11.7.0.6394
Letztes Update: 24.05.2016 16:12:40
Benutzerkonto: user-PC\user

Scaneinstellungen:

Scantyp: Malware-Scan
Objekte: Rootkits, Speicher, Traces, Dateien

Erkenne PUPs: Aus
Archive scannen: Aus
ADS-Scan: An
Dateierweiterungen: Aus
Advanced Caching: An
Direct Disk Access: Aus

Scan Beginn:	24.05.2016 16:16:03
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} 	 Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} 	 Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\APPLICATION\WPM 	 Application.AdShort (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\APPLICATION\WPM 	 Application.AdShort (A)
C:\Users\user\AppData\Local\Temp\ist17C5.tmp\OmigaZip_patch\wzShellctx64.dll 	 Trojan.GenericKD.3204865 (B)
C:\Users\user\AppData\Local\Temp\ist17C5.tmp\OmigaZip_patch\winzipersvc.exe 	 Trojan.GenericKD.3242516 (B)

Gescannt	95597
Gefunden	6

Scan Ende:	24.05.2016 16:42:53
Scanzeit:	0:26:50
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7c2c7255cc359948b0854a388a9f67ff
# end=init
# utc_time=2016-05-24 02:53:18
# local_time=2016-05-24 04:53:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=41221
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7c2c7255cc359948b0854a388a9f67ff
# end=init
# utc_time=2016-05-24 03:38:56
# local_time=2016-05-24 05:38:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 29575
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7c2c7255cc359948b0854a388a9f67ff
# end=updated
# utc_time=2016-05-24 04:47:11
# local_time=2016-05-24 06:47:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=7c2c7255cc359948b0854a388a9f67ff
# engine=29575
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-24 11:39:52
# local_time=2016-05-25 01:39:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 99 41807 4350749 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 745922 215763041 0 0
# scanned=244636
# found=25
# cleaned=25
# scan_time=24759
sh=03EF7E54E63086DE731DE7D5718D4C9F04DF2D61 ft=1 fh=b4ae41b8d891d689 vn="Variante von Win32/ELEX.HU evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir"
sh=194C469880E642387FD6A16E2CBDD22183F85BE6 ft=1 fh=1ac99bc7033e47b0 vn="Variante von Win32/ELEX.HW evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\WinZipper\wzUpg.exe.vir"
sh=0874684898BD2E937EBB456CEA806CB3216C9F49 ft=0 fh=0000000000000000 vn="Win32/ELEX.HU evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\users\user\AppData\Roaming\WinZiper\update\wzp_update_v2.0.16.exe.vir"
sh=D7C1CFAC4300B2D32A85EBA8EED24ECD79629C50 ft=0 fh=0000000000000000 vn="Variante von Win32/ELEX.HU evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\users\user\AppData\Roaming\WinZiper\update\wzp_update_v2.0.39.exe.vir"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Windows\SysNative\drivers\iSafeNetFilter.sys.vir"
sh=23FC768BA59A17A76EF6CED1F4FFCC26F67EB8F2 ft=1 fh=65afe576d276f696 vn="Variante von Win32/ELEX.BP evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iImportLib.dll"
sh=BFC712282D22A4DC02D4594EC5AF71C790347E36 ft=1 fh=91d61e330d1da7f8 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlCall64.dll"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys"
sh=A99A057031BE5E697F08A6B32F08D279C673DB78 ft=1 fh=bf29d5f4060d2337 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeRKScanShell64.dll"
sh=A340BA98EC7BA228D8E66AC55C47F6A0F0FCCBD2 ft=1 fh=92c69192d39a3ccb vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll"
sh=54F84BF7920B818D988BA6A1CDE598FA17F19368 ft=1 fh=4be25ff8c3b8aee8 vn="Variante von Win32/ELEX.CS evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSvc.dll"
sh=04654BF4B65060F9490885A1A7BD435562EA6DE4 ft=1 fh=9c254fd99edfd587 vn="Variante von Win32/ELEX.CQ evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSvc2.dll"
sh=5AF0B98E324EB8D81F97EEE2D11E3F996B5C91F5 ft=1 fh=955761e6ce5527b5 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\ouilibx.dll"
sh=83023BA2BDF35B7534C1B9A5717C82E66FFA4713 ft=1 fh=155a36bb06b48bf7 vn="Variante von Win32/ELEX.DB evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe"
sh=4BAC7EB623632405322CBD8CCDC3DEC06DDB4AC0 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\data\fst.dat"
sh=D7C1CFAC4300B2D32A85EBA8EED24ECD79629C50 ft=0 fh=0000000000000000 vn="Variante von Win32/ELEX.HU evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55WVK17Z\wzp_2016.5.16[1].dat"
sh=73EC77361CCACF77F2125010E7C09A9D54671022 ft=1 fh=44f21e0f798c5bb0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LA01TQVK\Emsisoft Anti Malware - CHIP-Installer.exe"
sh=4709BC60AD30644E4340E12B51C6F39ABAA424B8 ft=1 fh=f95490e65ec6bbab vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\user\AppData\Local\Temp\DMR\dmr_72.exe"
sh=910EF3E9F92D811FA824DEA5F4285F4653DF342D ft=1 fh=5f872e7b04cf450e vn="Variante von Win32/ELEX.HW evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\user\AppData\Local\Temp\ist17C5.tmp\OmigaZip_patch\wzUpg.exe"
sh=03EF7E54E63086DE731DE7D5718D4C9F04DF2D61 ft=1 fh=b4ae41b8d891d689 vn="Variante von Win32/ELEX.HU evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\user\AppData\Local\Temp\ist823C.tmp\tools\wzp\OmigaZip_patch\winzipersvc.exe"
sh=194C469880E642387FD6A16E2CBDD22183F85BE6 ft=1 fh=1ac99bc7033e47b0 vn="Variante von Win32/ELEX.HW evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\user\AppData\Local\Temp\ist823C.tmp\tools\wzp\OmigaZip_patch\wzUpg.exe"
sh=2A479117E8D4FA069EF5271CB37EDDF6C314F7E3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\chrome\content\toolbar.js"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Windows\System32\drivers\iSafeNetFilter.sys"
sh=2FBB4A5BCB76B20040AC36355679F301D31F1809 ft=1 fh=dbb82f17f8f59ab1 vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\zipa[1].exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/ELEX.BP evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart))" ac=C fn="${Memory}"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7c2c7255cc359948b0854a388a9f67ff
# end=init
# utc_time=2016-05-25 04:54:23
# local_time=2016-05-25 06:54:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 29587
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7c2c7255cc359948b0854a388a9f67ff
# end=updated
# utc_time=2016-05-25 04:57:47
# local_time=2016-05-25 06:57:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=7c2c7255cc359948b0854a388a9f67ff
# engine=29587
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-25 05:07:15
# local_time=2016-05-25 07:07:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 99 1150 4413593 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 808766 215825885 0 0
# scanned=3974
# found=0
# cleaned=0
# scan_time=567
         
Code:
ATTFilter
# AdwCleaner v5.117 - Bericht erstellt am 25/05/2016 um 19:13:46
# Aktualisiert am 15/05/2016 von Xplode
# Datenbank : 2016-05-23.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : user - USER-PC
# Gestartet von : C:\Users\user\Desktop\adwcleaner_5.117.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****

Dienst gefunden : iSafeKrnl
Dienst gefunden : iSafeKrnlBoot
Dienst gefunden : iSafeKrnlKit
Dienst gefunden : iSafeKrnlMon
Dienst gefunden : iSafeKrnlR3
Dienst gefunden : iSafeNetFilter
Dienst gefunden : iSafeService

***** [ Ordner ] *****

Ordner gefunden : C:\Program Files (x86)\Elex-tech
Ordner gefunden : C:\users\user\AppData\Roaming\Elex-tech

***** [ Dateien ] *****

Datei gefunden : C:\Windows\SysNative\drivers\iSafeNetFilter.sys

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel gefunden : HKCU\Software\OCS
Schlüssel gefunden : HKLM\SOFTWARE\Elex-tech
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Schlüssel gefunden : HKU\.DEFAULT\Software\Elex-tech
Schlüssel gefunden : HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\OCS
Schlüssel gefunden : HKU\S-1-5-18\Software\Elex-tech
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\eshopcomp.com
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.eshopcomp.com
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com

***** [ Internetbrowser ] *****

[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.alias", "");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://www.nicesearches.com/favicon.ico?t=1");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.name", "nice ");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.ptid", "wpm07153");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.ref", "");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.ts", "1463387536");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.type", "");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.uid", "fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.url", "hxxp://www.nicesearches.com/search.php?type=ds&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c[...]
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("extensions.quick_start.enable_search1", false);
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.startup.homepage", "hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.newtab.url", "hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q");
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] gefunden : hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] gefunden : hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [9941 Bytes] - [20/05/2016 14:16:23]
C:\AdwCleaner\AdwCleaner[C2].txt - [5707 Bytes] - [20/05/2016 14:42:45]
C:\AdwCleaner\AdwCleaner[C3].txt - [5685 Bytes] - [20/05/2016 23:00:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [9683 Bytes] - [20/05/2016 14:11:55]
C:\AdwCleaner\AdwCleaner[S2].txt - [5330 Bytes] - [20/05/2016 14:37:10]
C:\AdwCleaner\AdwCleaner[S3].txt - [5374 Bytes] - [20/05/2016 22:57:53]
C:\AdwCleaner\AdwCleaner[S4].txt - [6076 Bytes] - [25/05/2016 19:13:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [6149 Bytes] ##########
         

Alt 25.05.2016, 22:31   #2
M-K-D-B
/// TB-Ausbilder
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:



Schritt 1
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.




Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________


Alt 25.05.2016, 23:23   #3
Tori22
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT



Vielen lieben Dank für Ihre schnelle Antwort!

Hier die Untersuchungsergebnisse:

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01
durchgeführt von user (Administrator) auf USER-PC (25-05-2016 23:36:56)
Gestartet von C:\Users\user\Desktop
Geladene Profile: user (Verfügbare Profile: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
() C:\ProgramData\Guntony\protect\protect.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_242_ActiveX.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9405904 2016-04-26] (Emsisoft Ltd)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1027472 2015-12-23] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-31] (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{36398523-7615-4AF2-A2A6-A18130B35576}: [DhcpNameServer] 192.168.3.2
Tcpip\..\Interfaces\{9D540E77-56BB-4FAB-9711-18067F181277}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229
FF Homepage: hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q
FF NewTab: hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Extension: xRocket Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com [2016-05-16] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-29]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-05-13]
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q
CHR StartupUrls: Default -> "hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q" 
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-06]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-06]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-06]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-06]
CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-06]
CHR Extension: (Google Tabellen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-06]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-06]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Citavi Picker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-05-02]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [11341584 2016-04-26] (Emsisoft Ltd)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 Guntony_protect; C:\ProgramData\Guntony\protect\protect.exe [302976 2016-05-12] ()
S2 Guntony_update; C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [473472 2016-05-12] ()
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-03] (Elex do Brasil Participações Ltda)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Datei ist nicht signiert]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141920 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-04-04] (Avira Operations GmbH & Co. KG)
S3 eapihdrv; C:\Users\user\AppData\Local\Temp\ehdrv.sys [135760 2016-05-25] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [126280 2016-04-07] (Emsisoft Ltd)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-03] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-03] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-04-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-03] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-06-30] (Elex do Brasil Participações Ltda)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-04-20] (Cisco Systems, Inc.)
R2 zntport; C:\Windows\system32\drivers\zntport.sys [13880 2007-12-22] (Zeal SoftStudio)
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-25 23:36 - 2016-05-25 23:36 - 00000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2016-05-25 23:24 - 2016-05-25 23:24 - 00000209 _____ C:\Users\user\Desktop\Trojaner-Board - Suchergebnisse.url
2016-05-25 07:50 - 2015-06-30 04:50 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2016-05-24 16:53 - 2016-05-24 16:53 - 00000000 ____D C:\Program Files (x86)\ESET
2016-05-24 16:46 - 2016-05-24 16:46 - 00002348 _____ C:\Users\user\Desktop\scan_160524-161603_Emsosoft.txt
2016-05-24 16:42 - 2016-05-24 16:42 - 00000000 ____D C:\ProgramData\Emsisoft
2016-05-24 15:57 - 2016-05-24 15:57 - 00000896 _____ C:\Users\user\Desktop\Emsisoft Anti-Malware.lnk
2016-05-24 15:57 - 2016-05-24 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-05-24 15:52 - 2016-05-25 22:40 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-05-23 23:30 - 2016-05-25 21:57 - 00000000 ____D C:\Users\user\Desktop\forum
2016-05-23 22:43 - 2016-05-23 22:43 - 00284818 _____ C:\Users\user\Desktop\Anti-Malware.txt
2016-05-23 20:56 - 2016-05-23 23:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-23 20:53 - 2016-05-23 20:53 - 00001102 _____ C:\Users\user\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-23 20:53 - 2016-05-23 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-23 20:53 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-23 20:53 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-23 20:53 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-23 20:52 - 2016-05-23 20:53 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-05-23 19:29 - 2016-05-23 19:29 - 00095558 _____ C:\Users\user\Desktop\Ereignisse_Avira.txt
2016-05-20 23:29 - 2016-05-20 23:29 - 00000239 _____ C:\Users\user\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten.url
2016-05-20 23:21 - 2016-05-20 23:29 - 00025693 _____ C:\Users\user\Desktop\Addition.txt
2016-05-20 23:14 - 2016-05-25 23:36 - 00019542 _____ C:\Users\user\Desktop\FRST.txt
2016-05-20 23:13 - 2016-05-25 23:36 - 00000000 ____D C:\FRST
2016-05-20 23:12 - 2016-05-25 23:36 - 02383360 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-05-20 23:04 - 2016-05-20 23:04 - 00000000 ____D C:\Users\user\AppData\Roaming\Elex-tech
2016-05-20 22:17 - 2016-05-20 22:17 - 00000124 _____ C:\Users\user\Desktop\Singles und Partnersuche bei NEU.DE.url
2016-05-20 14:11 - 2016-05-25 19:13 - 00000000 ____D C:\AdwCleaner
2016-05-20 14:11 - 2016-05-17 13:55 - 03651136 _____ C:\Users\user\Desktop\adwcleaner_5.117.exe
2016-05-18 23:49 - 2016-05-18 23:49 - 00000209 _____ C:\Users\user\Desktop\KenFM-Positionen 1 Krieg oder Frieden in Europa - Wer bestimmt auf dem Kontinent - YouTube.url
2016-05-17 16:12 - 2016-05-17 16:12 - 00000201 _____ C:\Users\user\Desktop\Startseite.url
2016-05-16 15:54 - 2016-05-16 15:54 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira
2016-05-16 15:45 - 2016-04-04 17:07 - 00154816 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-05-16 15:45 - 2016-04-04 17:07 - 00141920 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-05-16 15:45 - 2016-04-04 17:07 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-05-16 15:45 - 2016-04-04 17:07 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-05-16 15:39 - 2016-05-16 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-16 15:39 - 2016-05-16 15:39 - 00001210 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\ProgramData\Avira
2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\Program Files (x86)\Avira
2016-05-16 10:26 - 2016-05-16 10:26 - 00000000 ____D C:\ProgramData\Guntony
2016-05-16 10:25 - 2016-05-20 14:17 - 00000000 ____D C:\Windows\system32\log
2016-05-16 10:24 - 2016-05-16 10:24 - 00014744 _____ C:\Windows\System32\Tasks\GuntonyBrowserUpdateUA
2016-05-16 10:24 - 2016-05-16 10:24 - 00014726 _____ C:\Windows\System32\Tasks\GuntonyCheckTask
2016-05-16 10:24 - 2016-05-16 10:24 - 00003804 _____ C:\Windows\System32\Tasks\GuntonyBrowserUpdateCore
2016-05-16 10:24 - 2016-05-16 10:24 - 00000000 ____D C:\Users\user\AppData\Local\Guntony
2016-05-16 10:24 - 2016-05-16 10:24 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2016-05-16 10:23 - 2016-05-25 23:24 - 00000000 ____D C:\Program Files (x86)\Guntony
2016-05-16 10:23 - 2016-05-16 10:23 - 00002102 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-16 10:23 - 2016-05-16 10:23 - 00000000 ____D C:\Users\Public\Documents\Guntony
2016-05-15 22:41 - 2016-05-15 23:09 - 00000000 ____D C:\Users\user\Desktop\15.05.16
2016-05-15 20:17 - 2016-05-23 15:10 - 00000000 ____D C:\Users\user\Desktop\Theorie_MA
2016-05-14 17:41 - 2016-05-14 17:43 - 00000000 ____D C:\Users\user\Desktop\SPSS_16
2016-05-13 07:37 - 2016-05-15 18:36 - 00000000 ____D C:\Users\user\Documents\Citavi 5
2016-05-13 07:37 - 2016-05-13 07:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Swiss Academic Software
2016-05-13 07:36 - 2016-05-13 07:36 - 00001961 _____ C:\Users\Public\Desktop\Citavi 5.lnk
2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5
2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\Program Files (x86)\Citavi 5
2016-05-11 19:07 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 19:07 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 19:07 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 19:07 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 19:07 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 19:07 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 19:07 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 19:07 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 19:07 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 19:07 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 19:07 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 19:07 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 19:07 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 19:07 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 19:07 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 19:07 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 19:07 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 19:07 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 19:07 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 19:07 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 19:07 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 19:07 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 19:07 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 19:07 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 19:07 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 19:07 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 19:07 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 19:07 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 19:07 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 19:07 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 19:07 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 19:07 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 19:07 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 19:07 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 19:07 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 19:07 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 19:07 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 19:06 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 19:06 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 19:06 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 19:06 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 19:06 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 19:06 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 19:06 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 19:06 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 19:06 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 19:06 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 19:06 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 19:06 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 19:06 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 19:06 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 19:06 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 19:06 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 19:06 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 19:06 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 19:06 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 19:06 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 19:06 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 19:06 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 19:06 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 19:06 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 19:06 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 19:06 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 19:06 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 19:06 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 19:06 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 19:04 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 19:04 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 19:04 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 19:03 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 19:03 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 19:03 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 19:02 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 19:02 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 19:02 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 19:02 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 19:02 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 19:02 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 19:02 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 18:58 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 18:58 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 18:58 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 18:58 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 18:58 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 18:58 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 18:58 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 18:58 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 18:58 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 18:58 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 18:58 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 18:58 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 18:58 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 18:58 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 18:58 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 18:58 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 18:58 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 18:58 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 18:58 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 18:58 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 18:58 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 18:58 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 18:58 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 18:58 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 18:57 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 18:57 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-04 21:59 - 2016-05-17 19:30 - 00000000 ____D C:\Users\user\Desktop\MA schreiben
2016-05-04 15:28 - 2016-05-04 15:28 - 00000143 _____ C:\Users\user\Desktop\Osteopathie.url
2016-05-03 17:40 - 2016-05-11 12:36 - 00000000 ____D C:\Users\user\Desktop\Fachschaft
2016-05-02 20:24 - 2016-05-13 07:37 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2016-05-01 18:44 - 2016-05-17 13:50 - 00000000 ____D C:\Users\user\Desktop\Notizen

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-25 22:54 - 2015-03-15 14:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-25 22:52 - 2016-04-06 18:39 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-25 20:28 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-25 20:28 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-25 12:36 - 2016-04-06 18:39 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-25 12:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-25 07:57 - 2014-07-17 21:44 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2016-05-23 23:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-20 14:04 - 2009-07-27 11:10 - 00699342 _____ C:\Windows\system32\perfh007.dat
2016-05-20 14:04 - 2009-07-27 11:10 - 00149450 _____ C:\Windows\system32\perfc007.dat
2016-05-20 14:04 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-20 14:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-20 14:01 - 2015-03-27 09:03 - 00000000 ____D C:\Users\user\Desktop\fotos
2016-05-20 11:47 - 2015-03-19 15:25 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner
2016-05-20 10:21 - 2016-04-06 17:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-20 07:01 - 2015-03-18 11:48 - 00000000 ____D C:\Users\user\Desktop\Eigene Dateien
2016-05-16 15:37 - 2016-01-14 00:17 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-16 10:23 - 2016-04-06 18:40 - 00002054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-16 09:50 - 2016-04-24 21:35 - 00000000 ____D C:\Users\user\Desktop\cad
2016-05-15 20:09 - 2016-04-24 14:36 - 00000000 ____D C:\Users\user\Desktop\SRP
2016-05-14 16:27 - 2015-07-13 18:01 - 00000000 ____D C:\Users\user\Desktop\Prüfung
2016-05-13 20:54 - 2015-05-24 19:54 - 00000000 ____D C:\Users\user\Desktop\Uni_2015
2016-05-13 07:32 - 2014-01-25 21:04 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2016-05-13 07:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-05-12 21:55 - 2015-03-15 14:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-12 21:54 - 2015-03-15 14:28 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-12 21:54 - 2015-03-15 14:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 17:16 - 2015-03-15 20:06 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 08:08 - 2009-07-14 06:45 - 00414280 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 08:04 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 23:56 - 2013-10-30 12:16 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 23:19 - 2013-10-30 12:16 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 18:10 - 2015-10-14 11:11 - 00000000 ____D C:\Users\user\Desktop\masterarbeit
2016-05-11 07:47 - 2016-04-06 18:39 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 07:46 - 2016-04-06 18:39 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 22:22 - 2016-04-06 17:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-08 14:10 - 2016-01-15 22:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Millisecond Software
2016-05-06 09:36 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-06 09:36 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-04 23:24 - 2014-07-06 12:11 - 00000000 ____D C:\Users\user\Desktop\Uni

Einige Dateien in TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-18 08:54

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-05-2016 01
durchgeführt von user (2016-05-25 23:39:29)
Gestartet von C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-10-30 09:00:08)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1718339690-3013972182-446857107-500 - Administrator - Disabled)
Gast (S-1-5-21-1718339690-3013972182-446857107-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1718339690-3013972182-446857107-1002 - Limited - Enabled)
user (S-1-5-21-1718339690-3013972182-446857107-1000 - Administrator - Enabled) => C:\Users\user

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden
Brother MFL-Pro Suite DCP-7055W (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.2.01035 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.2.01035 - Cisco Systems, Inc.) Hidden
Citavi 5  (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deutsche Grammatik (HKLM-x32\...\Deutsche Grammatik_is1) (Version:  - Magnamedia)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.7 - Emsisoft Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.18.07 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaLab Research Software v2012 (HKLM-x32\...\{67350CFB-529E-4173-91DC-0AE79DEE1ACC}) (Version: 20.12.4.131 - Empirisoft Corporation)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{DA715959-CFF1-48A2-B3BB-98B9E569C6AC}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinZip (HKLM-x32\...\WinZip) (Version: 2.0.39 - Winzipper Pvt Ltd.) <==== ACHTUNG
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02913145-BEBF-4240-AC37-A7F08F3F748E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {07FB5B5B-8A2D-4A9E-AD85-EB5FD6AF1789} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {2A348BC6-66EA-43AD-8F71-0470B11747E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {5ED97A44-9BAC-4B08-AA04-1069146C9288} - System32\Tasks\GuntonyBrowserUpdateCore => C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [2016-05-12] () <==== ACHTUNG
Task: {7E1A5E0C-D3B1-45BF-BB0C-28E1632744FC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {A8F6F5A3-4864-4473-AB42-C1B7C19A62E7} - System32\Tasks\GuntonyBrowserUpdateUA => C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [2016-05-12] () <==== ACHTUNG
Task: {BD77D142-0DB2-42E3-B606-03C3771D3D92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {D88946E8-79B6-4C3D-885C-B78CC3CF1B02} - System32\Tasks\GuntonyCheckTask => C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [2016-05-12] () <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-02-12 23:13 - 2016-02-12 23:13 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2016-05-16 10:23 - 2016-05-12 10:08 - 00302976 _____ () C:\ProgramData\Guntony\protect\protect.exe
2016-05-16 10:25 - 2016-05-03 11:12 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2016-05-16 10:25 - 2015-06-30 04:50 - 00176976 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2016-05-16 10:25 - 2015-06-30 04:50 - 00087744 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2015-12-23 15:33 - 2015-12-23 15:33 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-05-16 10:25 - 2016-05-03 11:12 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2014-07-17 21:44 - 2009-02-27 14:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{7F0883AE-4217-472B-A0B7-A84CCF3D9383}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{13CEAE4F-40BC-4D7C-9082-D40ECF266D03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3366C49C-020F-42E9-AF6C-01213720ECA0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{26406C68-85C1-43A2-8444-E5C51703F242}] => (Allow) C:\ProgramData\Guntony\protect\protect.exe
FirewallRules: [{502CC798-9623-4A5D-936D-69AD1ED7B76D}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
FirewallRules: [{39E47CAE-FF7E-4663-BAD4-5D966767542F}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe

==================== Wiederherstellungspunkte =========================

12-05-2016 17:16:21 Windows Update
13-05-2016 07:33:44 Installed Citavi 5 .
23-05-2016 14:17:37 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/25/2016 08:16:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7189000a
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3

Error: (05/25/2016 07:07:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/25/2016 06:54:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/25/2016 06:54:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/25/2016 06:02:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x717a000a
ID des fehlerhaften Prozesses: 0x12d8
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3

Error: (05/25/2016 05:37:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x717a000a
ID des fehlerhaften Prozesses: 0xc14
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3

Error: (05/25/2016 04:45:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x717c000a
ID des fehlerhaften Prozesses: 0xcfc
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3

Error: (05/25/2016 03:44:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003225d6
ID des fehlerhaften Prozesses: 0x10bc
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/25/2016 02:29:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7185000a
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3

Error: (05/25/2016 02:17:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7185000a
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3


Systemfehler:
=============
Error: (05/25/2016 07:07:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (05/25/2016 07:07:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/25/2016 07:07:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (05/25/2016 07:07:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/25/2016 07:07:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (05/25/2016 07:07:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/25/2016 07:07:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (05/25/2016 07:07:19 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (05/25/2016 07:07:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (05/25/2016 07:07:18 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Prozentuale Nutzung des RAM: 50%
Installierter physikalischer RAM: 4056.56 MB
Verfügbarer physikalischer RAM: 1995.84 MB
Summe virtueller Speicher: 8111.3 MB
Verfügbarer virtueller Speicher: 5244.69 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:151.71 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D6776FFD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
[CODE]
__________________

Alt 25.05.2016, 23:29   #4
Tori22
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT



Das Ergebnis der TDSSKiller Untersuchung:

Code:
ATTFilter
23:46:34.0282 0x143c  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
23:46:42.0986 0x143c  ============================================================
23:46:42.0986 0x143c  Current date / time: 2016/05/25 23:46:42.0986
23:46:42.0986 0x143c  SystemInfo:
23:46:42.0986 0x143c  
23:46:42.0986 0x143c  OS Version: 6.1.7601 ServicePack: 1.0
23:46:42.0986 0x143c  Product type: Workstation
23:46:42.0986 0x143c  ComputerName: USER-PC
23:46:42.0986 0x143c  UserName: user
23:46:42.0986 0x143c  Windows directory: C:\Windows
23:46:42.0986 0x143c  System windows directory: C:\Windows
23:46:42.0986 0x143c  Running under WOW64
23:46:42.0986 0x143c  Processor architecture: Intel x64
23:46:42.0986 0x143c  Number of processors: 2
23:46:42.0986 0x143c  Page size: 0x1000
23:46:42.0986 0x143c  Boot type: Normal boot
23:46:42.0986 0x143c  ============================================================
23:46:45.0264 0x143c  KLMD registered as C:\Windows\system32\drivers\44936176.sys
23:46:46.0169 0x143c  System UUID: {B40ACAE7-93F2-2E06-7303-9B5107E9A584}
23:46:48.0556 0x143c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:46:48.0571 0x143c  ============================================================
23:46:48.0571 0x143c  \Device\Harddisk0\DR0:
23:46:48.0571 0x143c  MBR partitions:
23:46:48.0571 0x143c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:46:48.0571 0x143c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
23:46:48.0571 0x143c  ============================================================
23:46:48.0587 0x143c  C: <-> \Device\Harddisk0\DR0\Partition2
23:46:48.0587 0x143c  ============================================================
23:46:48.0587 0x143c  Initialize success
23:46:48.0587 0x143c  ============================================================
23:46:55.0622 0x0ab8  ============================================================
23:46:55.0622 0x0ab8  Scan started
23:46:55.0622 0x0ab8  Mode: Manual; 
23:46:55.0622 0x0ab8  ============================================================
23:46:55.0622 0x0ab8  KSN ping started
23:47:10.0442 0x0ab8  KSN ping finished: true
23:47:20.0302 0x0ab8  ================ Scan system memory ========================
23:47:20.0302 0x0ab8  System memory - ok
23:47:20.0302 0x0ab8  ================ Scan services =============================
23:47:20.0551 0x0ab8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:47:20.0567 0x0ab8  1394ohci - ok
23:47:22.0096 0x0ab8  [ 6A9A920C6A0BC688D819B389E3573940, 209EEA8B854E15528365C2246F13EFD37F2C9A749398D2A607E967A2BE5B551A ] a2AntiMalware   C:\Program Files\Emsisoft Anti-Malware\a2service.exe
23:47:22.0876 0x0ab8  a2AntiMalware - ok
23:47:23.0172 0x0ab8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:47:23.0203 0x0ab8  ACPI - ok
23:47:23.0281 0x0ab8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:47:23.0297 0x0ab8  AcpiPmi - ok
23:47:23.0406 0x0ab8  [ 028F7CFA4B2F7A7049375C4088ADB369, DAE4F092734655F99C097C1F6E49B4F7C2110A35839139CB62C1FFD84379DE4A ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
23:47:23.0437 0x0ab8  acsock - ok
23:47:23.0562 0x0ab8  [ 36114214BF8D7C464D1E92E4EB6B2DD3, 8E7CB266D4ABCDF332A3D4D341753811D51B72985E36F24A7E757DCA11A65A2A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:47:23.0562 0x0ab8  AdobeARMservice - ok
23:47:23.0765 0x0ab8  [ 6A050671F2C76FB48131F12786802807, 71B37A9CEAE5AB1B069FB010BC547E14445461885B74FA879E63F9F2DAF644A5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:47:23.0796 0x0ab8  AdobeFlashPlayerUpdateSvc - ok
23:47:23.0905 0x0ab8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:47:23.0952 0x0ab8  adp94xx - ok
23:47:24.0092 0x0ab8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:47:24.0124 0x0ab8  adpahci - ok
23:47:24.0186 0x0ab8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:47:24.0217 0x0ab8  adpu320 - ok
23:47:24.0280 0x0ab8  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:47:24.0295 0x0ab8  AeLookupSvc - ok
23:47:24.0389 0x0ab8  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
23:47:24.0436 0x0ab8  AFD - ok
23:47:24.0498 0x0ab8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
23:47:24.0514 0x0ab8  agp440 - ok
23:47:24.0560 0x0ab8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:47:24.0560 0x0ab8  ALG - ok
23:47:24.0607 0x0ab8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:47:24.0607 0x0ab8  aliide - ok
23:47:24.0654 0x0ab8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:47:24.0654 0x0ab8  amdide - ok
23:47:24.0732 0x0ab8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:47:24.0732 0x0ab8  AmdK8 - ok
23:47:24.0794 0x0ab8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:47:24.0794 0x0ab8  AmdPPM - ok
23:47:24.0857 0x0ab8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:47:24.0872 0x0ab8  amdsata - ok
23:47:24.0950 0x0ab8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:47:24.0966 0x0ab8  amdsbs - ok
23:47:25.0044 0x0ab8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:47:25.0044 0x0ab8  amdxata - ok
23:47:25.0637 0x0ab8  [ 157DA3885AA4F03C80C10DAEB0949CAA, 69EA1C9F904FBDFE904A3BC52CB0E188AF18A93EA87A119E5E6234C6F5D4742E ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
23:47:25.0715 0x0ab8  AntiVirMailService - ok
23:47:25.0824 0x0ab8  [ BD65021AB0EC790AECC503C394E61BA4, 51AD9C6F1192A3604902AE4F3B4B791DF1D58EA0B39B12AE4FA38F59E02F6D68 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
23:47:25.0855 0x0ab8  AntiVirSchedulerService - ok
23:47:25.0949 0x0ab8  [ BD65021AB0EC790AECC503C394E61BA4, 51AD9C6F1192A3604902AE4F3B4B791DF1D58EA0B39B12AE4FA38F59E02F6D68 ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
23:47:25.0980 0x0ab8  AntiVirService - ok
23:47:26.0167 0x0ab8  [ CF586007CB1F9189CDF07D0D5A02C448, 7BA6E27A835A0851C12A7A115C24665631CC77D857DAF32D24BF2D2AF676FE30 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
23:47:26.0292 0x0ab8  AntiVirWebService - ok
23:47:26.0401 0x0ab8  [ 6474F8823C7188D2DA579F01FB6CED6B, 81D4E9D026CA60FB8840D520D151B8C2F4745A75DF90A4D6C80641F1A23AB605 ] AppID           C:\Windows\system32\drivers\appid.sys
23:47:26.0417 0x0ab8  AppID - ok
23:47:26.0448 0x0ab8  [ 8F58BA1F7772D6D7CE45F03309608001, CDB109E0DD241042C058F7D81A1BDEBC34435CB2DC4A7A7A3692193DD5806097 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:47:26.0448 0x0ab8  AppIDSvc - ok
23:47:26.0542 0x0ab8  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
23:47:26.0557 0x0ab8  Appinfo - ok
23:47:26.0604 0x0ab8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:47:26.0620 0x0ab8  arc - ok
23:47:26.0666 0x0ab8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:47:26.0682 0x0ab8  arcsas - ok
23:47:26.0869 0x0ab8  [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:47:27.0025 0x0ab8  aspnet_state - ok
23:47:27.0088 0x0ab8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:47:27.0088 0x0ab8  AsyncMac - ok
23:47:27.0150 0x0ab8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:47:27.0150 0x0ab8  atapi - ok
23:47:27.0290 0x0ab8  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:47:27.0431 0x0ab8  AudioEndpointBuilder - ok
23:47:27.0571 0x0ab8  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:47:27.0618 0x0ab8  AudioSrv - ok
23:47:27.0727 0x0ab8  [ 742D578C28F6F58B8B576F91A1D8EB4E, 6C49EC198E67CE40728F0C19CB2BDCB59310BA59324F58E4D456DA2C8CC28BA6 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:47:27.0743 0x0ab8  avgntflt - ok
23:47:27.0790 0x0ab8  [ C9BED3BDC39FBCAA77A88308355B237E, AFC74D4BF86FB695D7D31534C174D926C8ED57E7D8E98339CE3ED060AC3BB6D0 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:47:27.0805 0x0ab8  avipbb - ok
23:47:27.0961 0x0ab8  [ 04B922C5BE92C42DD0C2B9D085D7C0CA, 7E1F76A1FB2D6CB78CD0A881A0A55DC8478BABC42F9BFE63FB838E087C7DA3AB ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
23:47:27.0977 0x0ab8  Avira.ServiceHost - ok
23:47:28.0039 0x0ab8  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:47:28.0039 0x0ab8  avkmgr - ok
23:47:28.0086 0x0ab8  [ 138A53D17B040F5A3A307D44A89D0905, AD212E430F2DE43F037BECF6A46FCD53270A5EE11427030C7D5CBC3EAAAAA029 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
23:47:28.0086 0x0ab8  avnetflt - ok
23:47:28.0195 0x0ab8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:47:28.0211 0x0ab8  AxInstSV - ok
23:47:28.0351 0x0ab8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:47:28.0414 0x0ab8  b06bdrv - ok
23:47:28.0648 0x0ab8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:47:28.0726 0x0ab8  b57nd60a - ok
23:47:28.0882 0x0ab8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:47:28.0882 0x0ab8  BDESVC - ok
23:47:28.0960 0x0ab8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:47:28.0960 0x0ab8  Beep - ok
23:47:29.0100 0x0ab8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
23:47:29.0162 0x0ab8  BFE - ok
23:47:29.0552 0x0ab8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
23:47:29.0630 0x0ab8  BITS - ok
23:47:29.0818 0x0ab8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:47:29.0818 0x0ab8  blbdrive - ok
23:47:29.0880 0x0ab8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:47:29.0880 0x0ab8  bowser - ok
23:47:29.0927 0x0ab8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:47:29.0927 0x0ab8  BrFiltLo - ok
23:47:29.0958 0x0ab8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:47:29.0958 0x0ab8  BrFiltUp - ok
23:47:30.0020 0x0ab8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
23:47:30.0036 0x0ab8  Browser - ok
23:47:30.0098 0x0ab8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:47:30.0114 0x0ab8  Brserid - ok
23:47:30.0145 0x0ab8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:47:30.0161 0x0ab8  BrSerWdm - ok
23:47:30.0192 0x0ab8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:47:30.0208 0x0ab8  BrUsbMdm - ok
23:47:30.0239 0x0ab8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:47:30.0239 0x0ab8  BrUsbSer - ok
23:47:30.0348 0x0ab8  [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
23:47:30.0379 0x0ab8  BrYNSvc - ok
23:47:30.0426 0x0ab8  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
23:47:30.0426 0x0ab8  BthEnum - ok
23:47:30.0473 0x0ab8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:47:30.0473 0x0ab8  BTHMODEM - ok
23:47:30.0535 0x0ab8  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:47:30.0551 0x0ab8  BthPan - ok
23:47:30.0676 0x0ab8  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
23:47:30.0722 0x0ab8  BTHPORT - ok
23:47:30.0785 0x0ab8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:47:30.0785 0x0ab8  bthserv - ok
23:47:30.0832 0x0ab8  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
23:47:30.0847 0x0ab8  BTHUSB - ok
23:47:30.0878 0x0ab8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:47:30.0894 0x0ab8  cdfs - ok
23:47:30.0972 0x0ab8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
23:47:30.0988 0x0ab8  cdrom - ok
23:47:31.0034 0x0ab8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:47:31.0050 0x0ab8  CertPropSvc - ok
23:47:31.0097 0x0ab8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:47:31.0112 0x0ab8  circlass - ok
23:47:31.0222 0x0ab8  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
23:47:31.0268 0x0ab8  CLFS - ok
23:47:31.0378 0x0ab8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:47:31.0378 0x0ab8  clr_optimization_v2.0.50727_32 - ok
23:47:31.0456 0x0ab8  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:47:31.0471 0x0ab8  clr_optimization_v2.0.50727_64 - ok
23:47:31.0580 0x0ab8  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:47:31.0938 0x0ab8  clr_optimization_v4.0.30319_32 - ok
23:47:31.0986 0x0ab8  [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:47:32.0046 0x0ab8  clr_optimization_v4.0.30319_64 - ok
23:47:32.0121 0x0ab8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:47:32.0126 0x0ab8  CmBatt - ok
23:47:32.0166 0x0ab8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:47:32.0171 0x0ab8  cmdide - ok
23:47:32.0293 0x0ab8  [ CA3FB5A6B626D8A00A89E049CF95954E, CD5E3E40972513195108BA46CEC1D0AEA6B09A67EEBDD17EB759BD1729B07C06 ] CNG             C:\Windows\system32\Drivers\cng.sys
23:47:32.0346 0x0ab8  CNG - ok
23:47:32.0446 0x0ab8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:47:32.0451 0x0ab8  Compbatt - ok
23:47:32.0521 0x0ab8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:47:32.0526 0x0ab8  CompositeBus - ok
23:47:32.0548 0x0ab8  COMSysApp - ok
23:47:32.0591 0x0ab8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:47:32.0596 0x0ab8  crcdisk - ok
23:47:32.0693 0x0ab8  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:47:32.0711 0x0ab8  CryptSvc - ok
23:47:32.0861 0x0ab8  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:47:32.0903 0x0ab8  DcomLaunch - ok
23:47:32.0963 0x0ab8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:47:32.0991 0x0ab8  defragsvc - ok
23:47:33.0098 0x0ab8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:47:33.0108 0x0ab8  DfsC - ok
23:47:33.0246 0x0ab8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:47:33.0286 0x0ab8  Dhcp - ok
23:47:33.0518 0x0ab8  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
23:47:33.0733 0x0ab8  DiagTrack - ok
23:47:33.0838 0x0ab8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:47:33.0843 0x0ab8  discache - ok
23:47:33.0906 0x0ab8  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
23:47:33.0916 0x0ab8  Disk - ok
23:47:33.0993 0x0ab8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:47:34.0016 0x0ab8  Dnscache - ok
23:47:34.0088 0x0ab8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:47:34.0111 0x0ab8  dot3svc - ok
23:47:34.0191 0x0ab8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
23:47:34.0223 0x0ab8  DPS - ok
23:47:34.0301 0x0ab8  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:47:34.0301 0x0ab8  drmkaud - ok
23:47:34.0503 0x0ab8  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:47:34.0613 0x0ab8  DXGKrnl - ok
23:47:34.0691 0x0ab8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:47:34.0706 0x0ab8  EapHost - ok
23:47:35.0330 0x0ab8  [ 560EDC0912BDB68290930E2542823A24, CB9578A19F717FBD388F2BE8179CF2D4755DF11AD246E13AF1D43E25CA026386 ] eapihdrv        C:\Users\user\AppData\Local\Temp\ehdrv.sys
23:47:35.0361 0x0ab8  eapihdrv - ok
23:47:36.0048 0x0ab8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:47:36.0422 0x0ab8  ebdrv - ok
23:47:36.0563 0x0ab8  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] EFS             C:\Windows\System32\lsass.exe
23:47:36.0563 0x0ab8  EFS - ok
23:47:36.0750 0x0ab8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:47:36.0812 0x0ab8  ehRecvr - ok
23:47:36.0890 0x0ab8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:47:36.0921 0x0ab8  ehSched - ok
23:47:37.0015 0x0ab8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:47:37.0062 0x0ab8  elxstor - ok
23:47:37.0249 0x0ab8  [ F093114300542DBF3DAB97D7A4BB4E36, 5E3A1663A1227BE8F8D31BD7E8E42BA205652B5D3916800D0939484BAB81AFE7 ] epp             C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys
23:47:37.0265 0x0ab8  epp - ok
23:47:37.0327 0x0ab8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:47:37.0327 0x0ab8  ErrDev - ok
23:47:37.0467 0x0ab8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:47:37.0514 0x0ab8  EventSystem - ok
23:47:37.0748 0x0ab8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:47:37.0764 0x0ab8  exfat - ok
23:47:37.0857 0x0ab8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:47:37.0873 0x0ab8  fastfat - ok
23:47:37.0998 0x0ab8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
23:47:38.0060 0x0ab8  Fax - ok
23:47:38.0091 0x0ab8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:47:38.0091 0x0ab8  fdc - ok
23:47:38.0138 0x0ab8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:47:38.0138 0x0ab8  fdPHost - ok
23:47:38.0247 0x0ab8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:47:38.0247 0x0ab8  FDResPub - ok
23:47:38.0279 0x0ab8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:47:38.0294 0x0ab8  FileInfo - ok
23:47:38.0325 0x0ab8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:47:38.0341 0x0ab8  Filetrace - ok
23:47:38.0372 0x0ab8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:47:38.0372 0x0ab8  flpydisk - ok
23:47:38.0435 0x0ab8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:47:38.0466 0x0ab8  FltMgr - ok
23:47:38.0918 0x0ab8  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
23:47:39.0137 0x0ab8  FontCache - ok
23:47:39.0371 0x0ab8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:47:39.0371 0x0ab8  FontCache3.0.0.0 - ok
23:47:39.0417 0x0ab8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:47:39.0417 0x0ab8  FsDepends - ok
23:47:39.0464 0x0ab8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:47:39.0480 0x0ab8  Fs_Rec - ok
23:47:39.0542 0x0ab8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:47:39.0558 0x0ab8  fvevol - ok
23:47:39.0589 0x0ab8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:47:39.0605 0x0ab8  gagp30kx - ok
23:47:39.0729 0x0ab8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:47:39.0792 0x0ab8  gpsvc - ok
23:47:40.0010 0x0ab8  [ E7DF232FB4670F5C7A517D7FFFB0A8FC, 15A2C138EDB4D8E2B097579762DF7AA3E90503820219ED040D3002DDF265C16F ] Guntony_protect C:\ProgramData\Guntony\protect\protect.exe
23:47:40.0041 0x0ab8  Guntony_protect - ok
23:47:40.0213 0x0ab8  [ FA2C5B35CA039D86F76911F711CA3F30, B5A6FDBF3214809754C1D230D479387E141C82B3911D1E917E6CC531D313F3A2 ] Guntony_update  C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe
23:47:40.0291 0x0ab8  Guntony_update - ok
23:47:40.0399 0x0ab8  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:47:40.0429 0x0ab8  gupdate - ok
23:47:40.0482 0x0ab8  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:47:40.0497 0x0ab8  gupdatem - ok
23:47:40.0552 0x0ab8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:47:40.0557 0x0ab8  hcw85cir - ok
23:47:40.0647 0x0ab8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:47:40.0694 0x0ab8  HdAudAddService - ok
23:47:40.0744 0x0ab8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:47:40.0754 0x0ab8  HDAudBus - ok
23:47:40.0792 0x0ab8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:47:40.0794 0x0ab8  HidBatt - ok
23:47:40.0857 0x0ab8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:47:40.0872 0x0ab8  HidBth - ok
23:47:40.0914 0x0ab8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:47:40.0919 0x0ab8  HidIr - ok
23:47:40.0974 0x0ab8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:47:40.0984 0x0ab8  hidserv - ok
23:47:41.0034 0x0ab8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:47:41.0039 0x0ab8  HidUsb - ok
23:47:41.0094 0x0ab8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:47:41.0112 0x0ab8  hkmsvc - ok
23:47:41.0187 0x0ab8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:47:41.0209 0x0ab8  HomeGroupListener - ok
23:47:41.0272 0x0ab8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:47:41.0297 0x0ab8  HomeGroupProvider - ok
23:47:41.0354 0x0ab8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:47:41.0362 0x0ab8  HpSAMD - ok
23:47:41.0467 0x0ab8  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:47:41.0582 0x0ab8  HTTP - ok
23:47:41.0647 0x0ab8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:47:41.0652 0x0ab8  hwpolicy - ok
23:47:41.0694 0x0ab8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:47:41.0709 0x0ab8  i8042prt - ok
23:47:41.0844 0x0ab8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:47:41.0879 0x0ab8  iaStorV - ok
23:47:42.0044 0x0ab8  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:47:42.0157 0x0ab8  idsvc - ok
23:47:42.0244 0x0ab8  IEEtwCollectorService - ok
23:47:43.0824 0x0ab8  [ C6238C6ABD6AC99F5D152DA4E9439A3D, 6FC490B94CEF523C7C099AEA3D36AB75C9896B1D83D4467D237E698A8E0D9E7B ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:47:44.0825 0x0ab8  igfx - ok
23:47:45.0152 0x0ab8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:47:45.0168 0x0ab8  iirsp - ok
23:47:45.0558 0x0ab8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
23:47:45.0652 0x0ab8  IKEEXT - ok
23:47:45.0792 0x0ab8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:47:45.0792 0x0ab8  intelide - ok
23:47:45.0839 0x0ab8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:47:45.0839 0x0ab8  intelppm - ok
23:47:45.0901 0x0ab8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:47:45.0917 0x0ab8  IPBusEnum - ok
23:47:45.0979 0x0ab8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:47:45.0995 0x0ab8  IpFilterDriver - ok
23:47:46.0120 0x0ab8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:47:46.0166 0x0ab8  iphlpsvc - ok
23:47:46.0291 0x0ab8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:47:46.0307 0x0ab8  IPMIDRV - ok
23:47:46.0354 0x0ab8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:47:46.0354 0x0ab8  IPNAT - ok
23:47:46.0416 0x0ab8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:47:46.0432 0x0ab8  IRENUM - ok
23:47:46.0619 0x0ab8  [ BFA3107D0755568C3B55CA3BCB5491C7, D05D8DE5A2FAA50DB0BD981FA20186A6DFFD19581BE35C8AD5EEC3A7908585B6 ] iSafeKrnl       C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys
23:47:46.0634 0x0ab8  iSafeKrnl - ok
23:47:46.0666 0x0ab8  iSafeKrnlBoot - ok
23:47:46.0775 0x0ab8  [ B3D0539ACB9A047EFF69EE8DD96CA84B, 02292131819989DC10C9390903905405086A5E995D82C4B556ACCB78D84F4B75 ] iSafeKrnlKit    C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys
23:47:46.0806 0x0ab8  iSafeKrnlKit - ok
23:47:46.0900 0x0ab8  [ 093A45CB22A0B33C30314CB3BF21C096, 685105DCD02200959A72B4D83FB245C3C3B894DC07F8C628879091B9FCC3EED9 ] iSafeKrnlMon    C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys
23:47:46.0900 0x0ab8  iSafeKrnlMon - ok
23:47:46.0962 0x0ab8  [ A21E9AB248B7D7A419FAF26B265F5CDE, 668112269744E05EF0613E65E3FDD908BA6DFA82D6C30C98808CEC6D89FE89B7 ] iSafeKrnlR3     C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys
23:47:46.0978 0x0ab8  iSafeKrnlR3 - ok
23:47:47.0056 0x0ab8  [ 9FB02FBA90F6AF59537A30C3DB9777C8, 6597D4994D0D6262B853F64A6E828C5D411225624F137901F6DCF3D3BA81BB80 ] iSafeNetFilter  C:\Windows\system32\DRIVERS\iSafeNetFilter.sys
23:47:47.0056 0x0ab8  iSafeNetFilter - ok
23:47:47.0118 0x0ab8  [ 11F6F9216D8F77EAC196B07D66E819EA, 5902ACF11432A320948237ED791C5B9724BAE8A9F78592BDB9562BD18788A6B1 ] iSafeService    C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
23:47:47.0134 0x0ab8  iSafeService - ok
23:47:47.0212 0x0ab8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:47:47.0212 0x0ab8  isapnp - ok
23:47:47.0290 0x0ab8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:47:47.0305 0x0ab8  iScsiPrt - ok
23:47:47.0399 0x0ab8  [ 232DAF11B2D1363BC8CABF1A0E33601B, 4DF618ABCCFA54A1102FD732EBB18508D3F0F4201E4D9143852B740945F30ADE ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
23:47:47.0414 0x0ab8  JMCR - ok
23:47:47.0492 0x0ab8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:47:47.0492 0x0ab8  kbdclass - ok
23:47:47.0555 0x0ab8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:47:47.0555 0x0ab8  kbdhid - ok
23:47:47.0602 0x0ab8  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] KeyIso          C:\Windows\system32\lsass.exe
23:47:47.0617 0x0ab8  KeyIso - ok
23:47:47.0695 0x0ab8  [ 0878723427BA190E5ABA5AA0112FA4D4, E332C83D3F4DF71761AA3DAC2C721FC2029F71ECC88A66E175BA56510855C4D4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:47:47.0695 0x0ab8  KSecDD - ok
23:47:47.0758 0x0ab8  [ C08CCCE2BE68D04E6C142614736959DA, AEC0AFC5C28DDC14DD6918BB6E236FA1C85CC30D69DA9AE40F9962D88248040F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:47:47.0773 0x0ab8  KSecPkg - ok
23:47:47.0836 0x0ab8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:47:47.0836 0x0ab8  ksthunk - ok
23:47:47.0914 0x0ab8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:47:47.0945 0x0ab8  KtmRm - ok
23:47:48.0148 0x0ab8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:47:48.0179 0x0ab8  LanmanServer - ok
23:47:48.0257 0x0ab8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:47:48.0288 0x0ab8  LanmanWorkstation - ok
23:47:48.0350 0x0ab8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:47:48.0350 0x0ab8  lltdio - ok
23:47:48.0444 0x0ab8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:47:48.0475 0x0ab8  lltdsvc - ok
23:47:48.0506 0x0ab8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:47:48.0522 0x0ab8  lmhosts - ok
23:47:48.0569 0x0ab8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:47:48.0584 0x0ab8  LSI_FC - ok
23:47:48.0662 0x0ab8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:47:48.0678 0x0ab8  LSI_SAS - ok
23:47:48.0740 0x0ab8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:47:48.0740 0x0ab8  LSI_SAS2 - ok
23:47:48.0772 0x0ab8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:47:48.0787 0x0ab8  LSI_SCSI - ok
23:47:48.0834 0x0ab8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:47:48.0850 0x0ab8  luafv - ok
23:47:48.0943 0x0ab8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:47:48.0943 0x0ab8  Mcx2Svc - ok
23:47:49.0068 0x0ab8  [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
23:47:49.0099 0x0ab8  MDM - ok
23:47:49.0208 0x0ab8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:47:49.0208 0x0ab8  megasas - ok
23:47:49.0286 0x0ab8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:47:49.0302 0x0ab8  MegaSR - ok
23:47:49.0411 0x0ab8  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
23:47:49.0411 0x0ab8  Microsoft Office Groove Audit Service - ok
23:47:49.0489 0x0ab8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:47:49.0489 0x0ab8  MMCSS - ok
23:47:49.0520 0x0ab8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:47:49.0520 0x0ab8  Modem - ok
23:47:49.0614 0x0ab8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:47:49.0614 0x0ab8  monitor - ok
23:47:49.0676 0x0ab8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:47:49.0676 0x0ab8  mouclass - ok
23:47:49.0754 0x0ab8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:47:49.0754 0x0ab8  mouhid - ok
23:47:49.0832 0x0ab8  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:47:49.0832 0x0ab8  mountmgr - ok
23:47:49.0957 0x0ab8  [ 0DE2474F316C515482ABAD3B697F8714, 62862AE7432F5350068E96AD466093359C6CF444EB517AE6D09134FAF78C49F5 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:47:49.0957 0x0ab8  MozillaMaintenance - ok
23:47:50.0129 0x0ab8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:47:50.0144 0x0ab8  mpio - ok
23:47:50.0254 0x0ab8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:47:50.0254 0x0ab8  mpsdrv - ok
23:47:50.0378 0x0ab8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:47:50.0456 0x0ab8  MpsSvc - ok
23:47:50.0550 0x0ab8  [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:47:50.0566 0x0ab8  MRxDAV - ok
23:47:50.0659 0x0ab8  [ 035C0A9A63DF3F3A52B90D8F6BF0F166, F409C8A31156E31A6D16D2B34EEE3098CE0D76A4DB7B49810EDDA2E2E19B2E26 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:47:50.0675 0x0ab8  mrxsmb - ok
23:47:50.0737 0x0ab8  [ 8308FC2E9147D7632221E3279BB14660, 3051FF91493FD03B7EDD4EDB23B2DE8DD7E03D46E231BC5925502BE98E78B1CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:47:50.0768 0x0ab8  mrxsmb10 - ok
23:47:50.0815 0x0ab8  [ 1F8DA4ECAEA7E2BCD97E738795817431, FBEF64C7067F5AFF864EF7E220C8A47AC43EB0BFD9A4E4C908F9D9D159AC5139 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:47:50.0956 0x0ab8  mrxsmb20 - ok
23:47:51.0002 0x0ab8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:47:51.0002 0x0ab8  msahci - ok
23:47:51.0080 0x0ab8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:47:51.0096 0x0ab8  msdsm - ok
23:47:51.0174 0x0ab8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:47:51.0190 0x0ab8  MSDTC - ok
23:47:51.0268 0x0ab8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:47:51.0268 0x0ab8  Msfs - ok
23:47:51.0314 0x0ab8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:47:51.0314 0x0ab8  mshidkmdf - ok
23:47:51.0392 0x0ab8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:47:51.0408 0x0ab8  msisadrv - ok
23:47:51.0470 0x0ab8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:47:51.0486 0x0ab8  MSiSCSI - ok
23:47:51.0533 0x0ab8  msiserver - ok
23:47:51.0626 0x0ab8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:47:51.0626 0x0ab8  MSKSSRV - ok
23:47:51.0673 0x0ab8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:47:51.0689 0x0ab8  MSPCLOCK - ok
23:47:51.0704 0x0ab8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:47:51.0704 0x0ab8  MSPQM - ok
23:47:51.0845 0x0ab8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:47:51.0892 0x0ab8  MsRPC - ok
23:47:51.0938 0x0ab8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:47:51.0938 0x0ab8  mssmbios - ok
23:47:51.0985 0x0ab8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:47:52.0001 0x0ab8  MSTEE - ok
23:47:52.0032 0x0ab8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:47:52.0032 0x0ab8  MTConfig - ok
23:47:52.0079 0x0ab8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:47:52.0094 0x0ab8  Mup - ok
23:47:52.0172 0x0ab8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
23:47:52.0219 0x0ab8  napagent - ok
23:47:52.0360 0x0ab8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:47:52.0391 0x0ab8  NativeWifiP - ok
23:47:52.0547 0x0ab8  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:47:52.0656 0x0ab8  NDIS - ok
23:47:52.0734 0x0ab8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:47:52.0734 0x0ab8  NdisCap - ok
23:47:52.0796 0x0ab8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:47:52.0812 0x0ab8  NdisTapi - ok
23:47:52.0874 0x0ab8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:47:52.0874 0x0ab8  Ndisuio - ok
23:47:52.0937 0x0ab8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:47:52.0952 0x0ab8  NdisWan - ok
23:47:53.0015 0x0ab8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:47:53.0030 0x0ab8  NDProxy - ok
23:47:53.0062 0x0ab8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:47:53.0077 0x0ab8  NetBIOS - ok
23:47:53.0202 0x0ab8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:47:53.0249 0x0ab8  NetBT - ok
23:47:53.0327 0x0ab8  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] Netlogon        C:\Windows\system32\lsass.exe
23:47:53.0342 0x0ab8  Netlogon - ok
23:47:53.0405 0x0ab8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:47:53.0452 0x0ab8  Netman - ok
23:47:53.0764 0x0ab8  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:47:53.0795 0x0ab8  NetMsmqActivator - ok
23:47:53.0857 0x0ab8  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:47:53.0873 0x0ab8  NetPipeActivator - ok
23:47:54.0029 0x0ab8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:47:54.0076 0x0ab8  netprofm - ok
23:47:54.0154 0x0ab8  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:47:54.0169 0x0ab8  NetTcpActivator - ok
23:47:54.0200 0x0ab8  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:47:54.0216 0x0ab8  NetTcpPortSharing - ok
23:47:55.0090 0x0ab8  [ 4D85A450EDEF10C38882182753A49AAE, FB6C2D91B2CF834315498BB31F931E2A49066A3158A588FD705F59628DF2F8FC ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
23:47:55.0651 0x0ab8  NETw5s64 - ok
23:47:56.0260 0x0ab8  [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
23:47:56.0696 0x0ab8  netw5v64 - ok
23:47:56.0837 0x0ab8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:47:56.0852 0x0ab8  nfrd960 - ok
23:47:56.0930 0x0ab8  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:47:56.0962 0x0ab8  NlaSvc - ok
23:47:57.0008 0x0ab8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:47:57.0008 0x0ab8  Npfs - ok
23:47:57.0071 0x0ab8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:47:57.0086 0x0ab8  nsi - ok
23:47:57.0133 0x0ab8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:47:57.0133 0x0ab8  nsiproxy - ok
23:47:57.0352 0x0ab8  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:47:57.0539 0x0ab8  Ntfs - ok
23:47:57.0617 0x0ab8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:47:57.0632 0x0ab8  Null - ok
23:47:57.0679 0x0ab8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:47:57.0710 0x0ab8  nvraid - ok
23:47:57.0757 0x0ab8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:47:57.0773 0x0ab8  nvstor - ok
23:47:57.0835 0x0ab8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:47:57.0851 0x0ab8  nv_agp - ok
23:47:57.0976 0x0ab8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:47:58.0007 0x0ab8  odserv - ok
23:47:58.0054 0x0ab8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:47:58.0069 0x0ab8  ohci1394 - ok
23:47:58.0147 0x0ab8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:47:58.0163 0x0ab8  ose - ok
23:47:58.0256 0x0ab8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:47:58.0288 0x0ab8  p2pimsvc - ok
23:47:58.0412 0x0ab8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:47:58.0444 0x0ab8  p2psvc - ok
23:47:58.0506 0x0ab8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:47:58.0506 0x0ab8  Parport - ok
23:47:58.0568 0x0ab8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:47:58.0584 0x0ab8  partmgr - ok
23:47:58.0662 0x0ab8  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:47:58.0678 0x0ab8  PcaSvc - ok
23:47:58.0756 0x0ab8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
23:47:58.0787 0x0ab8  pci - ok
23:47:58.0849 0x0ab8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:47:58.0865 0x0ab8  pciide - ok
23:47:58.0927 0x0ab8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:47:58.0943 0x0ab8  pcmcia - ok
23:47:58.0974 0x0ab8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:47:58.0974 0x0ab8  pcw - ok
23:47:59.0146 0x0ab8  [ C1C3BAF078BE5A14384A4BA2D730817D, 6E4D2F73A1CB250B3EE270CCE806A37EB2140E34EAF9F48C45CC12D2A451AA16 ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
23:47:59.0177 0x0ab8  PDFProFiltSrvPP - ok
23:47:59.0317 0x0ab8  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:47:59.0380 0x0ab8  PEAUTH - ok
23:47:59.0551 0x0ab8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:47:59.0567 0x0ab8  PerfHost - ok
23:47:59.0832 0x0ab8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
23:47:59.0988 0x0ab8  pla - ok
23:48:00.0097 0x0ab8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:48:00.0144 0x0ab8  PlugPlay - ok
23:48:00.0175 0x0ab8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:48:00.0191 0x0ab8  PNRPAutoReg - ok
23:48:00.0269 0x0ab8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:48:00.0331 0x0ab8  PNRPsvc - ok
23:48:00.0518 0x0ab8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:48:00.0612 0x0ab8  PolicyAgent - ok
23:48:00.0737 0x0ab8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:48:00.0768 0x0ab8  Power - ok
23:48:00.0846 0x0ab8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:48:00.0877 0x0ab8  PptpMiniport - ok
23:48:00.0924 0x0ab8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:48:00.0940 0x0ab8  Processor - ok
23:48:01.0018 0x0ab8  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:48:01.0033 0x0ab8  ProfSvc - ok
23:48:01.0064 0x0ab8  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:48:01.0080 0x0ab8  ProtectedStorage - ok
23:48:01.0174 0x0ab8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:48:01.0189 0x0ab8  Psched - ok
23:48:01.0408 0x0ab8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:48:01.0564 0x0ab8  ql2300 - ok
23:48:01.0657 0x0ab8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:48:01.0657 0x0ab8  ql40xx - ok
23:48:01.0735 0x0ab8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:48:01.0766 0x0ab8  QWAVE - ok
23:48:01.0798 0x0ab8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:48:01.0798 0x0ab8  QWAVEdrv - ok
23:48:01.0844 0x0ab8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:48:01.0860 0x0ab8  RasAcd - ok
23:48:01.0907 0x0ab8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:48:01.0907 0x0ab8  RasAgileVpn - ok
23:48:01.0954 0x0ab8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:48:01.0985 0x0ab8  RasAuto - ok
23:48:02.0047 0x0ab8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:48:02.0063 0x0ab8  Rasl2tp - ok
23:48:02.0125 0x0ab8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
23:48:02.0156 0x0ab8  RasMan - ok
23:48:02.0203 0x0ab8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:48:02.0203 0x0ab8  RasPppoe - ok
23:48:02.0250 0x0ab8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:48:02.0266 0x0ab8  RasSstp - ok
23:48:02.0328 0x0ab8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:48:02.0359 0x0ab8  rdbss - ok
23:48:02.0406 0x0ab8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:48:02.0406 0x0ab8  rdpbus - ok
23:48:02.0437 0x0ab8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:48:02.0437 0x0ab8  RDPCDD - ok
23:48:02.0484 0x0ab8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:48:02.0484 0x0ab8  RDPENCDD - ok
23:48:02.0562 0x0ab8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:48:02.0578 0x0ab8  RDPREFMP - ok
23:48:02.0640 0x0ab8  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:48:02.0656 0x0ab8  RDPWD - ok
23:48:02.0718 0x0ab8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:48:02.0734 0x0ab8  rdyboost - ok
23:48:02.0796 0x0ab8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:48:02.0812 0x0ab8  RemoteAccess - ok
23:48:02.0874 0x0ab8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:48:02.0905 0x0ab8  RemoteRegistry - ok
23:48:02.0968 0x0ab8  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:48:02.0983 0x0ab8  RFCOMM - ok
23:48:03.0030 0x0ab8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:48:03.0046 0x0ab8  RpcEptMapper - ok
23:48:03.0124 0x0ab8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:48:03.0139 0x0ab8  RpcLocator - ok
23:48:03.0217 0x0ab8  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
23:48:03.0280 0x0ab8  RpcSs - ok
23:48:03.0342 0x0ab8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:48:03.0358 0x0ab8  rspndr - ok
23:48:03.0404 0x0ab8  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] SamSs           C:\Windows\system32\lsass.exe
23:48:03.0436 0x0ab8  SamSs - ok
23:48:03.0482 0x0ab8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:48:03.0498 0x0ab8  sbp2port - ok
23:48:03.0560 0x0ab8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:48:03.0623 0x0ab8  SCardSvr - ok
23:48:03.0685 0x0ab8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:48:03.0685 0x0ab8  scfilter - ok
23:48:03.0857 0x0ab8  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
23:48:03.0966 0x0ab8  Schedule - ok
23:48:04.0028 0x0ab8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:48:04.0044 0x0ab8  SCPolicySvc - ok
23:48:04.0138 0x0ab8  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
23:48:04.0153 0x0ab8  sdbus - ok
23:48:04.0231 0x0ab8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:48:04.0247 0x0ab8  SDRSVC - ok
23:48:04.0309 0x0ab8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:48:04.0309 0x0ab8  secdrv - ok
23:48:04.0387 0x0ab8  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
23:48:04.0403 0x0ab8  seclogon - ok
23:48:04.0465 0x0ab8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:48:04.0481 0x0ab8  SENS - ok
23:48:04.0496 0x0ab8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:48:04.0512 0x0ab8  SensrSvc - ok
23:48:04.0543 0x0ab8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:48:04.0559 0x0ab8  Serenum - ok
23:48:04.0606 0x0ab8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:48:04.0606 0x0ab8  Serial - ok
23:48:04.0699 0x0ab8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:48:04.0699 0x0ab8  sermouse - ok
23:48:04.0824 0x0ab8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
23:48:04.0840 0x0ab8  SessionEnv - ok
23:48:04.0886 0x0ab8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:48:04.0886 0x0ab8  sffdisk - ok
23:48:04.0933 0x0ab8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:48:04.0933 0x0ab8  sffp_mmc - ok
23:48:04.0980 0x0ab8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:48:04.0980 0x0ab8  sffp_sd - ok
23:48:05.0027 0x0ab8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:48:05.0042 0x0ab8  sfloppy - ok
23:48:05.0214 0x0ab8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:48:05.0245 0x0ab8  SharedAccess - ok
23:48:05.0323 0x0ab8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:48:05.0432 0x0ab8  ShellHWDetection - ok
23:48:05.0557 0x0ab8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:48:05.0573 0x0ab8  SiSRaid2 - ok
23:48:05.0682 0x0ab8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:48:05.0698 0x0ab8  SiSRaid4 - ok
23:48:05.0760 0x0ab8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:48:05.0760 0x0ab8  Smb - ok
23:48:05.0838 0x0ab8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:48:05.0838 0x0ab8  SNMPTRAP - ok
23:48:05.0869 0x0ab8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:48:05.0885 0x0ab8  spldr - ok
23:48:05.0963 0x0ab8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
23:48:06.0025 0x0ab8  Spooler - ok
23:48:06.0524 0x0ab8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:48:06.0821 0x0ab8  sppsvc - ok
23:48:06.0914 0x0ab8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:48:06.0930 0x0ab8  sppuinotify - ok
23:48:07.0024 0x0ab8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:48:07.0055 0x0ab8  srv - ok
23:48:07.0211 0x0ab8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:48:07.0258 0x0ab8  srv2 - ok
23:48:07.0336 0x0ab8  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:48:07.0398 0x0ab8  SrvHsfHDA - ok
23:48:07.0632 0x0ab8  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:48:07.0772 0x0ab8  SrvHsfV92 - ok
23:48:07.0960 0x0ab8  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:48:08.0038 0x0ab8  SrvHsfWinac - ok
23:48:08.0084 0x0ab8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:48:08.0100 0x0ab8  srvnet - ok
23:48:08.0209 0x0ab8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:48:08.0240 0x0ab8  SSDPSRV - ok
23:48:08.0303 0x0ab8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:48:08.0318 0x0ab8  SstpSvc - ok
23:48:08.0365 0x0ab8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:48:08.0365 0x0ab8  stexstor - ok
23:48:08.0537 0x0ab8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
23:48:08.0599 0x0ab8  stisvc - ok
23:48:08.0693 0x0ab8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:48:08.0693 0x0ab8  swenum - ok
23:48:08.0802 0x0ab8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:48:08.0849 0x0ab8  swprv - ok
23:48:09.0130 0x0ab8  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
23:48:09.0332 0x0ab8  SysMain - ok
23:48:09.0504 0x0ab8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:48:09.0520 0x0ab8  TabletInputService - ok
23:48:09.0691 0x0ab8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:48:09.0754 0x0ab8  TapiSrv - ok
23:48:10.0112 0x0ab8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:48:10.0300 0x0ab8  Tcpip - ok
23:48:10.0424 0x13d0  Object required for P2P: [ 6A9A920C6A0BC688D819B389E3573940 ] a2AntiMalware
23:48:10.0736 0x0ab8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:48:10.0970 0x0ab8  TCPIP6 - ok
23:48:11.0080 0x0ab8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:48:11.0080 0x0ab8  tcpipreg - ok
23:48:11.0158 0x0ab8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:48:11.0173 0x0ab8  TDPIPE - ok
23:48:11.0220 0x0ab8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:48:11.0220 0x0ab8  TDTCP - ok
23:48:11.0314 0x0ab8  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:48:11.0329 0x0ab8  tdx - ok
23:48:11.0407 0x0ab8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:48:11.0423 0x0ab8  TermDD - ok
23:48:11.0719 0x0ab8  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
23:48:11.0782 0x0ab8  TermService - ok
23:48:11.0860 0x0ab8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:48:11.0875 0x0ab8  Themes - ok
23:48:11.0922 0x0ab8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:48:11.0938 0x0ab8  THREADORDER - ok
23:48:12.0000 0x0ab8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:48:12.0031 0x0ab8  TrkWks - ok
23:48:12.0094 0x0ab8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:48:12.0109 0x0ab8  TrustedInstaller - ok
23:48:12.0172 0x0ab8  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:48:12.0187 0x0ab8  tssecsrv - ok
23:48:12.0250 0x0ab8  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:48:12.0265 0x0ab8  TsUsbFlt - ok
23:48:12.0421 0x0ab8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:48:12.0421 0x0ab8  tunnel - ok
23:48:12.0468 0x0ab8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:48:12.0484 0x0ab8  uagp35 - ok
23:48:12.0562 0x0ab8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:48:12.0593 0x0ab8  udfs - ok
23:48:12.0718 0x0ab8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:48:12.0733 0x0ab8  UI0Detect - ok
23:48:12.0780 0x0ab8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:48:12.0780 0x0ab8  uliagpkx - ok
23:48:12.0842 0x0ab8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:48:12.0842 0x0ab8  umbus - ok
23:48:12.0889 0x0ab8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:48:12.0889 0x0ab8  UmPass - ok
23:48:12.0967 0x0ab8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:48:12.0998 0x0ab8  upnphost - ok
23:48:13.0045 0x0ab8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:48:13.0061 0x0ab8  usbccgp - ok
23:48:13.0108 0x0ab8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:48:13.0123 0x0ab8  usbcir - ok
23:48:13.0154 0x0ab8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:48:13.0170 0x0ab8  usbehci - ok
23:48:13.0248 0x0ab8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:48:13.0279 0x0ab8  usbhub - ok
23:48:13.0342 0x0ab8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:48:13.0342 0x0ab8  usbohci - ok
23:48:13.0513 0x0ab8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:48:13.0513 0x0ab8  usbprint - ok
23:48:13.0607 0x0ab8  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:48:13.0622 0x0ab8  usbscan - ok
23:48:13.0716 0x0ab8  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:48:13.0732 0x0ab8  USBSTOR - ok
23:48:13.0794 0x0ab8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:48:13.0794 0x0ab8  usbuhci - ok
23:48:13.0872 0x0ab8  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:48:13.0903 0x0ab8  usbvideo - ok
23:48:13.0934 0x0ab8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:48:13.0950 0x0ab8  UxSms - ok
23:48:14.0012 0x0ab8  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] VaultSvc        C:\Windows\system32\lsass.exe
23:48:14.0028 0x0ab8  VaultSvc - ok
23:48:14.0075 0x0ab8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:48:14.0075 0x0ab8  vdrvroot - ok
23:48:14.0184 0x0ab8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
23:48:14.0246 0x0ab8  vds - ok
23:48:14.0309 0x0ab8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:48:14.0309 0x0ab8  vga - ok
23:48:14.0356 0x0ab8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:48:14.0356 0x0ab8  VgaSave - ok
23:48:14.0480 0x0ab8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:48:14.0512 0x0ab8  vhdmp - ok
23:48:14.0558 0x0ab8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:48:14.0574 0x0ab8  viaide - ok
23:48:14.0636 0x0ab8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:48:14.0668 0x0ab8  volmgr - ok
23:48:14.0808 0x0ab8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:48:14.0839 0x0ab8  volmgrx - ok
23:48:14.0902 0x0ab8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:48:14.0933 0x0ab8  volsnap - ok
23:48:15.0058 0x0ab8  [ 9CAE0EB0A9A42D2339DA2CF72EEC8DE0, D55468B7186641BE043366ABF7DAF601847806F82988D1768387337D094D74F7 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
23:48:15.0104 0x0ab8  vpnagent - ok
23:48:15.0182 0x0ab8  [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva           C:\Windows\system32\DRIVERS\vpnva64-6.sys
23:48:15.0182 0x0ab8  vpnva - ok
23:48:15.0307 0x0ab8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:48:15.0338 0x0ab8  vsmraid - ok
23:48:15.0588 0x0ab8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
23:48:15.0744 0x0ab8  VSS - ok
23:48:15.0838 0x0ab8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:48:15.0838 0x0ab8  vwifibus - ok
23:48:15.0962 0x0ab8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:48:15.0978 0x0ab8  vwififlt - ok
23:48:16.0040 0x0ab8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:48:16.0087 0x0ab8  W32Time - ok
23:48:16.0165 0x0ab8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:48:16.0181 0x0ab8  WacomPen - ok
23:48:16.0243 0x0ab8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:48:16.0259 0x0ab8  WANARP - ok
23:48:16.0290 0x0ab8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:48:16.0306 0x0ab8  Wanarpv6 - ok
23:48:16.0508 0x0ab8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:48:16.0711 0x0ab8  WatAdminSvc - ok
23:48:16.0992 0x0ab8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
23:48:17.0117 0x0ab8  wbengine - ok
23:48:17.0226 0x0ab8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:48:17.0257 0x0ab8  WbioSrvc - ok
23:48:17.0366 0x0ab8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:48:17.0444 0x0ab8  wcncsvc - ok
23:48:17.0569 0x0ab8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:48:17.0585 0x0ab8  WcsPlugInService - ok
23:48:17.0616 0x0ab8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:48:17.0616 0x0ab8  Wd - ok
23:48:17.0756 0x0ab8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:48:17.0819 0x0ab8  Wdf01000 - ok
23:48:17.0912 0x0ab8  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:48:17.0944 0x0ab8  WdiServiceHost - ok
23:48:18.0006 0x0ab8  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:48:18.0037 0x0ab8  WdiSystemHost - ok
23:48:18.0162 0x0ab8  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
23:48:18.0193 0x0ab8  WebClient - ok
23:48:18.0302 0x0ab8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:48:18.0380 0x0ab8  Wecsvc - ok
23:48:18.0505 0x0ab8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:48:18.0521 0x0ab8  wercplsupport - ok
23:48:18.0568 0x0ab8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:48:18.0583 0x0ab8  WerSvc - ok
23:48:18.0646 0x0ab8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:48:18.0646 0x0ab8  WfpLwf - ok
23:48:18.0677 0x0ab8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:48:18.0692 0x0ab8  WIMMount - ok
23:48:18.0755 0x0ab8  WinDefend - ok
23:48:18.0802 0x0ab8  WinHttpAutoProxySvc - ok
23:48:18.0911 0x0ab8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:48:18.0942 0x0ab8  Winmgmt - ok
23:48:19.0238 0x0ab8  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
23:48:19.0394 0x0ab8  WinRM - ok
23:48:19.0691 0x0ab8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:48:19.0784 0x0ab8  Wlansvc - ok
23:48:20.0112 0x0ab8  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:48:20.0315 0x0ab8  wlidsvc - ok
23:48:20.0455 0x0ab8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:48:20.0455 0x0ab8  WmiAcpi - ok
23:48:20.0518 0x0ab8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:48:20.0549 0x0ab8  wmiApSrv - ok
23:48:20.0627 0x0ab8  WMPNetworkSvc - ok
23:48:20.0674 0x0ab8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:48:20.0689 0x0ab8  WPCSvc - ok
23:48:20.0767 0x0ab8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:48:20.0783 0x0ab8  WPDBusEnum - ok
23:48:20.0845 0x0ab8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:48:20.0845 0x0ab8  ws2ifsl - ok
23:48:20.0892 0x0ab8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:48:20.0908 0x0ab8  wscsvc - ok
23:48:20.0954 0x0ab8  WSearch - ok
23:48:21.0500 0x0ab8  [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:48:21.0766 0x0ab8  wuauserv - ok
23:48:21.0844 0x0ab8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:48:21.0859 0x0ab8  WudfPf - ok
23:48:21.0922 0x0ab8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:48:21.0953 0x0ab8  WUDFRd - ok
23:48:21.0984 0x0ab8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:48:22.0000 0x0ab8  wudfsvc - ok
23:48:22.0062 0x0ab8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:48:22.0109 0x0ab8  WwanSvc - ok
23:48:22.0202 0x0ab8  [ 9EB8FD651D6EEF8DF25B1147269B2B3D, 9783473692FF95E4FBB7A43F96E6EBB5D93D2ACA5603484929625158BCB5DA3E ] zntport         C:\Windows\system32\drivers\zntport.sys
23:48:22.0202 0x0ab8  zntport - ok
23:48:22.0280 0x0ab8  ================ Scan global ===============================
23:48:22.0343 0x0ab8  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
23:48:22.0405 0x0ab8  [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
23:48:22.0483 0x0ab8  [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
23:48:22.0561 0x0ab8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:48:22.0639 0x0ab8  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
23:48:22.0702 0x0ab8  [ Global ] - ok
23:48:22.0702 0x0ab8  ================ Scan MBR ==================================
23:48:22.0717 0x0ab8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:48:23.0123 0x0ab8  \Device\Harddisk0\DR0 - ok
23:48:23.0123 0x0ab8  ================ Scan VBR ==================================
23:48:23.0138 0x0ab8  [ 498D46FDC16A6596D6C766023FDEF40E ] \Device\Harddisk0\DR0\Partition1
23:48:23.0201 0x0ab8  \Device\Harddisk0\DR0\Partition1 - ok
23:48:23.0341 0x0ab8  [ A3DDB40EEF6628B71EC6BAF3FE57A325 ] \Device\Harddisk0\DR0\Partition2
23:48:23.0357 0x0ab8  \Device\Harddisk0\DR0\Partition2 - ok
23:48:23.0357 0x0ab8  ================ Scan generic autorun ======================
23:48:23.0435 0x0ab8  [ 87A4570E9D15A2821015B7FB6B821654, BDF5266905DC3F9ED0DBE41798D9907FC9E8D030DD5C28975BBF9BFD8BD9DA71 ] C:\Windows\system32\igfxtray.exe
23:48:23.0450 0x0ab8  IgfxTray - ok
23:48:23.0513 0x0ab8  [ 99F8C1060BFB20D2039716BBF741D6C2, 8C578E288D88697E88AB9BEAE79D33AF23AD6176D830D5916BD2DD42EC6FADC5 ] C:\Windows\system32\igfxpers.exe
23:48:23.0575 0x0ab8  Persistence - ok
23:48:24.0886 0x0ab8  [ 9C112F246DB378202DA0C5031C2F0625, EE2127CD65FEE86DC968EC7C278EA7702045D96ED7E01D85C8006F0000825025 ] c:\program files\emsisoft anti-malware\a2guard.exe
23:48:25.0073 0x13d0  Object send P2P result: true
23:48:25.0088 0x13d0  Object required for P2P: [ 6A050671F2C76FB48131F12786802807 ] AdobeFlashPlayerUpdateSvc
23:48:25.0822 0x0ab8  emsisoft anti-malware - ok
23:48:25.0993 0x0ab8  [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
23:48:26.0009 0x0ab8  GrooveMonitor - ok
23:48:26.0071 0x0ab8  [ 07C4EBD3107799774FA3103956CD1C40, BB798DE0F18D2A28B18467D958B68C23DBA0A802512C36E708D9EBD9352492F6 ] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe
23:48:26.0087 0x0ab8  IndexSearch - ok
23:48:26.0165 0x0ab8  [ E5F1D2C7D51C816437BBE2306828BC4B, BBBEB3294EF02F3E4C73A3A2FAE83C261A095602D86E1FF272C6FDFCE0C05E1B ] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
23:48:26.0243 0x0ab8  PaperPort PTD - ok
23:48:26.0430 0x0ab8  [ 0D1D2FBAE112BDDB9F77B7BC7A956D3A, BD833CF275B4EC4EC12E868EB2EE049A6F9F0792A326BEAEB1433586257C098F ] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe
23:48:26.0461 0x0ab8  PPort12reminder - ok
23:48:26.0648 0x0ab8  [ 9F0ACAA725CF5A391AF7E2067AE45746, CA7F3C2C9D4DCB135ECBFFEB3448D272552B5DB720E0A526B4AC07B1F5E8BC9E ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
23:48:26.0711 0x0ab8  PDFHook - ok
23:48:26.0758 0x0ab8  [ 154420A93E4F676AA33A055A116255D9, DF76577C22EBB439DF2B72D1B6B7A465F067CCEC886FC7A7FB337865DA1DB914 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
23:48:26.0758 0x0ab8  PDF5 Registry Controller - ok
23:48:27.0101 0x0ab8  [ 63E9C23A386FFFA84B5E03BFF9B628F0, A370962791EFC4B10548AAD31F89A2B288FBD5BDBF5749323C2D98C14DFB8B49 ] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
23:48:27.0475 0x0ab8  BrStsMon00 - ok
23:48:27.0584 0x0ab8  [ 4F9DD96AECDC12373D4203253D665C6D, 871FF2367ACD5F9A378FED53574BF28A8129224C4B7C4AF074809ED7CF870904 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
23:48:27.0647 0x0ab8  SunJavaUpdateSched - ok
23:48:27.0787 0x0ab8  [ 2EC8F42EC98D72F3B5D37F3D2632E3E3, E9FB8732B0A8E71D1E39E736C47943C879149F25822D6564D2162E2C70C8B013 ] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
23:48:27.0896 0x0ab8  Cisco AnyConnect Secure Mobility Agent for Windows - ok
23:48:27.0974 0x0ab8  [ 57EC74A47981099D5F55B595F73442D3, 2AACEA8A01770685113C3CF0BF3833E14DDEEC2D4FFE82473824EC44C945396F ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
23:48:27.0990 0x0ab8  Avira SystrayStartTrigger - ok
23:48:28.0177 0x0ab8  [ F316A9C0C8BBA9D2A98BE70EE0D8CA96, 20C83B6D1706DED7B645008CD29346A5FD14A4F67FCF17FED28E7A17F021E15B ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
23:48:28.0255 0x0ab8  avgnt - ok
23:48:28.0583 0x0ab8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:48:29.0020 0x13d0  Object send P2P result: true
23:48:29.0020 0x13d0  Object required for P2P: [ 157DA3885AA4F03C80C10DAEB0949CAA ] AntiVirMailService
23:48:29.0144 0x0ab8  Sidebar - ok
23:48:29.0222 0x0ab8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:48:29.0238 0x0ab8  mctadmin - ok
23:48:29.0472 0x0ab8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:48:29.0566 0x0ab8  Sidebar - ok
23:48:29.0597 0x0ab8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:48:29.0612 0x0ab8  mctadmin - ok
23:48:29.0722 0x0ab8  [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
23:48:29.0753 0x0ab8  ISUSPM - ok
23:48:30.0876 0x0ab8  [ E93D62A6DB736AA82A3EEDDFDFE73311, 96EC57F66EE1A36580536518A814299DE6D5DACC0026F5A659B41918434ED8FA ] C:\Program Files\CCleaner\CCleaner64.exe
23:48:31.0687 0x0ab8  CCleaner Monitoring - ok
23:48:31.0750 0x0ab8  Waiting for KSN requests completion. In queue: 311
23:48:32.0764 0x0ab8  Waiting for KSN requests completion. In queue: 311
23:48:33.0341 0x13d0  Object send P2P result: true
23:48:33.0356 0x13d0  Object required for P2P: [ C9BED3BDC39FBCAA77A88308355B237E ] avipbb
23:48:33.0778 0x0ab8  Waiting for KSN requests completion. In queue: 296
23:48:34.0480 0x1448  Object required for P2P: [ 9C112F246DB378202DA0C5031C2F0625 ] c:\program files\emsisoft anti-malware\a2guard.exe
23:48:34.0792 0x0ab8  Waiting for KSN requests completion. In queue: 296
23:48:35.0806 0x0ab8  Waiting for KSN requests completion. In queue: 296
23:48:36.0040 0x13d0  Object send P2P result: true
23:48:36.0040 0x13d0  Object required for P2P: [ 04B922C5BE92C42DD0C2B9D085D7C0CA ] Avira.ServiceHost
23:48:36.0820 0x0ab8  Waiting for KSN requests completion. In queue: 295
23:48:37.0256 0x1448  Object send P2P result: true
23:48:37.0256 0x1448  Object required for P2P: [ E93D62A6DB736AA82A3EEDDFDFE73311 ] C:\Program Files\CCleaner\CCleaner64.exe
23:48:37.0834 0x0ab8  Waiting for KSN requests completion. In queue: 278
23:48:38.0660 0x13d0  Object send P2P result: true
23:48:38.0660 0x13d0  Object required for P2P: [ 138A53D17B040F5A3A307D44A89D0905 ] avnetflt
23:48:38.0848 0x0ab8  Waiting for KSN requests completion. In queue: 276
23:48:39.0862 0x0ab8  Waiting for KSN requests completion. In queue: 276
23:48:40.0002 0x1448  Object send P2P result: true
23:48:40.0876 0x0ab8  Waiting for KSN requests completion. In queue: 275
23:48:41.0312 0x13d0  Object send P2P result: true
23:48:42.0342 0x0ab8  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.17.264 ), 0x41000 ( enabled : updated )
23:48:42.0342 0x0ab8  AV detected via SS2: Emsisoft Anti-Malware, C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2start.exe ( 11.7.0.6394 ), 0x41000 ( enabled : updated )
23:48:42.0482 0x0ab8  Win FW state via NFP2: enabled ( trusted )
23:48:45.0041 0x0ab8  ============================================================
23:48:45.0041 0x0ab8  Scan finished
23:48:45.0041 0x0ab8  ============================================================
23:48:45.0072 0x0724  Detected object count: 0
23:48:45.0072 0x0724  Actual detected object count: 0
23:48:48.0301 0x10f0  Deinitialize success
         

Alt 26.05.2016, 09:12   #5
M-K-D-B
/// TB-Ausbilder
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden



Servus,



Mehrere Anti-Virus-Programme

Code:
ATTFilter
Emsisoft
Avira
         
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Außerdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Programme deinstallieren.

Ich würde Avira deinstallieren.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Alt 26.05.2016, 12:34   #6
Tori22
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden



Hier das Ergebnis der ComboFix Untersuchung:

Code:
ATTFilter
ComboFix 16-05-18.01 - user 26.05.2016  12:39:39.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4057.1853 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\Adobe\downloader.dll
c:\users\user\AppData\Local\Adobe\gccheck.exe
c:\users\user\AppData\Local\Adobe\gtbcheck.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2016-04-26 bis 2016-05-26  ))))))))))))))))))))))))))))))
.
.
2016-05-26 11:04 . 2016-05-26 11:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2016-05-26 10:26 . 2016-05-26 10:26	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EB13FC2-B82C-4826-8A57-832A82DB03B6}\offreg.3060.dll
2016-05-26 09:46 . 2016-05-26 09:46	--------	d-----w-	c:\program files (x86)\VS Revo Group
2016-05-25 05:50 . 2015-06-30 02:50	52392	----a-w-	c:\windows\system32\drivers\iSafeNetFilter.sys
2016-05-24 14:53 . 2016-05-24 14:53	--------	d-----w-	c:\program files (x86)\ESET
2016-05-24 14:42 . 2016-05-24 14:42	--------	d-----w-	c:\programdata\Emsisoft
2016-05-24 13:52 . 2016-05-26 10:31	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2016-05-23 18:56 . 2016-05-23 21:02	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-23 18:53 . 2016-03-10 12:09	64896	----a-w-	c:\windows\system32\drivers\mwac.sys
2016-05-23 18:53 . 2016-03-10 12:08	140672	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2016-05-23 18:53 . 2016-03-10 12:08	27008	----a-w-	c:\windows\system32\drivers\mbam.sys
2016-05-23 18:52 . 2016-05-23 18:53	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2016-05-20 21:13 . 2016-05-25 21:42	--------	d-----w-	C:\FRST
2016-05-20 21:04 . 2016-05-20 21:04	--------	d-----w-	c:\users\user\AppData\Roaming\Elex-tech
2016-05-20 12:11 . 2016-05-26 08:34	--------	d-----w-	C:\AdwCleaner
2016-05-16 13:38 . 2016-05-26 10:00	--------	d-----w-	c:\program files (x86)\Avira
2016-05-16 13:38 . 2016-05-26 10:00	--------	d-----w-	c:\programdata\Avira
2016-05-16 08:26 . 2016-05-16 08:26	--------	d-----w-	c:\programdata\Guntony
2016-05-16 08:25 . 2016-05-20 12:17	--------	d-----w-	c:\windows\system32\log
2016-05-16 08:24 . 2016-05-16 08:24	--------	d-----w-	c:\users\user\AppData\Local\Guntony
2016-05-16 08:24 . 2016-05-16 08:24	--------	d-----w-	c:\program files (x86)\Elex-tech
2016-05-16 08:23 . 2016-05-26 10:04	--------	d-----w-	c:\program files (x86)\Guntony
2016-05-13 07:28 . 2016-04-20 01:13	11695896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EB13FC2-B82C-4826-8A57-832A82DB03B6}\mpengine.dll
2016-05-13 05:37 . 2016-05-13 05:43	--------	d-----w-	c:\users\user\AppData\Roaming\Swiss Academic Software
2016-05-13 05:36 . 2016-05-03 09:42	713256	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.dll
2016-05-13 05:36 . 2016-05-03 09:42	103920	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\IEPickerBroker.exe
2016-05-13 05:36 . 2015-08-13 13:08	126976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\Interop.SHDocVw.dll
2016-05-13 05:36 . 2012-07-26 18:08	8022976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\Microsoft.mshtml.dll
2016-05-13 05:36 . 2016-05-03 09:42	713256	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.dll
2016-05-13 05:36 . 2012-07-26 18:08	8022976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\Microsoft.mshtml.dll
2016-05-13 05:36 . 2016-05-03 09:42	103920	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\IEPickerBroker.exe
2016-05-13 05:36 . 2015-08-13 13:08	126976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\Interop.SHDocVw.dll
2016-05-13 05:36 . 2016-05-13 05:36	--------	d-----w-	c:\program files (x86)\Citavi 5
2016-05-11 17:04 . 2016-04-09 05:49	3217408	----a-w-	c:\windows\system32\win32k.sys
2016-05-11 17:04 . 2016-04-09 06:58	2048	----a-w-	c:\windows\system32\tzres.dll
2016-05-11 17:04 . 2016-04-09 06:54	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2016-05-11 17:03 . 2016-04-09 07:01	986344	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2016-05-11 17:03 . 2016-04-09 07:01	264936	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2016-05-11 17:03 . 2016-04-09 06:57	144384	----a-w-	c:\windows\system32\cdd.dll
2016-05-11 16:58 . 2016-04-09 07:01	5546216	----a-w-	c:\windows\system32\ntoskrnl.exe
2016-05-11 16:57 . 2016-04-09 03:52	1424896	----a-w-	c:\windows\system32\WindowsCodecs.dll
2016-05-11 16:57 . 2016-04-09 04:20	1230848	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2016-05-02 18:24 . 2016-05-13 05:37	--------	d-----w-	c:\programdata\Swiss Academic Software
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-12 19:54 . 2015-03-15 12:28	797376	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-12 19:54 . 2015-03-15 12:28	142528	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-05-11 21:19 . 2013-10-30 10:16	139319312	----a-w-	c:\windows\system32\MRT.exe
2016-04-21 13:05 . 2013-10-30 09:21	453288	------w-	c:\windows\system32\MpSigStub.exe
2016-04-09 06:54 . 2016-05-11 16:58	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2016-04-04 18:14 . 2016-04-18 21:43	38120	----a-w-	c:\windows\system32\CompatTelRunner.exe
2016-04-04 18:02 . 2016-04-18 21:43	1169408	----a-w-	c:\windows\system32\aeinv.dll
2016-04-02 13:08 . 2016-04-18 21:43	1386496	----a-w-	c:\windows\system32\appraiser.dll
2016-03-23 14:02 . 2016-04-18 21:43	215040	----a-w-	c:\windows\system32\aepic.dll
2016-03-17 22:56 . 2016-04-19 18:40	2084864	----a-w-	c:\windows\system32\ole32.dll
2016-03-17 22:28 . 2016-04-19 18:40	1414144	----a-w-	c:\windows\SysWow64\ole32.dll
2016-03-17 18:04 . 2016-04-18 21:43	698368	----a-w-	c:\windows\system32\generaltel.dll
2016-03-17 18:04 . 2016-04-18 21:43	499200	----a-w-	c:\windows\system32\devinv.dll
2016-03-17 18:04 . 2016-04-18 21:43	279040	----a-w-	c:\windows\system32\invagent.dll
2016-03-17 18:04 . 2016-04-18 21:43	76800	----a-w-	c:\windows\system32\acmigration.dll
2016-03-16 18:50 . 2016-04-18 21:46	156672	----a-w-	c:\windows\system32\mtxoci.dll
2016-03-16 18:28 . 2016-04-18 21:46	111616	----a-w-	c:\windows\SysWow64\mtxoci.dll
2016-03-16 18:28 . 2016-04-18 21:46	176128	----a-w-	c:\windows\SysWow64\msorcl32.dll
2016-03-16 00:16 . 2016-04-18 21:43	760320	----a-w-	c:\windows\system32\samsrv.dll
2016-03-16 00:16 . 2016-04-18 21:43	106496	----a-w-	c:\windows\system32\samlib.dll
2016-03-15 23:53 . 2016-04-18 21:43	60416	----a-w-	c:\windows\SysWow64\samlib.dll
2016-03-06 18:53 . 2016-04-18 21:44	2048	----a-w-	c:\windows\system32\msxml3r.dll
2016-03-06 18:53 . 2016-04-18 21:44	1885696	----a-w-	c:\windows\system32\msxml3.dll
2016-03-06 18:38 . 2016-04-18 21:44	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2016-03-06 18:38 . 2016-04-18 21:44	1240576	----a-w-	c:\windows\SysWow64\msxml3.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-02-12 8641240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2015-12-23 1027472]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-05-04 67840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Guntony_protect;Protect Service(Guntony_protect);c:\programdata\Guntony\protect\protect.exe;c:\programdata\Guntony\protect\protect.exe [x]
R2 Guntony_update;Update Service(Guntony_update);c:\program files (x86)\Guntony\Guntony\bin\Guntony_server.exe;c:\program files (x86)\Guntony\Guntony\bin\Guntony_server.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 eapihdrv;eapihdrv;c:\users\user\AppData\Local\Temp\ehdrv.sys;c:\users\user\AppData\Local\Temp\ehdrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iSafeKrnlBoot;YAC Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 epp;epp;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys [x]
S1 iSafeKrnl;YAC Mini-Filter Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys [x]
S1 iSafeKrnlKit;YAC Kit Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [x]
S1 iSafeKrnlMon;YAC Monitor Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [x]
S1 iSafeKrnlR3;YAC Ring3 Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [x]
S1 iSafeNetFilter;YAC NDIS Driver;c:\windows\system32\DRIVERS\iSafeNetFilter.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeNetFilter.sys [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 iSafeService;YAC Service;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-13 04:53	1186968	----a-w-	c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-05-03 14:41	287416	----a-w-	c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2016-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-15 19:54]
.
2016-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06 16:39]
.
2016-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06 16:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Page_URL = www.google.com
uDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
mDefault_Search_URL = www.google.com
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\
FF - prefs.js: browser.startup.homepage - hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
AddRemove-WinZip - c:\program files (x86)\WinZipper\wzUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2016-05-26  13:16:09
ComboFix-quarantined-files.txt  2016-05-26 11:16
.
Vor Suchlauf: 19 Verzeichnis(se), 163.946.160.128 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 164.238.041.088 Bytes frei
.
- - End Of File - - 7F733BD72F531BA27C5B777B9EBD3B2E
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 26.05.2016, 20:52   #7
M-K-D-B
/// TB-Ausbilder
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden



Servus,





Schritt 1
Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    ATTFilter
    Driver::
    Guntony_protect
    Guntony_update
    iSafeKrnlBoot
    iSafeKrnl
    iSafeKrnlKit
    iSafeKrnlMon
    iSafeKrnlR3
    iSafeNetFilter
    iSafeService
    
    Folder::
    c:\program files (x86)\Elex-tech
    c:\users\user\AppData\Roaming\Elex-tech
    c:\programdata\Guntony
    c:\users\user\AppData\Local\Guntony
    c:\program files (x86)\Guntony
    
    File::
    c:\windows\system32\drivers\iSafeNetFilter.sys
    c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!








Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.








Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix,
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.

Alt 27.05.2016, 08:22   #8
Tori22
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden



Guten Morgen Matthias,

Die Logdatei von ComboFix ist zu groß. Ich wollte diese als Zip-Datei anhängen. Leider wurde der Zugriff verweigert, die Logdatei in eine Zip-Datei umzuwandeln. Hättest du eine Idee, was der Grund sein kann, dass es nicht geklappt hat, und wie ich dir die ComboFix Datei posten kann?

Hier die Logdateien von AdwCleaner, MBAM und FRST:

Code:
ATTFilter
# AdwCleaner v5.117 - Bericht erstellt am 27/05/2016 um 00:10:03
# Aktualisiert am 15/05/2016 von Xplode
# Datenbank : 2016-05-26.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : user - USER-PC
# Gestartet von : C:\Users\user\Desktop\AdwCleaner_5.117.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel gefunden : HKCU\Software\OCS
Schlüssel gefunden : HKLM\SOFTWARE\Elex-tech
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Schlüssel gefunden : HKU\.DEFAULT\Software\Elex-tech
Schlüssel gefunden : HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\OCS
Schlüssel gefunden : HKU\S-1-5-18\Software\Elex-tech
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\eshopcomp.com
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.eshopcomp.com
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com

***** [ Internetbrowser ] *****

[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.alias", "");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://www.nicesearches.com/favicon.ico?t=1");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.name", "nice ");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.ptid", "wpm07153");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.ref", "");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.ts", "1463387536");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.type", "");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.uid", "fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.url", "hxxp://www.nicesearches.com/search.php?type=ds&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c[...]
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("extensions.quick_start.enable_search1", false);
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.startup.homepage", "hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q");
[C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.newtab.url", "hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q");
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] gefunden : hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] gefunden : hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [9941 Bytes] - [20/05/2016 14:16:23]
C:\AdwCleaner\AdwCleaner[C2].txt - [5707 Bytes] - [20/05/2016 14:42:45]
C:\AdwCleaner\AdwCleaner[C3].txt - [5685 Bytes] - [20/05/2016 23:00:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [9683 Bytes] - [20/05/2016 14:11:55]
C:\AdwCleaner\AdwCleaner[S2].txt - [5330 Bytes] - [20/05/2016 14:37:10]
C:\AdwCleaner\AdwCleaner[S3].txt - [5374 Bytes] - [20/05/2016 22:57:53]
C:\AdwCleaner\AdwCleaner[S4].txt - [6228 Bytes] - [25/05/2016 19:13:46]
C:\AdwCleaner\AdwCleaner[S5].txt - [6514 Bytes] - [26/05/2016 10:34:51]
C:\AdwCleaner\AdwCleaner[S6].txt - [6593 Bytes] - [26/05/2016 15:47:26]
C:\AdwCleaner\AdwCleaner[S7].txt - [6108 Bytes] - [27/05/2016 00:10:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [6181 Bytes] ##########
         
MBAM:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 27.05.2016
Suchlaufzeit: 00:23
Protokolldatei: mbat.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.05.26.07
Rootkit-Datenbank: v2016.05.20.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: user

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 313493
Abgelaufene Zeit: 35 Min., 32 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 6
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5ED97A44-9BAC-4B08-AA04-1069146C9288}, Löschen bei Neustart, [c6b91ac0f7a2e650ca8f57854cb73ac6], 
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A8F6F5A3-4864-4473-AB42-C1B7C19A62E7}, Löschen bei Neustart, [aed1dbff643577bf4c0dcf0d32d114ec], 
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D88946E8-79B6-4C3D-885C-B78CC3CF1B02}, Löschen bei Neustart, [304ffedcb2e776c06fec924abf44e11f], 
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GuntonyBrowserUpdateCore, Löschen bei Neustart, [f08f12c85c3dff374b11a735d1324eb2], 
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GuntonyBrowserUpdateUA, Löschen bei Neustart, [dea1c6148c0d2b0b8dd04d8f5da614ec], 
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GuntonyCheckTask, Löschen bei Neustart, [38478654f4a51125fb63a13b5ea5ae52], 

Registrierungswerte: 4
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5ED97A44-9BAC-4B08-AA04-1069146C9288}|Path, \GuntonyBrowserUpdateCore, Löschen bei Neustart, [c6b91ac0f7a2e650ca8f57854cb73ac6]
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A8F6F5A3-4864-4473-AB42-C1B7C19A62E7}|Path, \GuntonyBrowserUpdateUA, Löschen bei Neustart, [aed1dbff643577bf4c0dcf0d32d114ec]
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D88946E8-79B6-4C3D-885C-B78CC3CF1B02}|Path, \GuntonyCheckTask, Löschen bei Neustart, [304ffedcb2e776c06fec924abf44e11f]
PUP.Optional.xRocketToolbar, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|arthurj8283@gmail.com, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com, In Quarantäne, [2956904aecadad892ce09b1bd32f04fc]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 4
PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], 
PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\chrome, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], 
PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\chrome\content, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], 
PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\chrome\skin, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], 

Dateien: 7
PUP.Optional.Ghokswa.Gen, C:\Windows\System32\Tasks\GuntonyBrowserUpdateCore, In Quarantäne, [1c6314c618812610e1729b4120e3c43c], 
PUP.Optional.Ghokswa.Gen, C:\Windows\System32\Tasks\GuntonyBrowserUpdateUA, In Quarantäne, [46391ac03f5a2b0b0f45a23a06fdfd03], 
PUP.Optional.Ghokswa.Gen, C:\Windows\System32\Tasks\GuntonyCheckTask, In Quarantäne, [e19e706a128777bf4213a03c4db63fc1], 
PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\chrome.manifest, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], 
PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\install.rdf, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], 
PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\chrome\content\toolbar.xul, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], 
PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\chrome\skin\icon.png, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
FRST:

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-05-2016 01
durchgeführt von user (2016-05-27 08:35:10)
Gestartet von C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-10-30 09:00:08)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1718339690-3013972182-446857107-500 - Administrator - Disabled)
Gast (S-1-5-21-1718339690-3013972182-446857107-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1718339690-3013972182-446857107-1002 - Limited - Enabled)
user (S-1-5-21-1718339690-3013972182-446857107-1000 - Administrator - Enabled) => C:\Users\user

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Absolute Uninstaller 5.3.1.21 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.21 - Glarysoft Ltd)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Avira Launcher (HKLM-x32\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden
Brother MFL-Pro Suite DCP-7055W (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.2.01035 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.2.01035 - Cisco Systems, Inc.) Hidden
Citavi 5  (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deutsche Grammatik (HKLM-x32\...\Deutsche Grammatik_is1) (Version:  - Magnamedia)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Glary Utilities 5.51 (HKLM-x32\...\Glary Utilities 5) (Version: 5.51.0.71 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.18.07 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaLab Research Software v2012 (HKLM-x32\...\{67350CFB-529E-4173-91DC-0AE79DEE1ACC}) (Version: 20.12.4.131 - Empirisoft Corporation)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{DA715959-CFF1-48A2-B3BB-98B9E569C6AC}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinZip (HKLM-x32\...\WinZip) (Version: 2.0.39 - Winzipper Pvt Ltd.) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02913145-BEBF-4240-AC37-A7F08F3F748E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {07FB5B5B-8A2D-4A9E-AD85-EB5FD6AF1789} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {2A348BC6-66EA-43AD-8F71-0470B11747E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {7E1A5E0C-D3B1-45BF-BB0C-28E1632744FC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {97157EED-5525-4662-9121-314373D31ED1} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-05-16] (Glarysoft Ltd)
Task: {BD77D142-0DB2-42E3-B606-03C3771D3D92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {E02B5983-D93F-49E9-9E57-034AE913F0FD} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-05-16] (Glarysoft Ltd)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-02-12 23:13 - 2016-02-12 23:13 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-12-23 15:33 - 2015-12-23 15:33 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-07-17 21:44 - 2009-02-27 14:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-05-16 04:36 - 2016-05-16 04:36 - 00086992 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-05-26 23:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{7F0883AE-4217-472B-A0B7-A84CCF3D9383}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{13CEAE4F-40BC-4D7C-9082-D40ECF266D03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3366C49C-020F-42E9-AF6C-01213720ECA0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{27C60F1F-7E7F-4B3C-B713-06D3263CB87D}] => (Allow) C:\ProgramData\Guntony\protect\protect.exe
FirewallRules: [{EC1D2487-8B36-4655-97A5-1FD40416AA30}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
FirewallRules: [{952C26F6-922A-405D-8899-D5E858F4EE28}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe

==================== Wiederherstellungspunkte =========================

23-05-2016 14:17:37 Geplanter Prüfpunkt
26-05-2016 11:48:56 Revo Uninstaller's restore point - Avira Antivirus
26-05-2016 15:20:18 Windows Update
26-05-2016 15:59:14 Windows Update
26-05-2016 21:57:20 Revo Uninstaller's restore point - Revo Uninstaller 1.95

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/26/2016 07:59:44 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/25/2016 08:16:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7189000a
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3

Error: (05/25/2016 07:07:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/25/2016 06:54:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/25/2016 06:54:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/25/2016 06:02:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x717a000a
ID des fehlerhaften Prozesses: 0x12d8
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3

Error: (05/25/2016 05:37:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x717a000a
ID des fehlerhaften Prozesses: 0xc14
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3

Error: (05/25/2016 04:45:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x717c000a
ID des fehlerhaften Prozesses: 0xcfc
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3

Error: (05/25/2016 03:44:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003225d6
ID des fehlerhaften Prozesses: 0x10bc
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/25/2016 02:29:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7185000a
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3


Systemfehler:
=============
Error: (05/27/2016 08:24:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
epp

Error: (05/27/2016 01:31:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
epp

Error: (05/27/2016 01:30:54 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.

Error: (05/27/2016 12:16:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
epp

Error: (05/27/2016 12:16:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/27/2016 12:15:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Live ID Sign-in Assistant erreicht.

Error: (05/27/2016 12:13:39 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (05/27/2016 12:13:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/27/2016 12:13:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/27/2016 12:13:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-05-26 23:02:54.483
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2016-05-26 23:02:53.765
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2016-05-26 23:02:53.063
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2016-05-26 23:02:52.346
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2016-05-26 13:02:33.031
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2016-05-26 13:02:32.360
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Prozentuale Nutzung des RAM: 59%
Installierter physikalischer RAM: 4056.56 MB
Verfügbarer physikalischer RAM: 1650.7 MB
Summe virtueller Speicher: 8111.3 MB
Verfügbarer virtueller Speicher: 5654.76 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:157.84 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D6776FFD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01
durchgeführt von user (Administrator) auf USER-PC (27-05-2016 08:33:51)
Gestartet von C:\Users\user\Desktop
Geladene Profile: user (Verfügbare Profile: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_242_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1027472 2015-12-23] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-05-16] (Glarysoft Ltd)
BootExecute: autocheck autochk *  

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{36398523-7615-4AF2-A2A6-A18130B35576}: [DhcpNameServer] 192.168.3.2
Tcpip\..\Interfaces\{9D540E77-56BB-4FAB-9711-18067F181277}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-05-13]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-06]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-06]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-06]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-06]
CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-06]
CHR Extension: (Google Tabellen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-06]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-06]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Citavi Picker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-05-02]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Datei ist nicht signiert]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-05-26] (Glarysoft Ltd)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-04-20] (Cisco Systems, Inc.)
R2 zntport; C:\Windows\system32\drivers\zntport.sys [13880 2007-12-22] (Zeal SoftStudio)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 eapihdrv; \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys [X]
S1 epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-27 08:33 - 2016-05-27 08:34 - 00015365 _____ C:\Users\user\Desktop\FRST.txt
2016-05-27 01:39 - 2016-05-27 01:39 - 00005280 _____ C:\Users\user\Desktop\mbat.txt
2016-05-27 01:39 - 2016-05-27 01:39 - 00000632 _____ C:\Users\user\Desktop\protokoll.txt
2016-05-27 00:04 - 2016-05-27 00:04 - 00248372 _____ C:\ComboFix.txt
2016-05-26 22:24 - 2016-05-26 22:24 - 05659526 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2016-05-26 22:13 - 2016-05-27 01:34 - 00001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2016-05-26 22:13 - 2016-05-27 01:33 - 00001074 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2016-05-26 22:13 - 2016-05-26 22:13 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2016-05-26 22:13 - 2016-05-26 22:13 - 00003310 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2016-05-26 22:13 - 2016-05-26 22:13 - 00002968 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2016-05-26 22:13 - 2016-05-26 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2016-05-26 22:12 - 2016-05-27 08:25 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-05-26 22:11 - 2016-05-27 01:34 - 00001258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2016-05-26 22:11 - 2016-05-27 01:33 - 00001252 _____ C:\Users\Public\Desktop\Absolute Uninstaller.lnk
2016-05-26 22:11 - 2016-05-26 22:12 - 00001562 _____ C:\GUDownLoaddebug.txt
2016-05-26 22:11 - 2016-05-26 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2016-05-26 22:11 - 2016-05-26 22:11 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2016-05-26 22:09 - 2016-05-26 22:10 - 04999096 _____ C:\Users\user\Desktop\ausetup_5.3.1.21.exe
2016-05-26 19:33 - 2016-05-26 19:33 - 00000229 _____ C:\Users\user\Desktop\Schüssler-Salze Nr. 15. Kalium jodatum.url
2016-05-26 17:55 - 2016-05-26 17:55 - 00000230 _____ C:\Users\user\Desktop\Master Rechtspsychologie am Institut für Psychologie, Universität Bonn.url
2016-05-26 12:33 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-26 12:33 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-05-26 12:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-26 12:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-26 12:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-26 12:33 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-05-26 12:33 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-05-26 12:33 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-05-26 12:20 - 2016-05-27 00:04 - 00000000 ____D C:\Qoobox
2016-05-26 12:09 - 2016-05-26 23:36 - 00000000 ____D C:\Windows\erdnt
2016-05-26 11:46 - 2016-05-26 22:02 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-05-26 10:33 - 2016-05-26 10:33 - 03651136 _____ C:\Users\user\Desktop\AdwCleaner_5.117.exe
2016-05-26 09:05 - 2016-05-26 09:08 - 00206986 _____ C:\TDSSKiller.3.1.0.9_26.05.2016_09.05.21_log.txt
2016-05-25 23:52 - 2016-05-26 00:40 - 00611252 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_23.52.37_log.txt
2016-05-25 23:46 - 2016-05-25 23:48 - 00206206 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_23.46.34_log.txt
2016-05-24 16:53 - 2016-05-24 16:53 - 00000000 ____D C:\Program Files (x86)\ESET
2016-05-24 16:42 - 2016-05-24 16:42 - 00000000 ____D C:\ProgramData\Emsisoft
2016-05-24 15:52 - 2016-05-26 15:30 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-05-23 23:30 - 2016-05-27 08:33 - 00000000 ____D C:\Users\user\Desktop\forum
2016-05-23 20:56 - 2016-05-27 01:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-23 20:53 - 2016-05-27 01:32 - 00001102 _____ C:\Users\user\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-23 20:53 - 2016-05-23 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-23 20:53 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-23 20:53 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-23 20:53 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-23 20:52 - 2016-05-23 20:53 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-05-20 23:29 - 2016-05-20 23:29 - 00000239 _____ C:\Users\user\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten.url
2016-05-20 23:13 - 2016-05-27 08:33 - 00000000 ____D C:\FRST
2016-05-20 23:12 - 2016-05-25 23:36 - 02383360 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-05-20 22:17 - 2016-05-20 22:17 - 00000124 _____ C:\Users\user\Desktop\Singles und Partnersuche bei NEU.DE.url
2016-05-20 14:11 - 2016-05-27 00:13 - 00000000 ____D C:\AdwCleaner
2016-05-17 16:12 - 2016-05-17 16:12 - 00000201 _____ C:\Users\user\Desktop\Startseite.url
2016-05-16 15:39 - 2016-05-27 01:33 - 00001178 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-05-16 15:39 - 2016-05-26 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\ProgramData\Avira
2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\Program Files (x86)\Avira
2016-05-16 10:25 - 2016-05-20 14:17 - 00000000 ____D C:\Windows\system32\log
2016-05-16 10:23 - 2016-05-27 01:33 - 00002102 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-16 10:23 - 2016-05-16 10:23 - 00000000 ____D C:\Users\Public\Documents\Guntony
2016-05-15 22:41 - 2016-05-15 23:09 - 00000000 ____D C:\Users\user\Desktop\15.05.16
2016-05-15 20:17 - 2016-05-23 15:10 - 00000000 ____D C:\Users\user\Desktop\Theorie_MA
2016-05-14 17:41 - 2016-05-14 17:43 - 00000000 ____D C:\Users\user\Desktop\SPSS_16
2016-05-13 07:37 - 2016-05-15 18:36 - 00000000 ____D C:\Users\user\Documents\Citavi 5
2016-05-13 07:37 - 2016-05-13 07:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Swiss Academic Software
2016-05-13 07:36 - 2016-05-27 01:33 - 00001955 _____ C:\Users\Public\Desktop\Citavi 5.lnk
2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5
2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\Program Files (x86)\Citavi 5
2016-05-11 19:07 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 19:07 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 19:07 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 19:07 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 19:07 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 19:07 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 19:07 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 19:07 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 19:07 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 19:07 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 19:07 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 19:07 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 19:07 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 19:07 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 19:07 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 19:07 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 19:07 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 19:07 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 19:07 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 19:07 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 19:07 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 19:07 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 19:07 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 19:07 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 19:07 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 19:07 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 19:07 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 19:07 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 19:07 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 19:07 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 19:07 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 19:07 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 19:07 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 19:07 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 19:07 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 19:07 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 19:07 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 19:06 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 19:06 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 19:06 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 19:06 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 19:06 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 19:06 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 19:06 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 19:06 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 19:06 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 19:06 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 19:06 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 19:06 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 19:06 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 19:06 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 19:06 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 19:06 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 19:06 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 19:06 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 19:06 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 19:06 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 19:06 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 19:06 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 19:06 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 19:06 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 19:06 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 19:06 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 19:06 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 19:06 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 19:06 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 19:04 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 19:04 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 19:04 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 19:03 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 19:03 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 19:03 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 19:02 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 19:02 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 19:02 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 19:02 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 19:02 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 19:02 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 19:02 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 18:58 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 18:58 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 18:58 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 18:58 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 18:58 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 18:58 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 18:58 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 18:58 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 18:58 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 18:58 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 18:58 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 18:58 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 18:58 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 18:58 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 18:58 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 18:58 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 18:58 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 18:58 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 18:58 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 18:58 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 18:58 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 18:58 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 18:58 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 18:58 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 18:57 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 18:57 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-04 21:59 - 2016-05-17 19:30 - 00000000 ____D C:\Users\user\Desktop\MA schreiben
2016-05-03 17:40 - 2016-05-26 11:08 - 00000000 ____D C:\Users\user\Desktop\Fachschaft
2016-05-02 20:24 - 2016-05-13 07:37 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2016-05-01 18:44 - 2016-05-17 13:50 - 00000000 ____D C:\Users\user\Desktop\Notizen

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-27 08:32 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-27 08:32 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-27 08:24 - 2016-04-06 18:39 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-27 08:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-27 01:34 - 2016-04-06 18:40 - 00002042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-27 01:34 - 2016-04-06 17:30 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-27 01:34 - 2014-06-25 21:46 - 00001446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-05-27 01:34 - 2014-01-25 21:05 - 00001596 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaLab.exe.lnk
2016-05-27 01:34 - 2013-10-31 18:05 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-27 01:34 - 2013-10-30 10:44 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-05-27 01:34 - 2013-10-30 10:44 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-05-27 01:34 - 2009-07-14 06:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-27 01:34 - 2009-07-14 06:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-05-27 01:34 - 2009-07-14 06:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-05-27 01:34 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-05-27 01:34 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-05-27 01:33 - 2014-07-17 21:40 - 00001866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2016-05-27 01:33 - 2014-04-19 12:47 - 00002633 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Neues Microsoft Office-Dokument.lnk
2016-05-27 01:33 - 2014-04-19 12:47 - 00002633 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Microsoft Office-Dokument öffnen.lnk
2016-05-27 01:33 - 2013-10-31 18:14 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-27 01:33 - 2009-07-14 07:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-05-27 01:33 - 2009-07-14 06:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-05-27 01:32 - 2015-03-25 12:17 - 00001446 _____ C:\Users\user\Desktop\Windows Live Mail.lnk
2016-05-27 01:32 - 2014-04-19 20:36 - 00000355 _____ C:\Users\user\Desktop\Computer -.lnk
2016-05-27 01:32 - 2014-04-19 12:47 - 00002679 _____ C:\Users\user\Desktop\Microsoft Office Word 2007.lnk
2016-05-27 01:32 - 2013-12-21 19:36 - 00002216 _____ C:\Users\user\Desktop\IBM SPSS Statistics 21.lnk
2016-05-27 00:54 - 2015-03-15 14:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-27 00:52 - 2016-04-06 18:39 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-26 23:56 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-05-26 23:37 - 2009-07-14 04:34 - 94896128 _____ C:\Windows\system32\config\software.bak
2016-05-26 23:37 - 2009-07-14 04:34 - 17301504 _____ C:\Windows\system32\config\system.bak
2016-05-26 23:37 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2016-05-26 23:37 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2016-05-26 23:37 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2016-05-26 23:36 - 2009-07-14 04:34 - 60030976 _____ C:\Windows\system32\config\components.bak
2016-05-26 22:13 - 2015-04-24 11:54 - 00000000 ____D C:\Users\user\AppData\Roaming\GlarySoft
2016-05-26 20:55 - 2009-07-27 11:10 - 00699342 _____ C:\Windows\system32\perfh007.dat
2016-05-26 20:55 - 2009-07-27 11:10 - 00149450 _____ C:\Windows\system32\perfc007.dat
2016-05-26 20:55 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-26 20:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-26 15:59 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-26 15:59 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-26 13:02 - 2014-04-10 10:57 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-05-25 07:57 - 2014-07-17 21:44 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2016-05-23 23:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-20 14:01 - 2015-03-27 09:03 - 00000000 ____D C:\Users\user\Desktop\fotos
2016-05-20 11:47 - 2015-03-19 15:25 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner
2016-05-20 07:01 - 2015-03-18 11:48 - 00000000 ____D C:\Users\user\Desktop\Eigene Dateien
2016-05-16 15:37 - 2016-01-14 00:17 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-16 09:50 - 2016-04-24 21:35 - 00000000 ____D C:\Users\user\Desktop\cad
2016-05-15 20:09 - 2016-04-24 14:36 - 00000000 ____D C:\Users\user\Desktop\SRP
2016-05-14 16:27 - 2015-07-13 18:01 - 00000000 ____D C:\Users\user\Desktop\Prüfung
2016-05-13 20:54 - 2015-05-24 19:54 - 00000000 ____D C:\Users\user\Desktop\Uni_2015
2016-05-13 07:32 - 2014-01-25 21:04 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2016-05-13 07:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-05-12 21:55 - 2015-03-15 14:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-12 21:54 - 2015-03-15 14:28 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-12 21:54 - 2015-03-15 14:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 17:16 - 2015-03-15 20:06 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 08:08 - 2009-07-14 06:45 - 00414280 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 08:04 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 23:56 - 2013-10-30 12:16 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 23:19 - 2013-10-30 12:16 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 18:10 - 2015-10-14 11:11 - 00000000 ____D C:\Users\user\Desktop\masterarbeit
2016-05-11 07:47 - 2016-04-06 18:39 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 07:46 - 2016-04-06 18:39 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 22:22 - 2016-04-06 17:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-08 14:10 - 2016-01-15 22:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Millisecond Software
2016-05-04 23:24 - 2014-07-06 12:11 - 00000000 ____D C:\Users\user\Desktop\Uni

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-18 08:54

==================== Ende von FRST.txt ============================
         

Alt 27.05.2016, 08:50   #9
Tori22
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden



ComboFix_Teil1:

Code:
ATTFilter
ComboFix 16-05-18.01 - user 26.05.2016  22:42:05.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4057.2589 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\user\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys"
"c:\windows\system32\drivers\iSafeNetFilter.sys"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Elex-tech
c:\program files (x86)\Elex-tech\YAC\bugreport.exe
c:\program files (x86)\Elex-tech\YAC\cfg\ccc.dat
c:\program files (x86)\Elex-tech\YAC\cfg\customscan.dat
c:\program files (x86)\Elex-tech\YAC\cfg\dbucg.dat
c:\program files (x86)\Elex-tech\YAC\cfg\hyperscan.dat
c:\program files (x86)\Elex-tech\YAC\cfg\isafe.dat
c:\program files (x86)\Elex-tech\YAC\cfg\quickscan.dat
c:\program files (x86)\Elex-tech\YAC\cfg\scanfilter.dat
c:\program files (x86)\Elex-tech\YAC\cfg\ucg.dat
c:\program files (x86)\Elex-tech\YAC\cfg\updatedb.dat
c:\program files (x86)\Elex-tech\YAC\curlpp.dll
c:\program files (x86)\Elex-tech\YAC\data\adb.dat
c:\program files (x86)\Elex-tech\YAC\data\bas.dat
c:\program files (x86)\Elex-tech\YAC\data\bts.dat
c:\program files (x86)\Elex-tech\YAC\data\bwd.dat
c:\program files (x86)\Elex-tech\YAC\data\cls.dat
c:\program files (x86)\Elex-tech\YAC\data\clx.dat
c:\program files (x86)\Elex-tech\YAC\data\eas.dat
c:\program files (x86)\Elex-tech\YAC\data\ess.dat
c:\program files (x86)\Elex-tech\YAC\data\fst.dat
c:\program files (x86)\Elex-tech\YAC\data\gcs.dat
c:\program files (x86)\Elex-tech\YAC\data\gcx.dat
c:\program files (x86)\Elex-tech\YAC\data\hs.dat
c:\program files (x86)\Elex-tech\YAC\data\mic.dat
c:\program files (x86)\Elex-tech\YAC\data\nlu.dat
c:\program files (x86)\Elex-tech\YAC\data\plx.dat
c:\program files (x86)\Elex-tech\YAC\data\rms.dat
c:\program files (x86)\Elex-tech\YAC\data\sta.dat
c:\program files (x86)\Elex-tech\YAC\data\stu.dat
c:\program files (x86)\Elex-tech\YAC\data\tbc.dat
c:\program files (x86)\Elex-tech\YAC\data\uis.dat
c:\program files (x86)\Elex-tech\YAC\data\was.dat
c:\program files (x86)\Elex-tech\YAC\data\ysm.dat
c:\program files (x86)\Elex-tech\YAC\engine\cache\index.dat
c:\program files (x86)\Elex-tech\YAC\engine\defs\bs.dat
c:\program files (x86)\Elex-tech\YAC\engine\defs\sr.dat
c:\program files (x86)\Elex-tech\YAC\engine\defs\vn.dat
c:\program files (x86)\Elex-tech\YAC\engine\defs\ws.dat
c:\program files (x86)\Elex-tech\YAC\engine\trustzone\index.dat
c:\program files (x86)\Elex-tech\YAC\feedback.exe
c:\program files (x86)\Elex-tech\YAC\font\segoeui.ttf
c:\program files (x86)\Elex-tech\YAC\font\segoeuib.ttf
c:\program files (x86)\Elex-tech\YAC\iCommon.dll
c:\program files (x86)\Elex-tech\YAC\iCommu.dll
c:\program files (x86)\Elex-tech\YAC\iddmgr.dll
c:\program files (x86)\Elex-tech\YAC\iDesk.exe
c:\program files (x86)\Elex-tech\YAC\iDskDllPatch.dll
c:\program files (x86)\Elex-tech\YAC\iDskDllPatch64.dll
c:\program files (x86)\Elex-tech\YAC\iImportLib.dll
c:\program files (x86)\Elex-tech\YAC\ipcdl.exe
c:\program files (x86)\Elex-tech\YAC\ipcproxy.dll
c:\program files (x86)\Elex-tech\YAC\iSafe.exe
c:\program files (x86)\Elex-tech\YAC\isafeadfv.dll
c:\program files (x86)\Elex-tech\YAC\iSafeAdless.dll
c:\program files (x86)\Elex-tech\YAC\isafebase.dll
c:\program files (x86)\Elex-tech\YAC\isafebs.dll
c:\program files (x86)\Elex-tech\YAC\iSafeBugReport.exe
c:\program files (x86)\Elex-tech\YAC\iSafeCheckEngine.dll
c:\program files (x86)\Elex-tech\YAC\isafechlp.dll
c:\program files (x86)\Elex-tech\YAC\isafeclc.dll
c:\program files (x86)\Elex-tech\YAC\isafeclcv.dll
c:\program files (x86)\Elex-tech\YAC\isafeclean.dll
c:\program files (x86)\Elex-tech\YAC\iSafeDisp.dll
c:\program files (x86)\Elex-tech\YAC\iSafeEngineBase.dll
c:\program files (x86)\Elex-tech\YAC\iSafeEngineDisp.dll
c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys
c:\program files (x86)\Elex-tech\YAC\iSafeKrnlBoot.sys
c:\program files (x86)\Elex-tech\YAC\iSafeKrnlCall.dll
c:\program files (x86)\Elex-tech\YAC\iSafeKrnlCall64.dll
c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys
c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys
c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMonCall.dll
c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys
c:\program files (x86)\Elex-tech\YAC\iSafeKrnlShell.dll
c:\program files (x86)\Elex-tech\YAC\isafemadwc.dll
c:\program files (x86)\Elex-tech\YAC\isafembp.dll
c:\program files (x86)\Elex-tech\YAC\isafemc.dll
c:\program files (x86)\Elex-tech\YAC\isafemclv.dll
c:\program files (x86)\Elex-tech\YAC\isafemgc.dll
c:\program files (x86)\Elex-tech\YAC\iSafeMon.dll
c:\program files (x86)\Elex-tech\YAC\iSafeMon64.dll
c:\program files (x86)\Elex-tech\YAC\isafemoptv.dll
c:\program files (x86)\Elex-tech\YAC\isafemsmv.dll
c:\program files (x86)\Elex-tech\YAC\isafemvsv.dll
c:\program files (x86)\Elex-tech\YAC\iSafeNetFilter.sys
c:\program files (x86)\Elex-tech\YAC\iSafenpf.dll
c:\program files (x86)\Elex-tech\YAC\isafepxy.dll
c:\program files (x86)\Elex-tech\YAC\iSafeRKScanShell64.dll
c:\program files (x86)\Elex-tech\YAC\isaferpt.dll
c:\program files (x86)\Elex-tech\YAC\isafesmgr.dll
c:\program files (x86)\Elex-tech\YAC\isafesopt.dll
c:\program files (x86)\Elex-tech\YAC\isafesptv.dll
c:\program files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll
c:\program files (x86)\Elex-tech\YAC\isafesv.dll
c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe
c:\program files (x86)\Elex-tech\YAC\iSafeSvc2.exe
c:\program files (x86)\Elex-tech\YAC\isafetbv.dll
c:\program files (x86)\Elex-tech\YAC\iSafeTHlp.exe
c:\program files (x86)\Elex-tech\YAC\iSafeTHlp64.exe
c:\program files (x86)\Elex-tech\YAC\iSafeTray.exe
c:\program files (x86)\Elex-tech\YAC\isafeupbiz.dll
c:\program files (x86)\Elex-tech\YAC\iSafeVirusScanner.exe
c:\program files (x86)\Elex-tech\YAC\iStart.exe
c:\program files (x86)\Elex-tech\YAC\iSvc.dll
c:\program files (x86)\Elex-tech\YAC\iSvc2.dll
c:\program files (x86)\Elex-tech\YAC\iTPAutoClean.dll
c:\program files (x86)\Elex-tech\YAC\iTPDesk.dll
c:\program files (x86)\Elex-tech\YAC\iTPFeedback.dll
c:\program files (x86)\Elex-tech\YAC\iTPFloaty.dll
c:\program files (x86)\Elex-tech\YAC\iTPMsgCenter.dll
c:\program files (x86)\Elex-tech\YAC\iTpNodisturb.dll
c:\program files (x86)\Elex-tech\YAC\iTPProtect.dll
c:\program files (x86)\Elex-tech\YAC\iTPPush.dll
c:\program files (x86)\Elex-tech\YAC\iTPStartupAssist.dll
c:\program files (x86)\Elex-tech\YAC\iTPVirus.dll
c:\program files (x86)\Elex-tech\YAC\lang\AdBlock_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\adwclean_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\bugreport.xml
c:\program files (x86)\Elex-tech\YAC\lang\clean_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\clean_scanfilter_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\common_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\dsk_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\fblang.xml
c:\program files (x86)\Elex-tech\YAC\lang\iSafeRKScanShell.lang
c:\program files (x86)\Elex-tech\YAC\lang\iSafeSet_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\Lottery_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\new_clean_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\NewVirusScan_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\optimize_lang2.xml
c:\program files (x86)\Elex-tech\YAC\lang\PCClinicUI_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\plugin_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\SafeProtect_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\shell.xml
c:\program files (x86)\Elex-tech\YAC\lang\softmgr_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\startup_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\taskhelper_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\ToolBox_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\tray2_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_appstore_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_desk_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_feedback_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_floaty_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_nodisturb_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_protect_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_startupassist_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_virus_lang.xml
c:\program files (x86)\Elex-tech\YAC\lang\uninstall_lang.xml
c:\program files (x86)\Elex-tech\YAC\libcurl.dll
c:\program files (x86)\Elex-tech\YAC\libeay32.dll
c:\program files (x86)\Elex-tech\YAC\libpng.dll
c:\program files (x86)\Elex-tech\YAC\log\bugreport.LOG
c:\program files (x86)\Elex-tech\YAC\log\ipcdl.log
c:\program files (x86)\Elex-tech\YAC\log\ipcproxy.log
c:\program files (x86)\Elex-tech\YAC\log\iSafeBS.log
c:\program files (x86)\Elex-tech\YAC\log\iSafeKrnlCall.log
c:\program files (x86)\Elex-tech\YAC\log\iSafeKrnlMonCall.log
c:\program files (x86)\Elex-tech\YAC\log\iSafeSvc.LOG
c:\program files (x86)\Elex-tech\YAC\log\iSafeSvc2.LOG
c:\program files (x86)\Elex-tech\YAC\log\iSafeSvc2_a53e8dea-63b4-4925-8337-4cb3a4777361.dmp
c:\program files (x86)\Elex-tech\YAC\log\iSafeTaskHelper.LOG
c:\program files (x86)\Elex-tech\YAC\log\iSafeTHlp64.LOG
c:\program files (x86)\Elex-tech\YAC\main
c:\program files (x86)\Elex-tech\YAC\msvcp110.dll
c:\program files (x86)\Elex-tech\YAC\msvcr110.dll
c:\program files (x86)\Elex-tech\YAC\ouilibx.dll
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set_gray.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set_hide.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set_hide_gray.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set_show.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set_show_gray.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\AdblockToggle.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\Add.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\Beta.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\check.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\Delete.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\edit_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\FilterDesc.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\FilterDesc_gray.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\lock_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\LogDetail.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\LogDetail_gray.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\opt_arrow_down.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\popup_menu_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\popup_menu_itemskin.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\Resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\unlocked_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\WhiteList.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\WhiteList_gray.png
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\layout\default\AdBlockView.xml
c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\style\Style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\about_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\activity.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\activity_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\appstore_new.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\appstore_refresh.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\BG.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\btn_set.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\check_checked.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\check_indeterminate.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\check_uncheck.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\cm_iconlist.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\combo_browser_dropdown_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\connecting_anim.gif
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\dbup_dlg_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\dbup_dlg_bk_arrow.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\dbup_dlg_onekey_up_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\dbup_dlg_reboot_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\bk_bag.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\bk_green.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\bk_orange.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\bk_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\btn_repair.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_adblock_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_back_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_cancel.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_do.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_number_0.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_health_number_hover.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_health_number_normal.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_health_number_pressed.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_health_plus_normal.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_hover.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_hover_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_normal.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_normal_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_pressed.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_pressed_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_ok_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_plus_normal.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_rubbish_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_rubbish_icon_warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_safe_protect_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_safe_protect_icon_warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_scanning_mid.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_scanning_pic.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_scanning_small.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_softmgr_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_softmgr_icon_warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_sys_opt_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_sys_opt_icon_warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_tip_wnd_arrow_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_tip_wnd_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_tip_wnd_bk2.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_type_btn_bottom_line.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_bn.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_gb.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_health_bn.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_health_kn.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_health_mn.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_kb.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_kn.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_mb.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_mn.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_vscroll.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\green_right.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\icon_big_home.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\ignore_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\manual_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\manual_item.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\number_big_green.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\number_big_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\number_big_red2.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\opt_arrow_down.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\opt_arrow_up.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\right_green.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\score_none.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\warning_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\warning_gray.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\warning_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\warning_yellow.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\yellow_wrong.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\head_checked.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\head_indeteminate.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\head_unchecked.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_adblock.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_adw_clean.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_appstore.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_avira.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_deep_clean.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_exam.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_netmon.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_optimize.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_protect.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_recovery.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_softmgr.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_toolbox.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_virusscan.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\if_block.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\if_prompt.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\if_question.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\if_warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\language_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\language_selected_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\like.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\like_count.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\line1.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\line2.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\listctrlbtn.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\menu_bkg.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\menu_bkg2.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\menu_item_over.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\menu_nation_iconlist.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\menu_setting_over.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\msgbox_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\number_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\number_bg2.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\pop_sys_button2.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\pop_sys_close.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\progressbar_anim.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\progressbar_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\progressbar_image.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\recovery.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\setting.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\setting_img_list.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\slidebutton_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\small_dl.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\small_download.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\small_new.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\small_progress.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\small_progress_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\special_line.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\startmenu_deepclean.ico
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\sub_toggle_btn.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\sys_imglist.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\tab_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_check.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_cheking.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_chk_err.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_chk_ok.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_client_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_downlodaing.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_error.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_latest.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_server_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\updatedlg_ok_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\vscroll.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\wifi_logo.png
c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\aboutdlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\dbupdatedlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\DemoApp.xml
c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\language_select.xml
c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\maindlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\msgbox.xml
c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\slide_button_wnd.xml
c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\tipwnd.xml
c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\updatedlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\app\style\style_new.xml
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\crash_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\detail_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\error_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\input.png
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\reset_yac_btn_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\send_btn_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\smell_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\sorry_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\sucess_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\vscroll.png
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\wait.png
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\wait_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\waitting_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\layout\default\detailwnd.xml
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\layout\default\mainwnd.xml
c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\style\style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_advance_item_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_advance_item_bk2.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_adware_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_auto_clean_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_clean_smile_face.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_full_scan_virus_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_junk_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_list_header_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_plugin_can_delete.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_plugin_can_disable.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_plugin_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_plugin_normal.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_plugin_type_iconlist.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_privacy_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_quick_clean_iconlist.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_quickclean_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_reg_iconlist.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_registry_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_rubbish_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_scan_check.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_scan_detail_dlg_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_share_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_sysmenu_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_trace_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\cl_combo_skin.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\cl_down_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\cl_menu_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\cl_menu_item_over.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\cl_up_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk1.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk2.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk3.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk4.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk5.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk6.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_box_select_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_button_open.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_default_image.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_eye_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_file_browser.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_path_edit.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_progress_animate.gif
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_tipwnd_warnning.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_togbtn_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_res.xml
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\opt_new_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\opt_rightkeymenu_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\opt_sendto_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\clean\layout\default\NewCleanPFSettingDlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\clean\layout\default\NewCleanPopDlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\clean\layout\default\NewCleanView.xml
c:\program files (x86)\Elex-tech\YAC\skin2\clean\layout\default\ScanDetailDlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\clean\layout\default\Tipswnd.xml
c:\program files (x86)\Elex-tech\YAC\skin2\clean\style\clean_style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\arrow_down.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\arrow_up.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\check_checked.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\check_indeterminate.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\check_uncheck.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\close_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\color_blue_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\color_green_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\color_red_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\color_yellow_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\common_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\common_dlg_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\common_faq_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\common_res.xml
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\common_tip_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\feedback_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\head_checked.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\head_indeteminate.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\head_unchecked.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\if_block.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\if_prompt.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\if_question.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\if_warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\min_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\msgbox_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\msgbox_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\msgbox_close_btn.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\msgbox2_button_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\msgbox2_button_green.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\msgbox2_warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\nation_icon_list.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\progressbar_anim.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\progressbar_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\progressbar_image.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\pvb_line.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\pvb_skin.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\scan_check.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\scan_complete.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\scan_scanning.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\scan_warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\scanview_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\switch_button_off.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\switch_button_on.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\toggle_btn_pop_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\vscroll.png
c:\program files (x86)\Elex-tech\YAC\skin2\common\layout\msgbox.xml
c:\program files (x86)\Elex-tech\YAC\skin2\common\layout\msgbox2.xml
c:\program files (x86)\Elex-tech\YAC\skin2\common\style\common_style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\close_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_add_file_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_add_file_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_btn_bk1.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_btn_bk2.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_complete_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_ctrl_close_btn.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_edit_skin.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_file_ctrl_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_file_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_live_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_msgbox_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_msgbox_warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_pay_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_problem_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_report_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_suggestion_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_tip_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_wait_anim.gif
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_warning_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_yac_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\tab_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\layout\default\feedback_view.xml
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\layout\default\mainwnd2.xml
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\layout\default\msgbox.xml
c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\style\style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_1.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_2.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_3.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_4.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_5.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_default.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\desk_bkg_list.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\foldericon\app.ico
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\foldericon\file.ico
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\foldericon\folder.ico
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\foldericon\picture.ico
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\add_list_over.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\add_list_til_line.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\app.ico
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrange_arrow.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\arrange_arrow_b.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\arrange_arrow_l.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\arrange_arrow_r.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\arrange_arrow_t.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\btn_close.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\btn_green_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\check_uncheck.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\main_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrow_left.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrow_right.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\btn_accelerate_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\button_delete.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\button_selected.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\check_checked.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\check_uncheck.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\cloud_flash.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\combo_skin.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\combo_skin_op.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\customize.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\default_file.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\delete_button.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_all_import.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_bkg_default.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_btn_dkg.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_button_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_close.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_cmd_list.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_default_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_dlg_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_edit.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_edit_light.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_fbar.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_arrow_left.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_arrow_right.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_button_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_gridctrl_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_icon_add_other.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_icon_list_add.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_list.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_list_light.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_loading.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_main_panel_edge.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_menu.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_more.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_pc.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_plus_import_bkg_a.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_plus_import_bkg_b.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_power_off.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_power_off_light.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_power_off_unlight.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_skin.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\deskbtnbk.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\edit_skin.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\edit_skin_op.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\file.ico
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\focus_next.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\focus_prev.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\folder.ico
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\icon_adblock_18-18.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\icon_adblock_22-22.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\icon_arrange.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\icon_Tip.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\idesk_pre_view.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\idesk_pre_view_a.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\import_scroll.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\improve_arrow.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\large_add_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\line-foot.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\list_scroll.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\logo_small.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_accelerate.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_arrow.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_close.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_help.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_import.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_noad.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_open.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_quit.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_restore.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_sendto.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_set.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menuitem_selbk.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\monitor_button_next.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\monitor_button_pre.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\mousechoose.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\mypc_bkg.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\new_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\new_icon_large.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\new_icon_small.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\new_icon_xp.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\normal_button_close.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\nothing.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\PageBtnBkg.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\PageBtnBkg_focus.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\PageNavigate.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\pic-error.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\pic-info.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\pic-question.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\pic-warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\picture.ico
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\plus_action_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\search_box.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\search_button.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\search_close.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\selected.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\shutdown_button_bkg.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\shutdown_more_button_bkg.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\start_button_hover.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\start_panel_bkg.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\start_shutdown_arrow.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\switch_style.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_ctrl_panel.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_imglist.bmp
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_local_driver.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_lock.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_menu_bkg.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_net_connect.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_recycle.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_restart.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_sleep.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_firstrun_bottom.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_firstrun_left.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_firstrun_right.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_firstrun_top.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_introduce_bottom.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_introduce_left.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_introduce_right.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_introduce_top.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_close.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_add_focus.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_arrow_bottom.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_arrow_left.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_arrow_right.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_arrow_right_large.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_browser_focus.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_focus_mask_point.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_focus_mask_rect.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_item_drag.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_item_focus.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_point.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tips_button_close.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\title_bar.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\user_account_default.bmp
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\vscroll.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\WIN7_bj_X.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\WIN7_bj_Y.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\WIN7_bjSmall_X.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\WIN7_bjSmall_Y.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\win8_desk_16_over.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\win8_desk_32_over.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\XP_bj_hover.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\XP_bj_normal.png
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\add_shortcut_tip.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\arrange_desktop.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\desk_bkg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\desk_taskbar_help_tip1.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\desk_taskbar_help_tip2.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\main_import_icon.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\main_panel.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\main_setting.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\main_start.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\my_pc_menu.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\plus_import_icon.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\rename.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\taskbar.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\style\style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\about.png
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\adb.png
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\bep.png
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\bth.png
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\check.png
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\dse.png
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\emailprotect.png
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\fw.png
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\general.png
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\iSafeSet_res.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\jfm.png
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\lang.png
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\lang_btn_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\nation_icon_list.png
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\layout\default\iSafeSetView.xml
c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\style\iSafeSet_style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_arrow_down.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_arrow_up.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_button_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_close_button.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_indeterminate.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_loading.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_logo.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_minimum_button.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_num.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_num_percent.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_num_white.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_brush.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_complete.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_dl_brush.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_dl_complete.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_dl_start.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_install_brush.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_normal.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_op_complete.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_point.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_res.xml
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_select.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_speed_bar.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unable.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unit_b.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unit_gb.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unit_kb.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unit_mb.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unselect.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\vscroll.png
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\layout\newclean\NewCleanDlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\layout\newclean\tipsWnd.xml
c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\style\new_clean_style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_appsvc_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_arrow_down_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_arrow_up_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_boottime_nodata_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_combo.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_combo_bk_bottom.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_combo_bk_top.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_combo_dropdown_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_menu_item_over.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_startup_app_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_sysmenu_def_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_syssvc_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_taskschedule_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_type_iconlist.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_vert_line.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\optimize_btn_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\optimize_empty.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\optimize_restore_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\pop_OptDlg_BG.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\st_green.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\st_orange.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\st_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\syssvc_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\layout\default\optimize_popdlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\layout\default\OptimizeView.xml
c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\style\style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\plugin\image\default\plug_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\plugin\image\default\plug_norm.png
c:\program files (x86)\Elex-tech\YAC\skin2\plugin\image\default\plug_sec_level.png
c:\program files (x86)\Elex-tech\YAC\skin2\plugin\image\default\plug_should_del.png
c:\program files (x86)\Elex-tech\YAC\skin2\plugin\image\default\plug_should_dis.png
c:\program files (x86)\Elex-tech\YAC\skin2\plugin\image\default\plugin_res.xml
c:\program files (x86)\Elex-tech\YAC\skin2\plugin\layout\default\PluginView.xml
c:\program files (x86)\Elex-tech\YAC\skin2\plugin\style\plugin_style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\bing_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\blank_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\bo.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\bp.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\bw.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\cdbh.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\cdsh.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\check.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\chph.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\chrome_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\cseh.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\dp.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\edit_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\edit_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\edit_skin.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\empty.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\exam_dlg_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\exam_radio_checked.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\exam_radio_unchecked.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\firefix_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\fr.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\google_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\google_small.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\ie_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\iph.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\lastsession_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\lock_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\locked_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\oh.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\opera_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\opt.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\opt_vert_line.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\pop_OptDlg_BG.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\pop_toggle_btn_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\popup_menu_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\popup_menu_itemskin.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\pwb.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\query_btn_safe.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\SafeProtect_res.xml
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\savebtn_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\syssvc_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\to.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\tp.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\tw.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\unlocked_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\yac_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\yahoo_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\yahoo_small.png
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\layout\default\examdlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\layout\default\SafeProtect_popdlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\layout\default\SafeProtectView.xml
c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\style\SafeProtect_style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm_common_btn_bk1.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm_common_btn_bk2.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm_menu_bkg.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm_menu_item_over.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm_remain_ctrl_iconlist.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm_software_def_ico_20.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm_warning_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_check_arrow_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_close_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_collapse_arrow.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_expand_arrow.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_folder_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_opt_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_progbar_anim_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_progbar_indicator.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_progbar_indicator_green.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_search_box_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_search_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_software_def_ico_48.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_step_found.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_step_nofound.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_uninst_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_vscroll.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_warning_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_whirling_pic.png
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\softmgr_res.xml
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\layout\default\softmgr_guide.xml
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\layout\default\softmgr_guide2.xml
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\layout\default\softmgr_result.xml
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\layout\default\SoftMgrView.xml
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\layout\default\SoftMgrView2.xml
c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\style\softmgr_style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\btn_bg_1.png
c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\btn_bg_2.png
c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\smell_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\sorry_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\taskhlp_ac_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\taskhlp_ac_iconlist.png
c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\vscroll.png
c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\wait.png
c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\wait_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\layout\default\autoclean_guide.xml
c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\layout\default\softuninstallwnd.xml
c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\style\style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\ToolBox\image\default\Resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\ToolBox\image\default\tb_close.png
c:\program files (x86)\Elex-tech\YAC\skin2\ToolBox\image\default\tb_default.png
c:\program files (x86)\Elex-tech\YAC\skin2\ToolBox\image\default\tb_download.png
c:\program files (x86)\Elex-tech\YAC\skin2\ToolBox\image\default\tb_new.png
c:\program files (x86)\Elex-tech\YAC\skin2\ToolBox\layout\default\ToolBoxView.xml
c:\program files (x86)\Elex-tech\YAC\skin2\ToolBox\style\Style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\if_block.png
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\if_prompt.png
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\if_warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\notify_bk_dang.png
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\notify_bk_safe.png
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\notify_bk_warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\pop_sys_close.png
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\query_bk_dang.png
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\query_bk_safe.png
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\query_bk_warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\query_btn_dang.png
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\query_btn_safe.png
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\query_btn_warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\traymenu_dlg_bk2.png
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\vscroll.png
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\layout\pop\tippop.xml
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\layout\traydlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\tray2\style\style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\ad_arrow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\adblock_guide_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\pic_ad_off1.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\pic_ad_off2.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\pic_ad_on1.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\pic_ad_on2.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\rubbish.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\traymenu_iconlist.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\layout\adblockguide.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\layout\cleartrash.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\layout\strongUnist.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\layout\traydlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\style\style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\arrowdown_green.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\arrowup_orange.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\clean_junk_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\default_program_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\download.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\download_gray.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_acc_circle_list_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_acc_circle_list_orange.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_acc_circle_list_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_dec_circle_list_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_dec_circle_list_orange.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_dec_circle_list_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_left_bk_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_left_bk_orange.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_left_bk_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_right_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_round_bk_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_round_bk_orange.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_round_bk_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_shadow_bk_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_shadow_bk_orange.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_shadow_bk_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_whirling_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_whirling_orange.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_whirling_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_btn_close_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_menu_iconlist.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_net_down_arrow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_net_flow_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_net_up_arrow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_numer.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_percent_bk_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_percent_bk_orange.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_percent_bk_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_shadow_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_shadow_sh_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_shadow_sv_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_speed_test_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_left.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_rb.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_rb_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_right.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_rt.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_rt_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_close_btn.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_go_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_wnd_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_wnd_bk_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_rope_btn_bk_gl.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_rope_btn_bk_roulette.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_swing_anim_bk_gl.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_swing_anim_bk_roulette.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_throw_anim_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_throw_anim_round_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\trayF_float_tips_left.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\trayF_float_tips_right.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\floattray_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\flow_number.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\flow_unit.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\IPicon.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\menu_bkg.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\menu_item_over.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\pop_memory_btn_green_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\pop_memory_btn_yellow_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\pop_network_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\speed_number.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\speed_unit.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\sys_imglist.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\test_speed_download.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\test_speed_upload.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\testspeed_arrow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\testspeed_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\testspeed_light.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\testspeed_light1.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\trayfloatarrow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\trayfloatnetbtnico.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\traymenu_iconlist.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\upload.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\upload_gray.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\upload_gray_mark.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\yaclogo.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\floatplugin.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\floattipwnd.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\floattipwnd_hide.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\swing_anim.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\throwdlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\traydlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\trayfloaty2.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\trayfloatypop2.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\trayfloatypop2_bottom.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\trayTaskbar.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\trayTaskbar_wifi.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\style\style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\app.ico
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\file.ico
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\folder.ico
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\picture.ico
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\app.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\btn_cancel.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\btn_close.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\btn_green_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\file.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\folder.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\logo_small.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\main_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\picture.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\yac_logo.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\idesk_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\traymenu_iconlist.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\layout\arrange_desktop.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\layout\traydlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\style\style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\MsgCenter\layout\default\MsgCenterDlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\MsgCenter\resouce\default\close.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\MsgCenter\resouce\default\logo.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\MsgCenter\resouce\default\Msg_BG.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\MsgCenter\resouce\default\Resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\MsgCenter\style\Style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\pop_startup_slow_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\pop_startup_warning_button.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\tray_radio_checked.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\tray_radio_unchecked.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\traymenu_iconlist.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\traymenu_pop_cancel_btn2.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\traymenu_pop_ico_query.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\layout\traydlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\layout\traymenupop.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\style\style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\bing_16_16.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\chrome_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_browser_dropdown_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_browser2.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_pop_modify.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_pop_modify_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_pop_modify2.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_skin4.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\firefix_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\google_16_16.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\ie_16_16.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\ie_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\isafe_16.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\pop_startup_slow_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\pop_startup_warning_button.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\tray_radio_checked.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\tray_radio_unchecked.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\traymenu_iconlist.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\traymenu_pop_cancel_btn2.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\traymenu_pop_ico_query.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\yahoo_16_16.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\layout\accesslink.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\layout\blockblacklist.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\layout\lock_guide.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\layout\querymodify.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\layout\querymodify2.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\layout\traydlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\layout\traymenupop.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\style\style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\close.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\Location_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\new_left.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\new_right.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_assistant_blue_number.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_assistant_yellow_number.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startup_fast_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startup_nomall_button.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startup_slow_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startup_warning_button.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startupass_comb_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startupass_vscoll.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_sys_close.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_sys_Setting.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_sys_star.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_anim_expand_bk_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_anim_expand_bk_yellow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_char_m.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_char_percent.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_char_s.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_close_btn_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_close_btn_yellow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_combo_drop_bk_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_combo_drop_bk_yellow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_combo_skin_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_combo_skin_yellow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_itemhover_bk_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_itemhover_bk_yellow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_location_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_location_yellow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_news_line_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_news_line_yellow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_number.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_number_fuzzy.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_optimize_btn.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_redpoint_large.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_redpoint_middle.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_redpoint_small.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_late_night_blue.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_late_night_yellow.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_morning_blue.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_morning_yellow.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_nightfall_blue.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_nightfall_yellow.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_noon_blue.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_noon_yellow.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_vscoll_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_vscoll_yellow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_cloudy_blue.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_cloudy_yellow.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_icon_large.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_icon_small.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_line_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_line_yellow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_rain_blue.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_rain_yellow.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_snow_blue.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_snow_yellow.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_thunder_blue.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_thunder_yellow.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_yac_logo.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\weather_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\yellow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\layout\daily_news.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\layout\startup_assist.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\layout\startup_assist_2.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\layout\startup_assist_3.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\layout\startup_assist_weather.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\style\style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\Anti_Malware.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\dtk_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\dtk_dlg_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\green_bk_new.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\green1_bk_new.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\point.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_safe.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_safe_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_safe_btn.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_scan.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unknow.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unkown_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unkown_btn.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_btn.png
c:\program files (x86)\Elex-tech\YAC\skin2
         

Geändert von Tori22 (27.05.2016 um 09:01 Uhr)

Alt 27.05.2016, 08:52   #10
Tori22
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden



CombiFix_Teil2:

Code:
ATTFilter
\trayplugin\Virus\image\pop_dp_unsafe_clear_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_clear_btn.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_clear_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\vip_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\vip_dlg_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\detectbrowserriskpop.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\detectriskpop.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\downloadprotect.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\outdatepop.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\premiumuserpop.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\PrivilegeTerminateDlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\updatevirussuccesspop.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\virusdboutofdatepop.xml
c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\style\style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\av_authority_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\combo_list.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\custom_check.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\custom_uncheck.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\dl_inst_antymal_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\dl_inst_clean_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\dl_inst_optimize_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\dl_inst_protect_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\exam_tip_wnd_arrow_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\exam_tip_wnd_bk2.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\ico_app.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\ico_face.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\ico_upgrade.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\inst_cover_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\install_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\install_combo_skin.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\install_logo.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\install_prog_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\install_prog_meter.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\open_dir.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\popup_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\resource.xml
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\soft_cof_button_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\soft_remove_button_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_acc.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_btn_bg1.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_btn_bg2.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_clean.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_complete.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_cry.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_func_intr.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_func_up.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_func1.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_func3.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_input.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_prog_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_progress.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_protect.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_spliter.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_1.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_2.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_3.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_4.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_5.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_6.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_7.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\upgrade_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\upgrade_prog_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\upgrade_prog_meter.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\vscroll.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\yac_side_ico.png
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\layout\cover.xml
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\layout\install.xml
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\layout\uninstall_logo_fade.xml
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\layout\uninstallpro.xml
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\layout\upgrade.xml
c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\style\style.xml
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\avangate.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\avangateflag.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\button_blue.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\button_buy.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\button_green.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\button_yellow.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\buy_flag.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\centili.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\chooseoption_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\chooseoption_close.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\close_message_box_warning.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\cseh.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\edit_skin.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\free_flag_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\general_buy_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\green_bk_new.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\green1_bk_new.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\guarantee.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\icoBW.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\icoBW_gray.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\icoDP.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\icoDP_gray.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\icoRS.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\icoRS_gray.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\main_item_status.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\mobileflag.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\new.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\pay_cancel.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\paypal.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\paypaldetail.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\paypalflag.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\point.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\premium_button_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\premium_flag_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\radio_checked.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\radio_unchecked.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\red_bk_new.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\result_danger.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\result_safe.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\risk_item_see_about_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\skrill.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\skrillflag.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\trail_flag_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_certification_list_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_common_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_custom_scan.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_custom_scan_green.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_custom_scan_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_delete_btn.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_expdlg_collapse_arrow.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_expdlg_expand_arrow.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\Virus_feature.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\Virus_feature_right.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hover_btn_iconlist.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hover_tip_arrow.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hover_tip_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hover_tip_iconlist.jpg
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hyper_scan.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hyper_scan_d.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hyper_scan_green.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hyper_scan_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_menu_bkg.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_menu_item_over.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_normal.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_quick_scan.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_quick_scan_green.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_quick_scan_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_red.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_restore_btn.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_scan_safe.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_scan_scaning.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_scan_virus.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_setting_icon.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_task_item_combo_skin.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_task_item_edit_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_task_item_save_btn_bk.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_update_db.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_update_db_out.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_yellow.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virusopt_btn_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virusopt_but_bg.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_Btn_BG.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_Loading.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_OptDlg_BG.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_res.xml
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_SetDlg_BG.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_SetDlg_Cancel_BTN_BG.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_SetDlg_EditSkin.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_Tab_Vert_Line.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\wait.gif
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\yellow_bk_new.png
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\ChooseOptionMessageBox.xml
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\CloseMessageBox.xml
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\explorer_folder_dlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\FinishScanFirstMessageBox.xml
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\InputEmailDlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\TrialFeatureDlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\virushovertip.xml
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\virusscan_popdlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\virusscan_settingdlg.xml
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\VirusScanFeatureView.xml
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\VirusScanView.xml
c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\style\VirusScan_style.xml
c:\program files (x86)\Elex-tech\YAC\sqlite3.dll
c:\program files (x86)\Elex-tech\YAC\sqlite3x64.dll
c:\program files (x86)\Elex-tech\YAC\ssleay32.dll
c:\program files (x86)\Elex-tech\YAC\tws\antirk.dll
c:\program files (x86)\Elex-tech\YAC\tws\common.ini
c:\program files (x86)\Elex-tech\YAC\tws\ctools.dll
c:\program files (x86)\Elex-tech\YAC\tws\decexp.dll
c:\program files (x86)\Elex-tech\YAC\tws\defs\base0000.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\base0001.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\catalog.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0000.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0001.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0002.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0003.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0004.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0005.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0006.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0007.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0008.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0009.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0010.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0011.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0012.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0013.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0014.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0015.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0016.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0017.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0018.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0019.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0020.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0021.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0022.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0023.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0024.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0025.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0026.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0027.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0028.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0029.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0030.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0031.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0032.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0033.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0034.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0035.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0036.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0037.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0038.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0039.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0040.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0041.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0042.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0043.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0044.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0045.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0046.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0047.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0048.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0049.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0050.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0051.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0052.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0053.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0054.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0055.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0056.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0057.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0058.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0059.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0060.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0061.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0062.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0063.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0064.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0065.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0066.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0067.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0068.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0069.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0070.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0071.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0072.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0073.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0074.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0075.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0076.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0077.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0078.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0079.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0080.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0081.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0082.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0083.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0084.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0085.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0086.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0087.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0088.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0089.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0090.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0091.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0092.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0093.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0094.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0095.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0096.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0097.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0098.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0099.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0100.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0101.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0102.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0103.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0104.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0105.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0106.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0107.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0108.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0109.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0110.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0111.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0112.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0113.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0114.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0115.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0116.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0117.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0118.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0119.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0120.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0121.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0122.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0123.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0124.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0125.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0126.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0127.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0128.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0129.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0130.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0131.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0132.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0133.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0134.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0135.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0136.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0137.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0138.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0139.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0140.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0141.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0142.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0143.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0144.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0145.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0146.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0147.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0148.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0149.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0150.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0151.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0152.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0153.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0154.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0155.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0156.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0157.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0158.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0159.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0160.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0161.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0162.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0163.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0164.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0165.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0166.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0167.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0168.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0169.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0170.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0171.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0172.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0173.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0174.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0175.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0176.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0177.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0178.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0179.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0180.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0181.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0182.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0183.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0184.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0185.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0186.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0187.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0188.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0189.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0190.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0191.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0192.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0193.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0194.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0195.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0196.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0197.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0198.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0199.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0200.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0201.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0202.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0203.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0204.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0205.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0206.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0207.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0208.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0209.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0210.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0211.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0212.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0213.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0214.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0215.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0216.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0217.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0218.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0219.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0220.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0221.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0222.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0223.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0224.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0225.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0226.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0227.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0228.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0229.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0230.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0231.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0232.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0233.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0234.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0235.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0236.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0237.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0238.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0239.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0240.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0241.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0242.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0243.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0244.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0245.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0246.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0247.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0248.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0249.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0250.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0251.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0252.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0253.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0254.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0255.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0256.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0257.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0258.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0259.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0260.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0261.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0262.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0263.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0264.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0265.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0266.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0267.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0268.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0269.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0270.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0271.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0272.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0273.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0274.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0275.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0276.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0277.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0278.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0279.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0280.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0281.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0282.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0283.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0284.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0285.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0286.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0287.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0288.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0289.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0290.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0291.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0292.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0293.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0294.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0295.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0296.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0297.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0298.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0299.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0300.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0301.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0302.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0303.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0304.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0305.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0306.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0307.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0308.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0309.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0310.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0311.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0312.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0313.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0314.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0315.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0316.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0317.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0318.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0319.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0320.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0321.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0322.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0323.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0324.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0325.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0326.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0327.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0328.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0329.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0330.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0331.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0332.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0333.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0334.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0335.dat
c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0336.dat
c:\program files (x86)\Elex-tech\YAC\tws\emlib.dll
c:\program files (x86)\Elex-tech\YAC\tws\falgorit.dll
c:\program files (x86)\Elex-tech\YAC\tws\fddsdb.dat
c:\program files (x86)\Elex-tech\YAC\tws\fddslog.txt
c:\program files (x86)\Elex-tech\YAC\tws\fgui.dll
c:\program files (x86)\Elex-tech\YAC\tws\filau.dll
c:\program files (x86)\Elex-tech\YAC\tws\filcmn.dll
c:\program files (x86)\Elex-tech\YAC\tws\filcpt.dll
c:\program files (x86)\Elex-tech\YAC\tws\filppi.dll
c:\program files (x86)\Elex-tech\YAC\tws\filpps.ini
c:\program files (x86)\Elex-tech\YAC\tws\filup.dat
c:\program files (x86)\Elex-tech\YAC\tws\filup.ini
c:\program files (x86)\Elex-tech\YAC\tws\filuplog.txt
c:\program files (x86)\Elex-tech\YAC\tws\filvss.dll
c:\program files (x86)\Elex-tech\YAC\tws\filvss.ini
c:\program files (x86)\Elex-tech\YAC\tws\filwls\figs000.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fils000.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fols000.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwgs000.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls000.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls001.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls002.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls003.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls004.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls005.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls006.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls007.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls008.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls009.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls010.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls011.dat
c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls012.dat
c:\program files (x86)\Elex-tech\YAC\tws\fsrexc.dat
c:\program files (x86)\Elex-tech\YAC\tws\fupd.dll
c:\program files (x86)\Elex-tech\YAC\tws\iSafeSvc2.exe
c:\program files (x86)\Elex-tech\YAC\tws\leave.dat
c:\program files (x86)\Elex-tech\YAC\tws\lsf.dll
c:\program files (x86)\Elex-tech\YAC\tws\mca.dll
c:\program files (x86)\Elex-tech\YAC\tws\message.dll
c:\program files (x86)\Elex-tech\YAC\tws\plugins\filavutd.dll
c:\program files (x86)\Elex-tech\YAC\tws\plugins\virut.tpl
c:\program files (x86)\Elex-tech\YAC\tws\plugmgr.dll
c:\program files (x86)\Elex-tech\YAC\tws\psmgr.dll
c:\program files (x86)\Elex-tech\YAC\tws\quarantine.dll
c:\program files (x86)\Elex-tech\YAC\tws\tsc.dll
c:\program files (x86)\Elex-tech\YAC\tws\twsdk.dll
c:\program files (x86)\Elex-tech\YAC\tws\twsupd.dll
c:\program files (x86)\Elex-tech\YAC\tws\twsupd.ini
c:\program files (x86)\Elex-tech\YAC\tws\unacev2.dll
c:\program files (x86)\Elex-tech\YAC\tws\unchm.dll
c:\program files (x86)\Elex-tech\YAC\tws\unemb.dll
c:\program files (x86)\Elex-tech\YAC\tws\unmisc.dll
c:\program files (x86)\Elex-tech\YAC\tws\unrar.dll
c:\program files (x86)\Elex-tech\YAC\tws\unsevzip.dll
c:\program files (x86)\Elex-tech\YAC\tws\unzip32.dll
c:\program files (x86)\Elex-tech\YAC\tws\vfst.dll
c:\program files (x86)\Elex-tech\YAC\tws\w32tools.dll
c:\program files (x86)\Elex-tech\YAC\tws\x64\psmgr.dll
c:\program files (x86)\Elex-tech\YAC\tws\zipexp.dll
c:\program files (x86)\Elex-tech\YAC\tws\zlib1.dll
c:\program files (x86)\Elex-tech\YAC\uninstall.exe
c:\program files (x86)\Elex-tech\YAC\uninstall.inst
c:\program files (x86)\Elex-tech\YAC\update\Engine0\dlcfg.ini
c:\program files (x86)\Elex-tech\YAC\update\Engine0\upcfg.ini
c:\program files (x86)\Elex-tech\YAC\update\Engine1\bs.dat.dlinfo
c:\program files (x86)\Elex-tech\YAC\update\Engine1\bs.dat.tmp
c:\program files (x86)\Elex-tech\YAC\update\Engine1\sr.dat.dlinfo
c:\program files (x86)\Elex-tech\YAC\update\Engine1\sr.dat.tmp
c:\program files (x86)\Elex-tech\YAC\update\Engine1\vn.dat.dlinfo
c:\program files (x86)\Elex-tech\YAC\update\Engine1\vn.dat.tmp
c:\program files (x86)\Elex-tech\YAC\update\Engine1\ws.dat.dlinfo
c:\program files (x86)\Elex-tech\YAC\update\Engine1\ws.dat.tmp
c:\program files (x86)\Elex-tech\YAC\update\temp\dlcfg.ini
c:\program files (x86)\Elex-tech\YAC\update\temp\upcfg.ini
c:\program files (x86)\Elex-tech\YAC\user\brset.ini
c:\program files (x86)\Elex-tech\YAC\user\cbss.dat
c:\program files (x86)\Elex-tech\YAC\user\co.dat
c:\program files (x86)\Elex-tech\YAC\user\sie.dat
c:\program files (x86)\Elex-tech\YAC\user\softcache2.dat
c:\program files (x86)\Elex-tech\YAC\user\svc2.dat
c:\program files (x86)\Elex-tech\YAC\user\svc2_com.dat
c:\program files (x86)\Elex-tech\YAC\YACcleaner.exe
c:\program files (x86)\Elex-tech\YAC\zlib1.dll
c:\program files (x86)\Guntony
c:\program files (x86)\Guntony\Guntony\50.14.2661.78.manifest
c:\program files (x86)\Guntony\Guntony\bin\Guntony_browser.dll
c:\program files (x86)\Guntony\Guntony\bin\Guntony_server.exe
c:\program files (x86)\Guntony\Guntony\bin\Guntony_update.dll
c:\program files (x86)\Guntony\Guntony\chrome.dll
c:\program files (x86)\Guntony\Guntony\chrome.exe
c:\program files (x86)\Guntony\Guntony\chrome_100_percent.pak
c:\program files (x86)\Guntony\Guntony\chrome_200_percent.pak
c:\program files (x86)\Guntony\Guntony\chrome_child.dll
c:\program files (x86)\Guntony\Guntony\chrome_elf.dll
c:\program files (x86)\Guntony\Guntony\chrome_watcher.dll
c:\program files (x86)\Guntony\Guntony\d3dcompiler_47.dll
c:\program files (x86)\Guntony\Guntony\delegate_execute.exe
c:\program files (x86)\Guntony\Guntony\Extensions
c:\program files (x86)\Guntony\Guntony\icudtl.dat
c:\program files (x86)\Guntony\Guntony\libegl.dll
c:\program files (x86)\Guntony\Guntony\libexif.dll
c:\program files (x86)\Guntony\Guntony\libglesv2.dll
c:\program files (x86)\Guntony\Guntony\locales\am.pak
c:\program files (x86)\Guntony\Guntony\locales\ar.pak
c:\program files (x86)\Guntony\Guntony\locales\bg.pak
c:\program files (x86)\Guntony\Guntony\locales\bn.pak
c:\program files (x86)\Guntony\Guntony\locales\ca.pak
c:\program files (x86)\Guntony\Guntony\locales\cs.pak
c:\program files (x86)\Guntony\Guntony\locales\da.pak
c:\program files (x86)\Guntony\Guntony\locales\de.pak
c:\program files (x86)\Guntony\Guntony\locales\el.pak
c:\program files (x86)\Guntony\Guntony\locales\en-GB.pak
c:\program files (x86)\Guntony\Guntony\locales\en-US.pak
c:\program files (x86)\Guntony\Guntony\locales\es-419.pak
c:\program files (x86)\Guntony\Guntony\locales\es.pak
c:\program files (x86)\Guntony\Guntony\locales\et.pak
c:\program files (x86)\Guntony\Guntony\locales\fa.pak
c:\program files (x86)\Guntony\Guntony\locales\fi.pak
c:\program files (x86)\Guntony\Guntony\locales\fil.pak
c:\program files (x86)\Guntony\Guntony\locales\fr.pak
c:\program files (x86)\Guntony\Guntony\locales\gu.pak
c:\program files (x86)\Guntony\Guntony\locales\he.pak
c:\program files (x86)\Guntony\Guntony\locales\hi.pak
c:\program files (x86)\Guntony\Guntony\locales\hr.pak
c:\program files (x86)\Guntony\Guntony\locales\hu.pak
c:\program files (x86)\Guntony\Guntony\locales\id.pak
c:\program files (x86)\Guntony\Guntony\locales\it.pak
c:\program files (x86)\Guntony\Guntony\locales\ja.pak
c:\program files (x86)\Guntony\Guntony\locales\kn.pak
c:\program files (x86)\Guntony\Guntony\locales\ko.pak
c:\program files (x86)\Guntony\Guntony\locales\lt.pak
c:\program files (x86)\Guntony\Guntony\locales\lv.pak
c:\program files (x86)\Guntony\Guntony\locales\ml.pak
c:\program files (x86)\Guntony\Guntony\locales\mr.pak
c:\program files (x86)\Guntony\Guntony\locales\ms.pak
c:\program files (x86)\Guntony\Guntony\locales\nb.pak
c:\program files (x86)\Guntony\Guntony\locales\nl.pak
c:\program files (x86)\Guntony\Guntony\locales\pl.pak
c:\program files (x86)\Guntony\Guntony\locales\pt-BR.pak
c:\program files (x86)\Guntony\Guntony\locales\pt-PT.pak
c:\program files (x86)\Guntony\Guntony\locales\ro.pak
c:\program files (x86)\Guntony\Guntony\locales\ru.pak
c:\program files (x86)\Guntony\Guntony\locales\sk.pak
c:\program files (x86)\Guntony\Guntony\locales\sl.pak
c:\program files (x86)\Guntony\Guntony\locales\sr.pak
c:\program files (x86)\Guntony\Guntony\locales\sv.pak
c:\program files (x86)\Guntony\Guntony\locales\sw.pak
c:\program files (x86)\Guntony\Guntony\locales\ta.pak
c:\program files (x86)\Guntony\Guntony\locales\te.pak
c:\program files (x86)\Guntony\Guntony\locales\th.pak
c:\program files (x86)\Guntony\Guntony\locales\tr.pak
c:\program files (x86)\Guntony\Guntony\locales\uk.pak
c:\program files (x86)\Guntony\Guntony\locales\vi.pak
c:\program files (x86)\Guntony\Guntony\locales\zh-CN.pak
c:\program files (x86)\Guntony\Guntony\locales\zh-TW.pak
c:\program files (x86)\Guntony\Guntony\natives_blob.bin
c:\program files (x86)\Guntony\Guntony\PepperFlash\manifest.json
c:\program files (x86)\Guntony\Guntony\PepperFlash\pepflashplayer.dll
c:\program files (x86)\Guntony\Guntony\resources.pak
c:\program files (x86)\Guntony\Guntony\secondarytile.png
c:\program files (x86)\Guntony\Guntony\snapshot_blob.bin
c:\program files (x86)\Guntony\Guntony\VisualElements\logo.png
c:\program files (x86)\Guntony\Guntony\VisualElements\smalllogo.png
c:\program files (x86)\Guntony\Guntony\wow_helper.exe
c:\program files (x86)\Guntony\report.dat
c:\programdata\Guntony
c:\programdata\Guntony\protect\protect.exe
c:\users\user\AppData\Local\Guntony
c:\users\user\AppData\Local\Guntony\User Data\Certificate Revocation Lists
c:\users\user\AppData\Local\Guntony\User Data\chrome_shutdown_ms.txt
c:\users\user\AppData\Local\Guntony\User Data\Crashpad\metadata
c:\users\user\AppData\Local\Guntony\User Data\Crashpad\settings.dat
c:\users\user\AppData\Local\Guntony\User Data\de-DE-3-0.bdic
c:\users\user\AppData\Local\Guntony\User Data\Default\Bookmarks
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\data_0
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\data_1
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\data_2
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\data_3
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000001
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000003
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000004
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000005
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000006
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000007
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000008
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000009
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00000a
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00000b
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00000c
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00000d
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00000e
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00000f
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000010
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000011
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000012
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000014
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000015
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000016
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000017
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000018
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000019
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00001a
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00001b
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00001c
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00001d
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00001e
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00001f
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000020
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000021
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000022
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000023
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000024
c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\index
c:\users\user\AppData\Local\Guntony\User Data\Default\ChromeDWriteFontCache
c:\users\user\AppData\Local\Guntony\User Data\Default\Cookies-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Cookies
c:\users\user\AppData\Local\Guntony\User Data\Default\Current Session
c:\users\user\AppData\Local\Guntony\User Data\Default\Current Tabs
c:\users\user\AppData\Local\Guntony\User Data\Default\data_reduction_proxy_leveldb\000003.log
c:\users\user\AppData\Local\Guntony\User Data\Default\data_reduction_proxy_leveldb\CURRENT
c:\users\user\AppData\Local\Guntony\User Data\Default\data_reduction_proxy_leveldb\LOCK
c:\users\user\AppData\Local\Guntony\User Data\Default\data_reduction_proxy_leveldb\LOG
c:\users\user\AppData\Local\Guntony\User Data\Default\data_reduction_proxy_leveldb\LOG.old
c:\users\user\AppData\Local\Guntony\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001
c:\users\user\AppData\Local\Guntony\User Data\Default\databases\Databases.db-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\databases\Databases.db
c:\users\user\AppData\Local\Guntony\User Data\Default\Extension Cookies-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Extension Cookies
c:\users\user\AppData\Local\Guntony\User Data\Default\Extension State\000003.log
c:\users\user\AppData\Local\Guntony\User Data\Default\Extension State\CURRENT
c:\users\user\AppData\Local\Guntony\User Data\Default\Extension State\LOCK
c:\users\user\AppData\Local\Guntony\User Data\Default\Extension State\LOG
c:\users\user\AppData\Local\Guntony\User Data\Default\Extension State\MANIFEST-000001
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\es\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\he\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hu\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\id\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\it\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ja\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ko\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_BR\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ro\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ru\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\th\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\tr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\uk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\vi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_CN\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_TW\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_metadata\verified_contents.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ar\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\bg\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ca\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\cs\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\da\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\de\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\el\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\en_GB\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\en_US\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\es\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\es_419\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\et\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fil\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\he\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\hi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\hu\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\id\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\it\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ja\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ko\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\lt\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\lv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ms\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\nl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\no\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pt_BR\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pt_PT\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ro\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ru\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\th\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\tr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\uk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\vi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\zh_CN\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\zh_TW\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_metadata\computed_hashes.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_metadata\verified_contents.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_128.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_16.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\main.html
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\main.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\af\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\am\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ar\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\az\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\bg\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\bn\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ca\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\cs\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\da\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\de\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\el\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\en_GB\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\en_US\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\es\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\es_419\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\et\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\eu\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fa\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fil\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fr_CA\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\gl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\gu\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\hi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\hr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\hu\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\hy\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\id\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\is\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\it\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\iw\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ja\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ka\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\km\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\kn\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ko\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\lo\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\lt\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\lv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ml\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\mn\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\mr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ms\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ne\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\nl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\no\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\pl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\pt_BR\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\pt_PT\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ro\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ru\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\si\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\sk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\sl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\sr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\sv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\sw\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ta\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\te\messages.json
c:\users\user\AppData\Local\Guntony\User
         

Geändert von Tori22 (27.05.2016 um 08:59 Uhr)

Alt 27.05.2016, 08:53   #11
Tori22
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden



CombiFix_Teil3:

Code:
ATTFilter
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\th\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\tr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\uk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ur\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\vi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\zh_CN\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\zh_HK\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\zh_TW\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\zu\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_metadata\computed_hashes.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_metadata\verified_contents.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\128.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\contentscript_bin_prod.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\dasherSettingSchema.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\eventpage_bin_prod.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\page_embed_script.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\am\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ar\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\bg\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\bn\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ca\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\cs\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\da\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\de\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\el\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\en\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\en_GB\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\en_US\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\es\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\es_419\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\et\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\fa\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\fi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\fil\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\fr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\gu\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\he\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\hi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\hr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\hu\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\id\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\it\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ja\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\kn\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ko\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\lt\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\lv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ml\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\mr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ms\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\nl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\no\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\pl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\pt_BR\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\pt_PT\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ro\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ru\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\sk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\sl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\sr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\sv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\sw\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ta\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\te\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\th\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\tr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\uk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\vi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\zh_CN\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\zh_TW\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\background\bg.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\background\fa.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\background\ut.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\front\fadb.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\front\irc.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\images\icon128.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\images\icon16.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\images\icon48.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\uninstall\background.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\uninstall\content_scripts.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil\1.0.15_0\background.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil\1.0.15_0\content_scripts.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil\1.0.15_0\irc.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil\1.0.15_0\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil\1.0.15_0\upalytics_ch.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\bg\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ca\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\cs\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\da\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\de\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\el\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\et\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hu\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\id\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\it\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ja\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ko\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lt\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nb\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ro\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ru\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\th\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\tr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\uk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\vi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_metadata\verified_contents.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\craw_background.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\craw_window.js
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\css\craw_window.css
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\html\craw_window.html
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\flapper.gif
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\icon_128.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\icon_16.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_close.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_hover.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_maximize.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_pressed.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ar\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\bg\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ca\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\cs\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\da\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\de\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\el\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\en\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\es\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fil\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hu\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\id\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\it\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ja\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ko\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lt\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lv\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\nl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\no\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_BR\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_PT\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ro\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ru\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\se\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sl\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\th\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\tr\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\uk\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\vi\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_CN\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_TW\messages.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_metadata\verified_contents.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\128.png
c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\Default\Favicons-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Favicons
c:\users\user\AppData\Local\Guntony\User Data\Default\Google Profile.ico
c:\users\user\AppData\Local\Guntony\User Data\Default\GPUCache\data_0
c:\users\user\AppData\Local\Guntony\User Data\Default\GPUCache\data_1
c:\users\user\AppData\Local\Guntony\User Data\Default\GPUCache\data_2
c:\users\user\AppData\Local\Guntony\User Data\Default\GPUCache\data_3
c:\users\user\AppData\Local\Guntony\User Data\Default\GPUCache\index
c:\users\user\AppData\Local\Guntony\User Data\Default\History-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\History Provider Cache
c:\users\user\AppData\Local\Guntony\User Data\Default\History
c:\users\user\AppData\Local\Guntony\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\000003.log
c:\users\user\AppData\Local\Guntony\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\CURRENT
c:\users\user\AppData\Local\Guntony\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOCK
c:\users\user\AppData\Local\Guntony\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG
c:\users\user\AppData\Local\Guntony\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG.old
c:\users\user\AppData\Local\Guntony\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\MANIFEST-000001
c:\users\user\AppData\Local\Guntony\User Data\Default\JumpListIcons\11A8.tmp
c:\users\user\AppData\Local\Guntony\User Data\Default\JumpListIcons\1207.tmp
c:\users\user\AppData\Local\Guntony\User Data\Default\JumpListIcons\1246.tmp
c:\users\user\AppData\Local\Guntony\User Data\Default\JumpListIcons\1247.tmp
c:\users\user\AppData\Local\Guntony\User Data\Default\JumpListIconsOld\ED69.tmp
c:\users\user\AppData\Local\Guntony\User Data\Default\JumpListIconsOld\ED6A.tmp
c:\users\user\AppData\Local\Guntony\User Data\Default\JumpListIconsOld\ED6B.tmp
c:\users\user\AppData\Local\Guntony\User Data\Default\Last Session
c:\users\user\AppData\Local\Guntony\User Data\Default\Last Tabs
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOCK
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOG
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\__0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\__0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\chrome-extension_kfkbcinhkmlddafdkffeahafeecnghpn_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\chrome-extension_kfkbcinhkmlddafdkffeahafeecnghpn_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\chrome-extension_knbdkcpkcpmiakimkhhmlgkjmchgahil_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\chrome-extension_knbdkcpkcpmiakimkhhmlgkjmchgahil_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_archiv.raid-rush.ws_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_archiv.raid-rush.ws_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_gft2.de_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_gft2.de_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_s7.addthis.com_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_s7.addthis.com_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_shop.mein-schoener-garten.de_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_shop.mein-schoener-garten.de_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_www.bewerbung-forum.de_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_www.bewerbung-forum.de_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_www.gutefrage.net_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_www.gutefrage.net_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_www.kaufda.de_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_www.kaufda.de_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_de.wikipedia.org_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_de.wikipedia.org_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_stream.1tv.ru_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_stream.1tv.ru_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.1tv.ru_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.1tv.ru_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.google.com_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.google.com_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.google.de_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.google.de_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.youtube.com_0.localstorage-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.youtube.com_0.localstorage
c:\users\user\AppData\Local\Guntony\User Data\Default\Login Data-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Login Data
c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\data_0
c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\data_1
c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\data_2
c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\data_3
c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\f_000001
c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\f_000002
c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\f_000003
c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\f_000004
c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\index
c:\users\user\AppData\Local\Guntony\User Data\Default\Network Action Predictor-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Network Action Predictor
c:\users\user\AppData\Local\Guntony\User Data\Default\Network Persistent State
c:\users\user\AppData\Local\Guntony\User Data\Default\Origin Bound Certs-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Origin Bound Certs
c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\CertStore.dat
c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\CertStore.dat.lkg
c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\GlobalStateStore.gs
c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\GlobalStateStore.gs.lkg
c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\MiscGlobalDataStore.mgd
c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\MiscGlobalDataStore.mgd.lkg
c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\V7ZJUJVE\macromedia.com\support\flashplayer\sys\#www.stroetmann.de\settings.sol
c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\V7ZJUJVE\macromedia.com\support\flashplayer\sys\settings.sol
c:\users\user\AppData\Local\Guntony\User Data\Default\Preferences
c:\users\user\AppData\Local\Guntony\User Data\Default\QuotaManager-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\QuotaManager
c:\users\user\AppData\Local\Guntony\User Data\Default\README
c:\users\user\AppData\Local\Guntony\User Data\Default\Secure Preferences
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\36018833-9839-4318-9F04-890A01E0E4C2\608d13fb70947f94_0
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\36018833-9839-4318-9F04-890A01E0E4C2\da0d561649f423b0_0
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\36018833-9839-4318-9F04-890A01E0E4C2\e599dc5e24eb76d7_0
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\36018833-9839-4318-9F04-890A01E0E4C2\fdf2cfeb8ad0eeac_0
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\36018833-9839-4318-9F04-890A01E0E4C2\index-dir\the-real-index
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\36018833-9839-4318-9F04-890A01E0E4C2\index
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\Database\000003.log
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\Database\CURRENT
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\Database\LOCK
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\Database\LOG
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\Database\LOG.old
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\Database\MANIFEST-000001
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\ScriptCache\6c038e3570d6abf1_0
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\ScriptCache\6c038e3570d6abf1_1
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\ScriptCache\d0757ff92c7cde0a_0
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\ScriptCache\d0757ff92c7cde0a_1
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\ScriptCache\index
c:\users\user\AppData\Local\Guntony\User Data\Default\Session Storage\000003.log
c:\users\user\AppData\Local\Guntony\User Data\Default\Session Storage\CURRENT
c:\users\user\AppData\Local\Guntony\User Data\Default\Session Storage\LOCK
c:\users\user\AppData\Local\Guntony\User Data\Default\Session Storage\LOG
c:\users\user\AppData\Local\Guntony\User Data\Default\Session Storage\LOG.old
c:\users\user\AppData\Local\Guntony\User Data\Default\Session Storage\MANIFEST-000001
c:\users\user\AppData\Local\Guntony\User Data\Default\Shortcuts-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Shortcuts
c:\users\user\AppData\Local\Guntony\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_0
c:\users\user\AppData\Local\Guntony\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_1
c:\users\user\AppData\Local\Guntony\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_2
c:\users\user\AppData\Local\Guntony\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_3
c:\users\user\AppData\Local\Guntony\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\index
c:\users\user\AppData\Local\Guntony\User Data\Default\Top Sites-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Top Sites
c:\users\user\AppData\Local\Guntony\User Data\Default\TransportSecurity
c:\users\user\AppData\Local\Guntony\User Data\Default\Visited Links
c:\users\user\AppData\Local\Guntony\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico
c:\users\user\AppData\Local\Guntony\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico.md5
c:\users\user\AppData\Local\Guntony\User Data\Default\Web Data-journal
c:\users\user\AppData\Local\Guntony\User Data\Default\Web Data
c:\users\user\AppData\Local\Guntony\User Data\EVWhitelist\7\_metadata\verified_contents.json
c:\users\user\AppData\Local\Guntony\User Data\EVWhitelist\7\_platform_specific\all\ev_hashes_whitelist.bin
c:\users\user\AppData\Local\Guntony\User Data\EVWhitelist\7\manifest.fingerprint
c:\users\user\AppData\Local\Guntony\User Data\EVWhitelist\7\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\First Run
c:\users\user\AppData\Local\Guntony\User Data\Local State
c:\users\user\AppData\Local\Guntony\User Data\PepperFlash\21.0.0.216\manifest.fingerprint
c:\users\user\AppData\Local\Guntony\User Data\PepperFlash\21.0.0.216\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_metadata\verified_contents.json
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_pnacl_json
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\manifest.fingerprint
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_metadata\verified_contents.json
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_pnacl_json
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\manifest.fingerprint
c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Bloom Prefix Set
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Bloom
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Bloom_new
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Cookies-journal
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Cookies
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Csd Whitelist
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Csd Whitelist_new
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Download Whitelist
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Download Whitelist_new
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Download
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Download_new
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Extension Blacklist
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Extension Blacklist_new
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Inclusion Whitelist
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Inclusion Whitelist_new
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing IP Blacklist
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing IP Blacklist_new
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Module Whitelist
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Module Whitelist_new
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Resource Blacklist
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Resource Blacklist_new
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing UwS List Prefix Set
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing UwS List
c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing UwS List_new
c:\users\user\AppData\Local\Guntony\User Data\ShaderCache\GPUCache\data_0
c:\users\user\AppData\Local\Guntony\User Data\ShaderCache\GPUCache\data_1
c:\users\user\AppData\Local\Guntony\User Data\ShaderCache\GPUCache\data_2
c:\users\user\AppData\Local\Guntony\User Data\ShaderCache\GPUCache\data_3
c:\users\user\AppData\Local\Guntony\User Data\ShaderCache\GPUCache\index
c:\users\user\AppData\Local\Guntony\User Data\SwReporter\6.48.6\_metadata\verified_contents.json
c:\users\user\AppData\Local\Guntony\User Data\SwReporter\6.48.6\manifest.fingerprint
c:\users\user\AppData\Local\Guntony\User Data\SwReporter\6.48.6\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\SwReporter\6.48.6\software_reporter_tool.exe
c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.866\_metadata\verified_contents.json
c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\CdmAdapterVersion
c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdm.dll
c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll
c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.866\imgs\icon-128x128.png
c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.866\manifest.fingerprint
c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.866\manifest.json
c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.885\_metadata\verified_contents.json
c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\CdmAdapterVersion
c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdm.dll
c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll
c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.885\imgs\icon-128x128.png
c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.885\manifest.fingerprint
c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.885\manifest.json
c:\users\user\AppData\Roaming\Elex-tech
c:\users\user\AppData\Roaming\Elex-tech\YAC\iDesk\desk.ini
c:\users\user\AppData\Roaming\Elex-tech\YAC\log\iSafeTray.log
c:\users\user\AppData\Roaming\Elex-tech\YAC\preference.ini
c:\users\user\AppData\Roaming\Elex-tech\YAC\proxyUpdate.ini
c:\windows\system32\drivers\iSafeNetFilter.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ISAFEKRNL
-------\Legacy_ISAFEKRNLKIT
-------\Legacy_ISAFEKRNLMON
-------\Legacy_ISAFEKRNLR3
-------\Legacy_ISAFENETFILTER
-------\Service_Guntony_protect
-------\Service_Guntony_update
-------\Service_iSafeKrnl
-------\Service_iSafeKrnlBoot
-------\Service_iSafeKrnlKit
-------\Service_iSafeKrnlMon
-------\Service_iSafeKrnlR3
-------\Service_iSafeNetFilter
-------\Service_iSafeService
.
.
(((((((((((((((((((((((   Dateien erstellt von 2016-04-26 bis 2016-05-26  ))))))))))))))))))))))))))))))
.
.
2016-05-26 21:35 . 2016-05-26 21:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2016-05-26 20:13 . 2016-05-26 20:13	20160	----a-w-	c:\windows\system32\drivers\GUBootStartup.sys
2016-05-26 20:12 . 2016-05-26 20:13	--------	d-----w-	c:\program files (x86)\Glary Utilities 5
2016-05-26 20:11 . 2016-05-26 20:11	--------	d-----w-	c:\program files (x86)\Glarysoft
2016-05-26 09:46 . 2016-05-26 20:02	--------	d-----w-	c:\program files (x86)\VS Revo Group
2016-05-24 14:53 . 2016-05-24 14:53	--------	d-----w-	c:\program files (x86)\ESET
2016-05-24 14:42 . 2016-05-24 14:42	--------	d-----w-	c:\programdata\Emsisoft
2016-05-24 13:52 . 2016-05-26 13:30	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2016-05-23 18:56 . 2016-05-23 21:02	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-23 18:53 . 2016-03-10 12:09	64896	----a-w-	c:\windows\system32\drivers\mwac.sys
2016-05-23 18:53 . 2016-03-10 12:08	140672	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2016-05-23 18:53 . 2016-03-10 12:08	27008	----a-w-	c:\windows\system32\drivers\mbam.sys
2016-05-23 18:52 . 2016-05-23 18:53	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2016-05-20 21:13 . 2016-05-25 21:42	--------	d-----w-	C:\FRST
2016-05-20 12:11 . 2016-05-26 13:47	--------	d-----w-	C:\AdwCleaner
2016-05-16 13:38 . 2016-05-26 10:00	--------	d-----w-	c:\program files (x86)\Avira
2016-05-16 13:38 . 2016-05-26 10:00	--------	d-----w-	c:\programdata\Avira
2016-05-16 08:25 . 2016-05-20 12:17	--------	d-----w-	c:\windows\system32\log
2016-05-13 07:28 . 2016-04-20 01:13	11695896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EB13FC2-B82C-4826-8A57-832A82DB03B6}\mpengine.dll
2016-05-13 05:37 . 2016-05-13 05:43	--------	d-----w-	c:\users\user\AppData\Roaming\Swiss Academic Software
2016-05-13 05:36 . 2016-05-03 09:42	713256	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.dll
2016-05-13 05:36 . 2016-05-03 09:42	103920	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\IEPickerBroker.exe
2016-05-13 05:36 . 2015-08-13 13:08	126976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\Interop.SHDocVw.dll
2016-05-13 05:36 . 2012-07-26 18:08	8022976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\x64\Microsoft.mshtml.dll
2016-05-13 05:36 . 2016-05-03 09:42	713256	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.dll
2016-05-13 05:36 . 2012-07-26 18:08	8022976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\Microsoft.mshtml.dll
2016-05-13 05:36 . 2016-05-03 09:42	103920	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\IEPickerBroker.exe
2016-05-13 05:36 . 2015-08-13 13:08	126976	----a-w-	c:\program files (x86)\Internet Explorer\Citavi Picker\Interop.SHDocVw.dll
2016-05-13 05:36 . 2016-05-13 05:36	--------	d-----w-	c:\program files (x86)\Citavi 5
2016-05-11 17:04 . 2016-04-09 05:49	3217408	----a-w-	c:\windows\system32\win32k.sys
2016-05-11 17:04 . 2016-04-09 06:58	2048	----a-w-	c:\windows\system32\tzres.dll
2016-05-11 17:04 . 2016-04-09 06:54	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2016-05-11 17:03 . 2016-04-09 07:01	986344	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2016-05-11 17:03 . 2016-04-09 07:01	264936	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2016-05-11 17:03 . 2016-04-09 06:57	144384	----a-w-	c:\windows\system32\cdd.dll
2016-05-11 16:58 . 2016-04-09 07:01	5546216	----a-w-	c:\windows\system32\ntoskrnl.exe
2016-05-11 16:57 . 2016-04-09 03:52	1424896	----a-w-	c:\windows\system32\WindowsCodecs.dll
2016-05-11 16:57 . 2016-04-09 04:20	1230848	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2016-05-02 18:24 . 2016-05-13 05:37	--------	d-----w-	c:\programdata\Swiss Academic Software
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-12 19:54 . 2015-03-15 12:28	797376	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-12 19:54 . 2015-03-15 12:28	142528	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-05-11 21:19 . 2013-10-30 10:16	139319312	----a-w-	c:\windows\system32\MRT.exe
2016-04-21 13:05 . 2013-10-30 09:21	453288	------w-	c:\windows\system32\MpSigStub.exe
2016-04-09 06:54 . 2016-05-11 16:58	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2016-04-04 18:14 . 2016-04-18 21:43	38120	----a-w-	c:\windows\system32\CompatTelRunner.exe
2016-04-04 18:02 . 2016-04-18 21:43	1169408	----a-w-	c:\windows\system32\aeinv.dll
2016-04-02 13:08 . 2016-04-18 21:43	1386496	----a-w-	c:\windows\system32\appraiser.dll
2016-03-23 14:02 . 2016-04-18 21:43	215040	----a-w-	c:\windows\system32\aepic.dll
2016-03-17 22:56 . 2016-04-19 18:40	2084864	----a-w-	c:\windows\system32\ole32.dll
2016-03-17 22:28 . 2016-04-19 18:40	1414144	----a-w-	c:\windows\SysWow64\ole32.dll
2016-03-17 18:04 . 2016-04-18 21:43	698368	----a-w-	c:\windows\system32\generaltel.dll
2016-03-17 18:04 . 2016-04-18 21:43	499200	----a-w-	c:\windows\system32\devinv.dll
2016-03-17 18:04 . 2016-04-18 21:43	279040	----a-w-	c:\windows\system32\invagent.dll
2016-03-17 18:04 . 2016-04-18 21:43	76800	----a-w-	c:\windows\system32\acmigration.dll
2016-03-16 18:50 . 2016-04-18 21:46	156672	----a-w-	c:\windows\system32\mtxoci.dll
2016-03-16 18:28 . 2016-04-18 21:46	111616	----a-w-	c:\windows\SysWow64\mtxoci.dll
2016-03-16 18:28 . 2016-04-18 21:46	176128	----a-w-	c:\windows\SysWow64\msorcl32.dll
2016-03-16 00:16 . 2016-04-18 21:43	760320	----a-w-	c:\windows\system32\samsrv.dll
2016-03-16 00:16 . 2016-04-18 21:43	106496	----a-w-	c:\windows\system32\samlib.dll
2016-03-15 23:53 . 2016-04-18 21:43	60416	----a-w-	c:\windows\SysWow64\samlib.dll
2016-03-06 18:53 . 2016-04-18 21:44	2048	----a-w-	c:\windows\system32\msxml3r.dll
2016-03-06 18:53 . 2016-04-18 21:44	1885696	----a-w-	c:\windows\system32\msxml3.dll
2016-03-06 18:38 . 2016-04-18 21:44	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2016-03-06 18:38 . 2016-04-18 21:44	1240576	----a-w-	c:\windows\SysWow64\msxml3.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-02-12 8641240]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2016-05-16 43984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2015-12-23 1027472]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-05-04 67840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk * 
.
R1 epp;epp;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 eapihdrv;eapihdrv;c:\users\user\AppData\Local\Temp\ehdrv.sys;c:\users\user\AppData\Local\Temp\ehdrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-13 04:53	1186968	----a-w-	c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-05-03 14:41	287416	----a-w-	c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2016-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-15 19:54]
.
2016-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06 16:39]
.
2016-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06 16:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
mDefault_Search_URL = www.google.com
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\
FF - prefs.js: browser.startup.homepage - hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-iSafe - c:\program files (x86)\Elex-tech\YAC\uninstall.exe
AddRemove-WinZip - c:\program files (x86)\WinZipper\wzUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2016-05-27  00:04:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2016-05-26 22:04
ComboFix2.txt  2016-05-26 11:16
.
Vor Suchlauf: 22 Verzeichnis(se), 170.863.243.264 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 169.996.513.280 Bytes frei
.
- - End Of File - - E48ADF7756D16A851BBBC37ED58FB5E0
A36C5E4F47E84449FF07ED3517B43A31
         
[/CODE][/CODE]

Alt 27.05.2016, 19:39   #12
M-K-D-B
/// TB-Ausbilder
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden



Servus,





Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.

Alt 27.05.2016, 21:35   #13
Tori22
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden



Hallo Matthias,

der AdwCleaner hat nichts gefunden, somit kam kein Löschen und keine Logdatei zustande.

Anti-Malware hat auch keine Bedrohungen mehr gefunden.

Hier die Logdateien von Anti-Malware, JRT und FRST.

MBAM:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 27.05.2016
Suchlaufzeit: 21:19
Protokolldatei: mbat.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.05.27.02
Rootkit-Datenbank: v2016.05.20.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: user

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 306827
Abgelaufene Zeit: 35 Min., 28 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64 
Ran by user (Administrator) on 27.05.2016 at 21:02:31,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 25 

Failed to delete: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35E7MRAZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14KLM8BM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27FHQ56Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55WVK17Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7QPP8YM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LA01TQVK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIERIU5U (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5VMPOYZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14KLM8BM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27FHQ56Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35E7MRAZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55WVK17Z (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7QPP8YM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LA01TQVK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIERIU5U (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5VMPOYZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\SysWOW64\RENAEB5.tmp (File) 

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.05.2016 at 21:12:39,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01
durchgeführt von user (Administrator) auf USER-PC (27-05-2016 22:03:45)
Gestartet von C:\Users\user\Desktop\forum
Geladene Profile: user (Verfügbare Profile: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_242_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1027472 2015-12-23] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-05-16] (Glarysoft Ltd)
BootExecute: autocheck autochk *  

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{36398523-7615-4AF2-A2A6-A18130B35576}: [DhcpNameServer] 192.168.3.2
Tcpip\..\Interfaces\{9D540E77-56BB-4FAB-9711-18067F181277}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-05-13]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nice
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-06]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-06]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-06]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-06]
CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-06]
CHR Extension: (Google Tabellen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-06]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-06]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Citavi Picker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-05-02]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Datei ist nicht signiert]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-05-26] (Glarysoft Ltd)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-04-20] (Cisco Systems, Inc.)
R2 zntport; C:\Windows\system32\drivers\zntport.sys [13880 2007-12-22] (Zeal SoftStudio)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 eapihdrv; \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys [X]
S1 epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-27 21:56 - 2016-05-27 21:56 - 00001209 _____ C:\Users\user\Desktop\mbat.txt
2016-05-27 21:12 - 2016-05-27 21:12 - 00004537 _____ C:\Users\user\Desktop\JRT.txt
2016-05-27 21:01 - 2016-05-27 21:01 - 01610816 _____ (Malwarebytes) C:\Users\user\Desktop\JRT.exe
2016-05-27 00:04 - 2016-05-27 00:04 - 00248372 _____ C:\ComboFix.txt
2016-05-26 22:24 - 2016-05-26 22:24 - 05659526 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2016-05-26 22:13 - 2016-05-27 01:34 - 00001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2016-05-26 22:13 - 2016-05-27 01:33 - 00001074 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2016-05-26 22:13 - 2016-05-26 22:13 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2016-05-26 22:13 - 2016-05-26 22:13 - 00003310 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2016-05-26 22:13 - 2016-05-26 22:13 - 00002968 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2016-05-26 22:13 - 2016-05-26 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2016-05-26 22:12 - 2016-05-27 20:51 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-05-26 22:11 - 2016-05-27 01:34 - 00001258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2016-05-26 22:11 - 2016-05-26 22:12 - 00001562 _____ C:\GUDownLoaddebug.txt
2016-05-26 22:11 - 2016-05-26 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2016-05-26 22:11 - 2016-05-26 22:11 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2016-05-26 17:55 - 2016-05-26 17:55 - 00000230 _____ C:\Users\user\Desktop\Master Rechtspsychologie am Institut für Psychologie, Universität Bonn.url
2016-05-26 12:33 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-26 12:33 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-05-26 12:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-26 12:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-26 12:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-26 12:33 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-05-26 12:33 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-05-26 12:33 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-05-26 12:20 - 2016-05-27 00:04 - 00000000 ____D C:\Qoobox
2016-05-26 12:09 - 2016-05-26 23:36 - 00000000 ____D C:\Windows\erdnt
2016-05-26 11:46 - 2016-05-26 22:02 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-05-26 09:05 - 2016-05-26 09:08 - 00206986 _____ C:\TDSSKiller.3.1.0.9_26.05.2016_09.05.21_log.txt
2016-05-25 23:52 - 2016-05-26 00:40 - 00611252 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_23.52.37_log.txt
2016-05-25 23:46 - 2016-05-25 23:48 - 00206206 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_23.46.34_log.txt
2016-05-24 16:53 - 2016-05-24 16:53 - 00000000 ____D C:\Program Files (x86)\ESET
2016-05-24 16:42 - 2016-05-24 16:42 - 00000000 ____D C:\ProgramData\Emsisoft
2016-05-24 15:52 - 2016-05-27 20:49 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-05-23 23:30 - 2016-05-27 18:17 - 00000000 ____D C:\Users\user\Desktop\forum
2016-05-23 20:56 - 2016-05-27 21:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-23 20:53 - 2016-05-23 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-23 20:53 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-23 20:53 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-23 20:53 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-23 20:52 - 2016-05-23 20:53 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-05-20 23:29 - 2016-05-20 23:29 - 00000239 _____ C:\Users\user\Desktop\Für alle Hilfesuchenden!.url
2016-05-20 23:13 - 2016-05-27 22:03 - 00000000 ____D C:\FRST
2016-05-20 22:17 - 2016-05-20 22:17 - 00000124 _____ C:\Users\user\Desktop\NEU.DE.url
2016-05-20 14:11 - 2016-05-27 18:35 - 00000000 ____D C:\AdwCleaner
2016-05-17 16:12 - 2016-05-17 16:12 - 00000201 _____ C:\Users\user\Desktop\Startseite.url
2016-05-16 15:39 - 2016-05-27 01:33 - 00001178 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-05-16 15:39 - 2016-05-26 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\ProgramData\Avira
2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\Program Files (x86)\Avira
2016-05-16 10:25 - 2016-05-20 14:17 - 00000000 ____D C:\Windows\system32\log
2016-05-16 10:23 - 2016-05-27 01:33 - 00002102 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-16 10:23 - 2016-05-16 10:23 - 00000000 ____D C:\Users\Public\Documents\Guntony
2016-05-15 22:41 - 2016-05-15 23:09 - 00000000 ____D C:\Users\user\Desktop\15.05.16
2016-05-15 20:17 - 2016-05-23 15:10 - 00000000 ____D C:\Users\user\Desktop\Theorie_MA
2016-05-14 17:41 - 2016-05-14 17:43 - 00000000 ____D C:\Users\user\Desktop\SPSS_16
2016-05-13 07:37 - 2016-05-15 18:36 - 00000000 ____D C:\Users\user\Documents\Citavi 5
2016-05-13 07:37 - 2016-05-13 07:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Swiss Academic Software
2016-05-13 07:36 - 2016-05-27 01:33 - 00001955 _____ C:\Users\Public\Desktop\Citavi 5.lnk
2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5
2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\Program Files (x86)\Citavi 5
2016-05-11 19:07 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 19:07 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 19:07 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 19:07 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 19:07 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 19:07 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 19:07 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 19:07 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 19:07 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 19:07 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 19:07 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 19:07 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 19:07 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 19:07 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 19:07 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 19:07 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 19:07 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 19:07 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 19:07 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 19:07 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 19:07 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 19:07 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 19:07 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 19:07 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 19:07 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 19:07 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 19:07 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 19:07 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 19:07 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 19:07 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 19:07 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 19:07 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 19:07 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 19:07 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 19:07 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 19:07 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 19:07 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 19:06 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 19:06 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 19:06 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 19:06 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 19:06 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 19:06 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 19:06 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 19:06 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 19:06 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 19:06 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 19:06 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 19:06 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 19:06 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 19:06 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 19:06 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 19:06 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 19:06 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 19:06 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 19:06 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 19:06 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 19:06 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 19:06 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 19:06 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 19:06 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 19:06 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 19:06 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 19:06 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 19:06 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 19:06 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 19:04 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 19:04 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 19:04 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 19:03 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 19:03 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 19:03 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 19:02 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 19:02 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 19:02 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 19:02 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 19:02 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 19:02 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 19:02 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 18:58 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 18:58 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 18:58 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 18:58 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 18:58 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 18:58 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 18:58 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 18:58 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 18:58 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 18:58 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 18:58 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 18:58 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 18:58 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 18:58 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 18:58 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 18:58 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 18:58 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 18:58 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 18:58 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 18:58 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 18:58 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 18:58 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 18:58 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 18:58 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 18:58 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 18:58 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 18:57 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 18:57 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-04 21:59 - 2016-05-17 19:30 - 00000000 ____D C:\Users\user\Desktop\MA schreiben
2016-05-03 17:40 - 2016-05-26 11:08 - 00000000 ____D C:\Users\user\Desktop\Fachschaft
2016-05-02 20:24 - 2016-05-13 07:37 - 00000000 ____D C:\ProgramData\Swiss Academic Software
2016-05-01 18:44 - 2016-05-17 13:50 - 00000000 ____D C:\Users\user\Desktop\Notizen

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-27 21:54 - 2015-03-15 14:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-27 21:52 - 2016-04-06 18:39 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-27 20:58 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-27 20:58 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-27 20:49 - 2016-04-06 18:39 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-27 20:49 - 2013-10-31 18:13 - 00000000 ____D C:\Program Files\WinRAR
2016-05-27 20:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-27 10:29 - 2016-02-22 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-05-27 09:03 - 2013-10-31 18:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-27 09:03 - 2013-10-31 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-27 01:34 - 2016-04-06 18:40 - 00002042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-27 01:34 - 2016-04-06 17:30 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-27 01:34 - 2014-06-25 21:46 - 00001446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-05-27 01:34 - 2014-01-25 21:05 - 00001596 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaLab.exe.lnk
2016-05-27 01:34 - 2013-10-31 18:05 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-27 01:34 - 2013-10-30 10:44 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-05-27 01:34 - 2013-10-30 10:44 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-05-27 01:34 - 2009-07-14 06:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-27 01:34 - 2009-07-14 06:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-05-27 01:34 - 2009-07-14 06:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-05-27 01:34 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-05-27 01:34 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-05-27 01:33 - 2014-07-17 21:40 - 00001866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2016-05-27 01:33 - 2014-04-19 12:47 - 00002633 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Neues Microsoft Office-Dokument.lnk
2016-05-27 01:33 - 2014-04-19 12:47 - 00002633 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Microsoft Office-Dokument öffnen.lnk
2016-05-27 01:33 - 2013-10-31 18:14 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-27 01:33 - 2009-07-14 07:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-05-27 01:33 - 2009-07-14 06:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-05-27 01:32 - 2015-03-25 12:17 - 00001446 _____ C:\Users\user\Desktop\Windows Live Mail.lnk
2016-05-27 01:32 - 2014-04-19 20:36 - 00000355 _____ C:\Users\user\Desktop\Computer -.lnk
2016-05-27 01:32 - 2014-04-19 12:47 - 00002679 _____ C:\Users\user\Desktop\Microsoft Office Word 2007.lnk
2016-05-27 01:32 - 2013-12-21 19:36 - 00002216 _____ C:\Users\user\Desktop\IBM SPSS Statistics 21.lnk
2016-05-26 23:56 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-05-26 23:37 - 2009-07-14 04:34 - 94896128 _____ C:\Windows\system32\config\software.bak
2016-05-26 23:37 - 2009-07-14 04:34 - 17301504 _____ C:\Windows\system32\config\system.bak
2016-05-26 23:37 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2016-05-26 23:37 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2016-05-26 23:37 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2016-05-26 23:36 - 2009-07-14 04:34 - 60030976 _____ C:\Windows\system32\config\components.bak
2016-05-26 22:13 - 2015-04-24 11:54 - 00000000 ____D C:\Users\user\AppData\Roaming\GlarySoft
2016-05-26 20:55 - 2009-07-27 11:10 - 00699342 _____ C:\Windows\system32\perfh007.dat
2016-05-26 20:55 - 2009-07-27 11:10 - 00149450 _____ C:\Windows\system32\perfc007.dat
2016-05-26 20:55 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-26 20:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-26 15:59 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-26 15:59 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-26 13:02 - 2014-04-10 10:57 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-05-25 07:57 - 2014-07-17 21:44 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2016-05-23 23:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-20 14:01 - 2015-03-27 09:03 - 00000000 ____D C:\Users\user\Desktop\fotos
2016-05-20 11:47 - 2015-03-19 15:25 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner
2016-05-20 07:01 - 2015-03-18 11:48 - 00000000 ____D C:\Users\user\Desktop\Eigene Dateien
2016-05-16 15:37 - 2016-01-14 00:17 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-16 09:50 - 2016-04-24 21:35 - 00000000 ____D C:\Users\user\Desktop\cad
2016-05-15 20:09 - 2016-04-24 14:36 - 00000000 ____D C:\Users\user\Desktop\SRP
2016-05-14 16:27 - 2015-07-13 18:01 - 00000000 ____D C:\Users\user\Desktop\Prüfung
2016-05-13 20:54 - 2015-05-24 19:54 - 00000000 ____D C:\Users\user\Desktop\Uni_2015
2016-05-13 07:32 - 2014-01-25 21:04 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2016-05-13 07:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-05-12 21:55 - 2015-03-15 14:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-12 21:54 - 2015-03-15 14:28 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-12 21:54 - 2015-03-15 14:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 17:16 - 2015-03-15 20:06 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 08:08 - 2009-07-14 06:45 - 00414280 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 08:04 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 23:56 - 2013-10-30 12:16 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 23:19 - 2013-10-30 12:16 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 18:10 - 2015-10-14 11:11 - 00000000 ____D C:\Users\user\Desktop\masterarbeit
2016-05-11 07:47 - 2016-04-06 18:39 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 07:46 - 2016-04-06 18:39 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 22:22 - 2016-04-06 17:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-08 14:10 - 2016-01-15 22:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Millisecond Software
2016-05-04 23:24 - 2014-07-06 12:11 - 00000000 ____D C:\Users\user\Desktop\Uni

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-18 08:54

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
CODE]Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-05-2016 01
durchgeführt von user (2016-05-27 22:05:28)
Gestartet von C:\Users\user\Desktop\forum
Windows 7 Home Premium Service Pack 1 (X64) (2013-10-30 09:00:08)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1718339690-3013972182-446857107-500 - Administrator - Disabled)
Gast (S-1-5-21-1718339690-3013972182-446857107-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1718339690-3013972182-446857107-1002 - Limited - Enabled)
user (S-1-5-21-1718339690-3013972182-446857107-1000 - Administrator - Enabled) => C:\Users\user

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Absolute Uninstaller 5.3.1.21 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.21 - Glarysoft Ltd)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Avira Launcher (HKLM-x32\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden
Brother MFL-Pro Suite DCP-7055W (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.2.01035 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.2.01035 - Cisco Systems, Inc.) Hidden
Citavi 5  (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deutsche Grammatik (HKLM-x32\...\Deutsche Grammatik_is1) (Version:  - Magnamedia)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Glary Utilities 5.51 (HKLM-x32\...\Glary Utilities 5) (Version: 5.51.0.71 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.18.07 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaLab Research Software v2012 (HKLM-x32\...\{67350CFB-529E-4173-91DC-0AE79DEE1ACC}) (Version: 20.12.4.131 - Empirisoft Corporation)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{DA715959-CFF1-48A2-B3BB-98B9E569C6AC}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinZip (HKLM-x32\...\WinZip) (Version: 2.0.39 - Winzipper Pvt Ltd.) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02913145-BEBF-4240-AC37-A7F08F3F748E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {07FB5B5B-8A2D-4A9E-AD85-EB5FD6AF1789} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {2A348BC6-66EA-43AD-8F71-0470B11747E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {7E1A5E0C-D3B1-45BF-BB0C-28E1632744FC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {97157EED-5525-4662-9121-314373D31ED1} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-05-16] (Glarysoft Ltd)
Task: {BD77D142-0DB2-42E3-B606-03C3771D3D92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {E02B5983-D93F-49E9-9E57-034AE913F0FD} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-05-16] (Glarysoft Ltd)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-02-12 23:13 - 2016-02-12 23:13 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-12-23 15:33 - 2015-12-23 15:33 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-07-17 21:44 - 2009-02-27 14:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-05-26 23:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{7F0883AE-4217-472B-A0B7-A84CCF3D9383}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{13CEAE4F-40BC-4D7C-9082-D40ECF266D03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3366C49C-020F-42E9-AF6C-01213720ECA0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{27C60F1F-7E7F-4B3C-B713-06D3263CB87D}] => (Allow) C:\ProgramData\Guntony\protect\protect.exe
FirewallRules: [{EC1D2487-8B36-4655-97A5-1FD40416AA30}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
FirewallRules: [{952C26F6-922A-405D-8899-D5E858F4EE28}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe

==================== Wiederherstellungspunkte =========================

23-05-2016 14:17:37 Geplanter Prüfpunkt
26-05-2016 11:48:56 Revo Uninstaller's restore point - Avira Antivirus
26-05-2016 15:20:18 Windows Update
26-05-2016 15:59:14 Windows Update
26-05-2016 21:57:20 Revo Uninstaller's restore point - Revo Uninstaller 1.95
27-05-2016 21:00:45 JRT Pre-Junkware Removal
27-05-2016 21:02:32 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/27/2016 03:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7180000a
ID des fehlerhaften Prozesses: 0xac4
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3

Error: (05/27/2016 02:33:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7189000a
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3

Error: (05/26/2016 07:59:44 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/25/2016 08:16:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7189000a
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3

Error: (05/25/2016 07:07:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/25/2016 06:54:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/25/2016 06:54:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/25/2016 06:02:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x717a000a
ID des fehlerhaften Prozesses: 0x12d8
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3

Error: (05/25/2016 05:37:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x717a000a
ID des fehlerhaften Prozesses: 0xc14
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3

Error: (05/25/2016 04:45:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x717c000a
ID des fehlerhaften Prozesses: 0xcfc
Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0
Pfad der fehlerhaften Anwendung: wlmail.exe1
Pfad des fehlerhaften Moduls: wlmail.exe2
Berichtskennung: wlmail.exe3


Systemfehler:
=============
Error: (05/27/2016 08:50:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/27/2016 08:50:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (05/27/2016 08:50:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (05/27/2016 08:49:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
epp

Error: (05/27/2016 08:24:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
epp

Error: (05/27/2016 01:31:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
epp

Error: (05/27/2016 01:30:54 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.

Error: (05/27/2016 12:16:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
epp

Error: (05/27/2016 12:16:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/27/2016 12:15:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Live ID Sign-in Assistant erreicht.


CodeIntegrity:
===================================
  Date: 2016-05-26 23:02:54.483
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2016-05-26 23:02:53.765
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2016-05-26 23:02:53.063
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2016-05-26 23:02:52.346
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2016-05-26 13:02:33.031
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2016-05-26 13:02:32.360
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Prozentuale Nutzung des RAM: 35%
Installierter physikalischer RAM: 4056.56 MB
Verfügbarer physikalischer RAM: 2605.66 MB
Summe virtueller Speicher: 8111.3 MB
Verfügbarer virtueller Speicher: 6643.63 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:156.96 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D6776FFD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
[/CODE]

Alt 27.05.2016, 22:13   #14
M-K-D-B
/// TB-Ausbilder
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden



Servus,



wir spüren noch evtl. vorhandene Reste auf.



Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :regfind
    nicesearches
    Elex-tech
    iSafe
    YAC
    Guntony
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.


Alt 27.05.2016, 22:42   #15
Tori22
 
Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Standard

Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden



Hallo Matthias,

hier das Ergebnis der Untersuchung von SystemLook:

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 23:30 on 27/05/2016 by user
Administrator - Elevation successful

========== regfind ==========

Searching for "nicesearches"
No data found.

Searching for "Elex-tech"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"

Searching for "iSafe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\iSafeKrnlBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\iSafeKrnlBoot]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot]

Searching for "YAC"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.th"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YACB7D~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.sg"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YAC50A~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\ProgID]
@="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID]
@="X509Enrollment.CX509EnrollmentPolicyActiveDirectory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\4F33FB1578E100649B629029A307DFB1]
"capsules.inf"="vUpAVX!!!!!!!!!MKKSkThemesTypicalFiles>YaCS-X8nF9@iZshLxJpa[^16]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2FE9F084-1511-3052-BE7C-9010B522C10E}]
@="_QueryAccessibilityHelpEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7197B56B-5FA1-31EF-B38B-62FEE737277F}]
@="IContextPropertyActivator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BA99AE52-D539-362F-B78C-4E84C14158BF}\2.0.0.0]
"Class"="System.Security.Permissions.SecurityAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BA99AE52-D539-362F-B78C-4E84C14158BF}\4.0.0.0]
"Class"="System.Security.Permissions.SecurityAction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\ProgID]
@="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID]
@="X509Enrollment.CX509EnrollmentPolicyActiveDirectory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0006302D-0000-0000-C000-000000000046}]
@="_PropertyAccessor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2FE9F084-1511-3052-BE7C-9010B522C10E}]
@="_QueryAccessibilityHelpEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{30642042-9221-4388-9C31-3DA8E1E33C33}]
@="IGrooveWebNotificationEntryActionData"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7197B56B-5FA1-31EF-B38B-62FEE737277F}]
@="IContextPropertyActivator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B848D512-62C5-42FB-89B3-126098FCD11B}]
@="IGrooveTransportSecurityAccountDiagnosticsEntryEnum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E2DF7E6A-4D7F-4FF8-A30A-F01481A33268}]
@="IGrooveTransportSecurityAccountDiagnosticsEntry"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CX509EnrollmentPolicyActiveDirectory]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CX509EnrollmentPolicyActiveDirectory\CurVer]
@="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A7A66456F4FEBDF43B3908A64A8BB31B]
"00002109440070400000000000F01FEC"="C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\VBSnippets\1031\WindowsForms\Clipboard\CopyAClassInstanceToTheClipboard.snippet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Features]
"ThemesTypicalFiles"="bxw0=a+]F9mnkkP2Hm6$]MEU0l_RU@lnYR^6&3Ljc4[z+7M&ZAG+&hLw)33'&+kfoK]aH?%U!`PLGSF^{8o3@W9Oi@$ql,oq+EIgBW20SUnI,?oX,EeU2.h((Iws_6.mI=f.[hpJWu}.YaCS-X8nF9@iZshLxJpaHs01q3&g49DaROul[Q5^xh1~t9O*)?=X@H^fSzUTfLP)[R}~]=`*HC-s%t^r6RS$V.Ce&@JaZ^@+r&s@opc-xSfWu84%R=c)en=Q.^MBg*Ujq@dA3^P1'3IvvF[Q`*npm9P5'*9GtuIN]npHtm}T@A~^zPaK{(Ty?G{KwcoYv?eX&O^m'$`V4+dVX?lv&9HIrsgtrew[WesOi[4Ui9z$-?GSSLRa}71lgD~78@yEl@^=2s+lZD%mxVxx'=P@42z~arqWOjZ^h[tNn?aVDY.MC?84!K%7keYDM98F25q@h!Kl=i7-p.(_m8?3'RF?-KDtAaFWtOi[ZAQ3x@@G%I-FSpqPp}&S+=Uo(Mjl!bLzcI0!b-C'z?=8J{ySPY6k$yoeA0Akq@gh00',kc-mydMd%fu1*ATPGxK1_9%XKe)cVIzUt=Z=N.bf]DF?iIq$wIPU7@B+$5Vt-I$*wpW2sgBCp@xCdG6j(`sFTHEMESFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1735F6DB1CAD0F03D9EDAC6C97E1823C\Features]
"F_compilers_core_amd64"="`yFM`V.(j?5]i'AKuKOKJQ-fL.MGAAWWvkZC2t!Y(91'3NpGO@ya,]$={]vm(~u-_m8U!AL*w{j!wgZZ-mu'YIdC'AnZb-nwxX'gK?QEZcsQX9?=Z!pPD],5lM4p.ricy@JuL~@&9rDLpn@yjcvcW9{`5Gu3.3))c6N1LYaC!9DW`G*oh(@NNetFx_Full_amd64"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\Registration\{90120000-0030-0000-0000-0000000FF1CE}]
"Current"="TQBJAEMAUgBPAFMATwBGAFQALQBTAE8ARgBUAFcAQQBSAEUAIABMAEkAWgBFAE4AWgBCAEUAUwBUAEkATQBNAFUATgBHAEUATgANAAoAMgAwADAANwAgAE0ASQBDAFIATwBTAE8ARgBUACAATwBGAEYASQBDAEUAIABTAFkAUwBUAEUATQAtAEQARQBTAEsAVABPAFAALQBBAE4AVwBFAE4ARABVAE4ARwBTAFMATwBGAFQAVwBBAFIARQANAAoATgBhAGMAaABmAG8AbABnAGUAbgBkACAAZgBpAG4AZABlAG4AIABTAGkAZQAgAGQAcgBlAGkAIABzAGUAcABhAHIAYQB0AGUAIABUAGUAaQBsAGUAIABtAGkAdAAgAEwAaQB6AGUAbgB6AGIAZQBkAGkAbgBnAHUAbgBnAGUAbgAuACAATgB1AHIAIABlAGkAbgAgAFQAZQBpAGwAIABnAGkAbAB0ACAAZgD8AHIAIABTAGkAZQAuACAAVQBtACAAegB1ACAAYgBlAHMAdABpAG0AbQBlAG4ALAAgAHcAZQBsAGMAaABlACAATABpAHoAZQBuAHoAYgBlAGQAaQBuAGcAdQBuAGcAZQBuACAAZgD8AHIAIABTAGkAZQAgAGcAZQBsAHQAZQBuACwAIAD8AGIAZQByAHAAcgD8AGYAZQBuACAAUwBpAGUAIABkAGkAZQAgAEwAaQB6AGUAbgB6AGIAZQB6AGUAaQBjAGgAbgB1AG4AZwAsACAAZABpAGUAIABlAG4AdAB3AGUAZABlAHIAIABhAHUAZgAgAEkAaAByAGUAbQAgAFAAcgBvAGQAdQBjAHQAIABLAGUAeQAsACAAaQBuACAAZABlAHIAIABOAOQAaABlACAAZABlAHMA
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.sg"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YAC50A~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.th"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YACB7D~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\ProgID]
@="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID]
@="X509Enrollment.CX509EnrollmentPolicyActiveDirectory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{0006302D-0000-0000-C000-000000000046}]
@="_PropertyAccessor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2FE9F084-1511-3052-BE7C-9010B522C10E}]
@="_QueryAccessibilityHelpEventArgs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{30642042-9221-4388-9C31-3DA8E1E33C33}]
@="IGrooveWebNotificationEntryActionData"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7197B56B-5FA1-31EF-B38B-62FEE737277F}]
@="IContextPropertyActivator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B848D512-62C5-42FB-89B3-126098FCD11B}]
@="IGrooveTransportSecurityAccountDiagnosticsEntryEnum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E2DF7E6A-4D7F-4FF8-A30A-F01481A33268}]
@="IGrooveTransportSecurityAccountDiagnosticsEntry"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot]
"ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC"
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\0186KSEBY5amu_a85OiPeBQA]
"Response Wednesday, June 25, 2014 21:45:52"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+YsHHWPl3EeBLwVEU/RAXgQAAAACAAAAAAAQZgAAAAEAACAAAAC043qA45cl+5AaqdoD4Y5xs1fbhgQ5ihunZbFUmp95IgAAAAAOgAAAAAIAACAAAADHdNYm+jY4ROVB2Ks+9DdHF6qwINTSSCVb1RhIXZuYfjAFAAAZix5t9B+lGutiENhzL6qx6eYq05Y67t2uuovkzhAANgYcir+Wv6rNt7tXgAEHK962CP2YbLuFtUM73ArhBXFpV9d+CU3CxnwWoOuUXBN1cyMXiHih0TIRaxJIvi+g6pl6VbN+V1sYi/wUwP7eOamVNimYkpy1xAz7GSywFP6WNM389fzN1SGf8nPhVcyEFu7pYeCCSi0R8i5T2TgmzKqO/giADVyUZl37MxXV5+ZbzZeSxVXb5QkuZkaQ7ydzJjXjr0sRQ/YaCZGgOWgUHjNtjx4H+pY10ZUl4jYt0iFK4RvNvwVu93UGR+j7MD1TSPXICy2IZU9tGvnSpAIh7JBHg1LWoi+1vSvRm9nP7bpGqOyaMn/djFoWhA4UdYk2pEg0mFBsvKn5euuQcHloyLWRXpOwoCvfrnddcF0PVAVDoh2mucotVwmpZnoHGtdA59Dak0AvEkcpfkgiInZLyjMLNH8ynftRSJSMWjccgbf8Hh9vL61NK4bFQ+7DGxcDhTJoY4e8qBZt/IDYKGiTqaXs/BqNa4znIJB1Z7uQ2obx+gIQUi9psd0JfqmEeXSUk/+eYiGLtF5UXshcwdG/PZx8Qy1re1owZJ+VIQXWBcekUj3JaAfhyPtD454rUkttLJX+5KNAM6vMAVmUDTIBNWK5Ip+QBpV2O+
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-1718339690-3013972182-446857107-1000\02lzqnfanptv]
"DeviceId"="<Data><User username="02LZQNFANPTV"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+YsHHWPl3EeBLwVEU/RAXgQAAAACAAAAAAAQZgAAAAEAACAAAADzyk8ckg+Z/fkcz6L5WEEUZzV/OEIT33FcbexAq4OUIgAAAAAOgAAAAAIAACAAAAByJLWSdSQwSESFJpT0iq5k/8/BNimZ2rza35zY9YkOzTAAAADSBfHgxuqO0zuY92uuZu2hr+kJBHlqmlUi+29UM9jom6+gkBCXl14CjYL5xwxotoRAAAAAoYnMi9ZzU/bzhoJLBvO7BkH2upHxjhA4/ZpzVcqWWjh93nPDkKZ7seGbDuj5TVgTo1/DxAu0jCUKHu9ERleixg==</Pwd><Certificate targetname="WindowsLive:(cert):name=02lzqnfanptv;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAdwBaAFoAbwBXAFQAZABYAGwARQBtAEUAdQBBADgAcQA4AEwATQB3AFMAdwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEIASAB0ADQAcwBqAGUAUwBwADIARQA4AFkAZwB0AEsAO
[HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.th"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YACB7D~1.XML"
[HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.sg"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YAC50A~1.XML"
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\0186KSEBY5amu_a85OiPeBQA]
"Response Wednesday, June 25, 2014 21:45:52"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+YsHHWPl3EeBLwVEU/RAXgQAAAACAAAAAAAQZgAAAAEAACAAAAC043qA45cl+5AaqdoD4Y5xs1fbhgQ5ihunZbFUmp95IgAAAAAOgAAAAAIAACAAAADHdNYm+jY4ROVB2Ks+9DdHF6qwINTSSCVb1RhIXZuYfjAFAAAZix5t9B+lGutiENhzL6qx6eYq05Y67t2uuovkzhAANgYcir+Wv6rNt7tXgAEHK962CP2YbLuFtUM73ArhBXFpV9d+CU3CxnwWoOuUXBN1cyMXiHih0TIRaxJIvi+g6pl6VbN+V1sYi/wUwP7eOamVNimYkpy1xAz7GSywFP6WNM389fzN1SGf8nPhVcyEFu7pYeCCSi0R8i5T2TgmzKqO/giADVyUZl37MxXV5+ZbzZeSxVXb5QkuZkaQ7ydzJjXjr0sRQ/YaCZGgOWgUHjNtjx4H+pY10ZUl4jYt0iFK4RvNvwVu93UGR+j7MD1TSPXICy2IZU9tGvnSpAIh7JBHg1LWoi+1vSvRm9nP7bpGqOyaMn/djFoWhA4UdYk2pEg0mFBsvKn5euuQcHloyLWRXpOwoCvfrnddcF0PVAVDoh2mucotVwmpZnoHGtdA59Dak0AvEkcpfkgiInZLyjMLNH8ynftRSJSMWjccgbf8Hh9vL61NK4bFQ+7DGxcDhTJoY4e8qBZt/IDYKGiTqaXs/BqNa4znIJB1Z7uQ2obx+gIQUi9psd0JfqmEeXSUk/+eYiGLtF5UXshcwdG/PZx8Qy1re1owZJ+VIQXWBcekUj3JaAfhyPtD454rUkttLJX+5KNAM6vMAVmUDTIBNWK5Ip+QBpV2O+
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-1718339690-3013972182-446857107-1000\02lzqnfanptv]
"DeviceId"="<Data><User username="02LZQNFANPTV"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+YsHHWPl3EeBLwVEU/RAXgQAAAACAAAAAAAQZgAAAAEAACAAAADzyk8ckg+Z/fkcz6L5WEEUZzV/OEIT33FcbexAq4OUIgAAAAAOgAAAAAIAACAAAAByJLWSdSQwSESFJpT0iq5k/8/BNimZ2rza35zY9YkOzTAAAADSBfHgxuqO0zuY92uuZu2hr+kJBHlqmlUi+29UM9jom6+gkBCXl14CjYL5xwxotoRAAAAAoYnMi9ZzU/bzhoJLBvO7BkH2upHxjhA4/ZpzVcqWWjh93nPDkKZ7seGbDuj5TVgTo1/DxAu0jCUKHu9ERleixg==</Pwd><Certificate targetname="WindowsLive:(cert):name=02lzqnfanptv;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAdwBaAFoAbwBXAFQAZABYAGwARQBtAEUAdQBBADgAcQA4AEwATQB3AFMAdwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEIASAB0ADQAcwBqAGUAUwBwADIARQA4AFkAZwB0AEsAO

Searching for "Guntony"
[HKEY_CURRENT_USER\Software\Guntony]
[HKEY_CURRENT_USER\Software\Classes\ChromeHTML\DefaultIcon]
@="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0"
[HKEY_CURRENT_USER\Software\Classes\ChromeHTML\shell\open\command]
@=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationIcon"="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\DefaultIcon]
@="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-ReinstallCommand""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"HideIconsCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-HideIconsCommand""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ShowIconsCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-ShowIconsCommand""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Guntony]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Guntony]
"path"="C:\Program Files (x86)\Guntony\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Guntony]
"publicdirectroy"="C:\Users\Public\Documents\Guntony\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Guntony]
"publicdirectroy_log"="C:\Users\Public\Documents\Guntony\log\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Guntony]
"publicdirectroy_dump"="C:\Users\Public\Documents\Guntony\log\dump\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationIcon"="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\DefaultIcon]
@="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-ReinstallCommand""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"HideIconsCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-HideIconsCommand""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ShowIconsCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-ShowIconsCommand""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27C60F1F-7E7F-4B3C-B713-06D3263CB87D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\Guntony\protect\protect.exe|Name=Protect Service|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC1D2487-8B36-4655-97A5-1FD40416AA30}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\chrome.exe|Name=Chrome Browser|Desc=Chrome Browser|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{952C26F6-922A-405D-8899-D5E858F4EE28}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe|Name=Chrome Server|Desc=Chrome Server|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27C60F1F-7E7F-4B3C-B713-06D3263CB87D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\Guntony\protect\protect.exe|Name=Protect Service|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC1D2487-8B36-4655-97A5-1FD40416AA30}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\chrome.exe|Name=Chrome Browser|Desc=Chrome Browser|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{952C26F6-922A-405D-8899-D5E858F4EE28}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe|Name=Chrome Server|Desc=Chrome Server|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27C60F1F-7E7F-4B3C-B713-06D3263CB87D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\Guntony\protect\protect.exe|Name=Protect Service|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC1D2487-8B36-4655-97A5-1FD40416AA30}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\chrome.exe|Name=Chrome Browser|Desc=Chrome Browser|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{952C26F6-922A-405D-8899-D5E858F4EE28}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe|Name=Chrome Server|Desc=Chrome Server|"
[HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Guntony]
[HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Classes\ChromeHTML\DefaultIcon]
@="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0"
[HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Classes\ChromeHTML\shell\open\command]
@=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "%1""
[HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000_Classes\ChromeHTML\DefaultIcon]
@="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0"
[HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000_Classes\ChromeHTML\shell\open\command]
@=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "%1""

-= EOF =-
         
Was sagt der Profi: Ist mein Computer jetzt sauber? Das wäre ganz, ganz toll!

Antwort

Themen zu Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden
antivirus, askbar, avira, computer, dnsapi.dll, downloader, einstellungen, elex-tech, excel, failed, flash player, helper, home, homepage, install.exe, kaspersky, mozilla, programm, prozesse, registry, scan, services.exe, software, svchost.exe, system, teredo, trojaner, trojaner virus, viren, virus




Ähnliche Themen: Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden


  1. Trojaner/Rootkit TR/Agent.37888.248 in C:\WINDOWS\system32\drivers\a127b2c0fb888938.sys
    Log-Analyse und Auswertung - 05.07.2014 (15)
  2. Avira meldet TR/Sirefef.BV.2 -- C:\\windows\system32\ac97inctc.ddl und nach Quarantäne c:\\windows\system32\persfw.dll
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (4)
  3. Virus/Trojaner: Win64/sirefef.A ; Win64/sirefef.AB ; Win64/sirefef.W ; Auto-Neustart nach 1 Minute
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (18)
  4. win 32:Sirefef-AO und Malware.gen, win64:Sirefef-A gefunden von avast!
    Log-Analyse und Auswertung - 11.08.2012 (1)
  5. sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter.
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (37)
  6. Problem mit Trojaner Sirefef und Small und Rootkit.0Access
    Log-Analyse und Auswertung - 29.06.2012 (22)
  7. Sirefef.xx trojaner gefunden
    Log-Analyse und Auswertung - 26.06.2012 (19)
  8. failed to safe all the components for the file \\system32\985479 (rootkit virus)
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (11)
  9. TR/Sirefef.BV.2 system32 verschiedene dateien mit virus
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (6)
  10. TR/Sirefef.BP.1 + TR/Rootkit.Gen2 - Antivir meldet Virus
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (13)
  11. TR/Sirefef.BP.1 in C:\Windows\system32 Dateien gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (7)
  12. TR/sirefef.BP.1 mit Avira gefunden in der Datei C:\Windows\System32\rpcnet.dll
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (1)
  13. Rootkit hebelt Kernel-Schutz und Treibersignierung von 64-Bit-Windows aus
    Nachrichten - 16.11.2010 (0)
  14. Tr/rootkit.gen windows/system32/Drivers.lnuuf.sys (rootkit Agent)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2010 (1)
  15. Rootkit RKIT/Bubnix.S in C:\Windows\System32\drivers\...sys gefunden
    Log-Analyse und Auswertung - 20.05.2010 (3)
  16. Was tun? Virus Rootkit C:\Windows\System32\drivers\hsntoaox.sys
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (12)
  17. Trojaner Rootkit unter c:/windows/system32/drivers/jkxpflaj.sys
    Plagegeister aller Art und deren Bekämpfung - 03.03.2010 (11)

Zum Thema Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden - Liebes Trojaner-Team, vor ca. einer Woche habe ich an einer Online-Umfrage (Programm: Software Unipark), die ich im Rahmen meiner Masterarbeit an der Uni erstellt habe, gearbeitet. Ganz plötzlich und unerwartet - Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden...
Archiv
Du betrachtest: Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.