|
Log-Analyse und Auswertung: Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.05.2016, 21:39 | #1 |
| Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden Liebes Trojaner-Team, vor ca. einer Woche habe ich an einer Online-Umfrage (Programm: Software Unipark), die ich im Rahmen meiner Masterarbeit an der Uni erstellt habe, gearbeitet. Ganz plötzlich und unerwartet kam eine Meldung, dass der PC mit einem Virus infiziert ist: Windows-Firewall INFECTED !! Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT (Network Threat Protection) Kernel gefunden Virus Quelle: kostenlose Spiele, Porno-Websites, und Dritte Internet-Suche. Bitte besuchen Sie das nächste Windows Service-Center oder rufen Sie unter: 0-800-182-5584 (gebührenfrei) Seitdem habe ich ständig derartige Meldungen am Computer und er stürzt oft von alleine ab. Ich habe meinen Laptop zur Benutzerberatung der Uni gebracht und der Laptop wurde mit dem AdwCleaner auf Viren überprüft. Das Programm hat eine Reihe von Viren entdeckt, allerdings konnten diese nicht entfernt werden. Nun bin ich verzweifelt und benötige Eure Hilfe. Liebe Grüße Ludmilla Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:19-05-2016 durchgeführt von user (Administrator) auf USER-PC (20-05-2016 23:25:31) Gestartet von C:\Users\user\Desktop Geladene Profile: user (Verfügbare Profile: user) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe () C:\ProgramData\Guntony\protect\protect.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_242_ActiveX.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1027472 2015-12-23] (Cisco Systems, Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-31] (Microsoft Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{36398523-7615-4AF2-A2A6-A18130B35576}: [DhcpNameServer] 192.168.3.2 Tcpip\..\Interfaces\{9D540E77-56BB-4FAB-9711-18067F181277}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=0003446E&OHP=http%3A%2F%2Fwww.msn.com%2F%3Fpc%3DMSSE&OSP=http%3A%2F%2Fdo%2Dsearch.com%2Fweb%2F%3Futm%5Fsource%3Db%26utm%5Fmedium%3D%26utm%5Fcampaign%3Dinstall%5Fie%26utm%5Fcontent%3Dds%26from%3D%26uid%3DST500DM002%2D1BC142%5FW2A27G6AXXXXW2A27G6A%26ts%3D1420373293%26type%3Ddefault%26q%3D%7BsearchTerms%7D SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229 FF Homepage: hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q FF NewTab: hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] () FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Extension: xRocket Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com [2016-05-16] [ist nicht signiert] FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-29] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-05-13] FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com Chrome: ======= CHR HomePage: Default -> hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q CHR StartupUrls: Default -> "hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q" CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q&q={searchTerms} CHR DefaultSearchKeyword: Default -> nice CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-06] CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-06] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-06] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-06] CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-06] CHR Extension: (Google Tabellen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-06] CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-06] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06] CHR Extension: (Citavi Picker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-05-02] CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-06] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert] R2 Guntony_protect; C:\ProgramData\Guntony\protect\protect.exe [302976 2016-05-12] () S2 Guntony_update; C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [473472 2016-05-12] () R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-03] (Elex do Brasil Participações Ltda) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Datei ist nicht signiert] R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-04-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141920 2016-04-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-04-04] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-04-04] (Avira Operations GmbH & Co. KG) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-03] (Elex do Brasil Participações Ltda) R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-03] (Elex do Brasil Participações Ltda) R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-04-08] (Elex do Brasil Participações Ltda) R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-03] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-06-30] (Elex do Brasil Participações Ltda) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-04-20] (Cisco Systems, Inc.) R2 zntport; C:\Windows\system32\drivers\zntport.sys [13880 2007-12-22] (Zeal SoftStudio) S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-20 23:21 - 2016-05-20 23:24 - 00025693 _____ C:\Users\user\Desktop\Addition.txt 2016-05-20 23:14 - 2016-05-20 23:25 - 00019306 _____ C:\Users\user\Desktop\FRST.txt 2016-05-20 23:13 - 2016-05-20 23:25 - 00000000 ____D C:\FRST 2016-05-20 23:12 - 2016-05-20 23:12 - 02382336 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2016-05-20 23:06 - 2015-06-30 04:50 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys 2016-05-20 23:04 - 2016-05-20 23:04 - 00000000 ____D C:\Users\user\AppData\Roaming\Elex-tech 2016-05-20 22:17 - 2016-05-20 22:17 - 00000124 _____ C:\Users\user\Desktop\Singles und Partnersuche bei NEU.DE.url 2016-05-20 14:11 - 2016-05-20 23:00 - 00000000 ____D C:\AdwCleaner 2016-05-20 14:11 - 2016-05-17 13:55 - 03651136 _____ C:\Users\user\Desktop\adwcleaner_5.117.exe 2016-05-18 23:49 - 2016-05-18 23:49 - 00000209 _____ C:\Users\user\Desktop\KenFM-Positionen 1 Krieg oder Frieden in Europa - Wer bestimmt auf dem Kontinent - YouTube.url 2016-05-17 16:12 - 2016-05-17 16:12 - 00000201 _____ C:\Users\user\Desktop\Startseite.url 2016-05-16 15:54 - 2016-05-16 15:54 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira 2016-05-16 15:45 - 2016-04-04 17:07 - 00154816 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2016-05-16 15:45 - 2016-04-04 17:07 - 00141920 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2016-05-16 15:45 - 2016-04-04 17:07 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2016-05-16 15:45 - 2016-04-04 17:07 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2016-05-16 15:39 - 2016-05-16 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-05-16 15:39 - 2016-05-16 15:39 - 00001210 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\ProgramData\Avira 2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\Program Files (x86)\Avira 2016-05-16 10:26 - 2016-05-16 10:26 - 00000000 ____D C:\ProgramData\Guntony 2016-05-16 10:25 - 2016-05-20 14:17 - 00000000 ____D C:\Windows\system32\log 2016-05-16 10:24 - 2016-05-16 10:24 - 00014744 _____ C:\Windows\System32\Tasks\GuntonyBrowserUpdateUA 2016-05-16 10:24 - 2016-05-16 10:24 - 00014726 _____ C:\Windows\System32\Tasks\GuntonyCheckTask 2016-05-16 10:24 - 2016-05-16 10:24 - 00003804 _____ C:\Windows\System32\Tasks\GuntonyBrowserUpdateCore 2016-05-16 10:24 - 2016-05-16 10:24 - 00000000 ____D C:\Users\user\AppData\Local\Guntony 2016-05-16 10:24 - 2016-05-16 10:24 - 00000000 ____D C:\Program Files (x86)\Elex-tech 2016-05-16 10:23 - 2016-05-20 14:27 - 00000000 ____D C:\Program Files (x86)\Guntony 2016-05-16 10:23 - 2016-05-16 10:23 - 00002102 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-16 10:23 - 2016-05-16 10:23 - 00000000 ____D C:\Users\Public\Documents\Guntony 2016-05-15 22:41 - 2016-05-15 23:09 - 00000000 ____D C:\Users\user\Desktop\15.05.16 2016-05-15 20:17 - 2016-05-18 09:56 - 00000000 ____D C:\Users\user\Desktop\Theorie_MA 2016-05-14 17:41 - 2016-05-14 17:43 - 00000000 ____D C:\Users\user\Desktop\SPSS_16 2016-05-13 07:37 - 2016-05-15 18:36 - 00000000 ____D C:\Users\user\Documents\Citavi 5 2016-05-13 07:37 - 2016-05-13 07:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Swiss Academic Software 2016-05-13 07:36 - 2016-05-13 07:36 - 00001961 _____ C:\Users\Public\Desktop\Citavi 5.lnk 2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5 2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\Program Files (x86)\Citavi 5 2016-05-11 19:07 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-05-11 19:07 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-05-11 19:07 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-05-11 19:07 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-05-11 19:07 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-05-11 19:07 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-05-11 19:07 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-05-11 19:07 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-05-11 19:07 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-05-11 19:07 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-05-11 19:07 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-05-11 19:07 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-05-11 19:07 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-05-11 19:07 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-05-11 19:07 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-05-11 19:07 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-05-11 19:07 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-05-11 19:07 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-05-11 19:07 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-05-11 19:07 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-05-11 19:07 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-05-11 19:07 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-05-11 19:07 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-05-11 19:07 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-05-11 19:07 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-05-11 19:07 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-05-11 19:07 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-05-11 19:07 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-05-11 19:07 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-05-11 19:07 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-05-11 19:07 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-05-11 19:07 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-05-11 19:07 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-05-11 19:07 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-05-11 19:07 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-05-11 19:07 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-05-11 19:07 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-05-11 19:06 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-05-11 19:06 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-05-11 19:06 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-05-11 19:06 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-05-11 19:06 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-05-11 19:06 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-05-11 19:06 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-05-11 19:06 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-05-11 19:06 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-05-11 19:06 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-05-11 19:06 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-05-11 19:06 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-05-11 19:06 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-05-11 19:06 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-05-11 19:06 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-05-11 19:06 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-05-11 19:06 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-05-11 19:06 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-05-11 19:06 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-05-11 19:06 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-05-11 19:06 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-05-11 19:06 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-05-11 19:06 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-05-11 19:06 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-05-11 19:06 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-05-11 19:06 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-05-11 19:06 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-05-11 19:06 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-05-11 19:06 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-05-11 19:04 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-05-11 19:04 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-05-11 19:04 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-05-11 19:03 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-05-11 19:03 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-05-11 19:03 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-05-11 19:02 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-05-11 19:02 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-05-11 19:02 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-05-11 19:02 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-05-11 19:02 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-05-11 19:02 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-05-11 19:02 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-05-11 18:58 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-05-11 18:58 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-05-11 18:58 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-05-11 18:58 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-05-11 18:58 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-05-11 18:58 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-05-11 18:58 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-05-11 18:58 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-05-11 18:58 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-05-11 18:58 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-05-11 18:58 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-05-11 18:58 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-05-11 18:58 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-05-11 18:58 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-05-11 18:58 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-05-11 18:58 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-05-11 18:58 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-05-11 18:58 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-05-11 18:58 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-05-11 18:58 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-05-11 18:58 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-05-11 18:58 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-05-11 18:58 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-05-11 18:58 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-05-11 18:57 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-05-11 18:57 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-05-04 21:59 - 2016-05-17 19:30 - 00000000 ____D C:\Users\user\Desktop\MA schreiben 2016-05-04 15:28 - 2016-05-04 15:28 - 00000143 _____ C:\Users\user\Desktop\Osteopathie.url 2016-05-02 20:24 - 2016-05-13 07:37 - 00000000 ____D C:\ProgramData\Swiss Academic Software 2016-05-01 18:44 - 2016-05-17 13:50 - 00000000 ____D C:\Users\user\Desktop\Notizen 2016-04-24 21:35 - 2016-05-16 09:50 - 00000000 ____D C:\Users\user\Desktop\cad 2016-04-24 14:36 - 2016-05-15 20:09 - 00000000 ____D C:\Users\user\Desktop\SRP 2016-04-23 08:41 - 2016-02-05 20:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll 2016-04-23 08:41 - 2016-02-05 20:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll 2016-04-23 08:41 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll 2016-04-23 08:41 - 2015-06-03 22:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-20 23:15 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-20 23:15 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-20 23:04 - 2016-04-06 18:39 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-20 23:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-20 22:54 - 2015-03-15 14:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-20 22:52 - 2016-04-06 18:39 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-20 14:04 - 2009-07-27 11:10 - 00699342 _____ C:\Windows\system32\perfh007.dat 2016-05-20 14:04 - 2009-07-27 11:10 - 00149450 _____ C:\Windows\system32\perfc007.dat 2016-05-20 14:04 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-20 14:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-05-20 14:01 - 2015-03-27 09:03 - 00000000 ____D C:\Users\user\Desktop\fotos 2016-05-20 11:47 - 2015-03-19 15:25 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner 2016-05-20 10:21 - 2016-04-06 17:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-20 07:01 - 2015-03-18 11:48 - 00000000 ____D C:\Users\user\Desktop\Eigene Dateien 2016-05-16 15:37 - 2016-01-14 00:17 - 00000000 ____D C:\ProgramData\Package Cache 2016-05-16 10:23 - 2016-04-06 18:40 - 00002054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-14 16:27 - 2015-07-13 18:01 - 00000000 ____D C:\Users\user\Desktop\Prüfung 2016-05-13 20:54 - 2015-05-24 19:54 - 00000000 ____D C:\Users\user\Desktop\Uni_2015 2016-05-13 07:32 - 2014-01-25 21:04 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations 2016-05-13 07:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2016-05-12 21:55 - 2015-03-15 14:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-05-12 21:54 - 2015-03-15 14:28 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-12 21:54 - 2015-03-15 14:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-12 17:16 - 2015-03-15 20:06 - 00000000 ____D C:\Windows\system32\appraiser 2016-05-12 08:08 - 2009-07-14 06:45 - 00414280 _____ C:\Windows\system32\FNTCACHE.DAT 2016-05-12 08:04 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-11 23:56 - 2013-10-30 12:16 - 00000000 ____D C:\Windows\system32\MRT 2016-05-11 23:19 - 2013-10-30 12:16 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-05-11 18:10 - 2015-10-14 11:11 - 00000000 ____D C:\Users\user\Desktop\masterarbeit 2016-05-11 07:47 - 2016-04-06 18:39 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-11 07:46 - 2016-04-06 18:39 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-10 22:22 - 2016-04-06 17:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-05-08 14:10 - 2016-01-15 22:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Millisecond Software 2016-05-06 09:36 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-05-06 09:36 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\system32\GWX 2016-05-04 23:24 - 2014-07-06 12:11 - 00000000 ____D C:\Users\user\Desktop\Uni 2016-04-24 23:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2016-04-23 10:09 - 2014-03-11 18:10 - 01593564 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-04-21 15:05 - 2013-10-30 11:21 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Einige Dateien in TEMP: ==================== C:\Users\user\AppData\Local\Temp\avgnt.exe C:\Users\user\AppData\Local\Temp\libeay32.dll C:\Users\user\AppData\Local\Temp\msvcr120.dll C:\Users\user\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-05-18 08:54 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:19-05-2016 durchgeführt von user (2016-05-20 23:27:39) Gestartet von C:\Users\user\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2013-10-30 09:00:08) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1718339690-3013972182-446857107-500 - Administrator - Disabled) Gast (S-1-5-21-1718339690-3013972182-446857107-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1718339690-3013972182-446857107-1002 - Limited - Enabled) user (S-1-5-21-1718339690-3013972182-446857107-1000 - Administrator - Enabled) => C:\Users\user ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden Brother MFL-Pro Suite DCP-7055W (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.2.01035 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 4.2.01035 - Cisco Systems, Inc.) Hidden Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Deutsche Grammatik (HKLM-x32\...\Deutsche Grammatik_is1) (Version: - Magnamedia) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp) Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.18.07 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MediaLab Research Software v2012 (HKLM-x32\...\{67350CFB-529E-4173-91DC-0AE79DEE1ACC}) (Version: 20.12.4.131 - Empirisoft Corporation) Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nuance PaperPort 12 (HKLM-x32\...\{DA715959-CFF1-48A2-B3BB-98B9E569C6AC}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.) Scansoft PDF Professional (x32 Version: - ) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) WinZip (HKLM-x32\...\WinZip) (Version: 2.0.39 - Winzipper Pvt Ltd.) <==== ACHTUNG YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ACHTUNG ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {02913145-BEBF-4240-AC37-A7F08F3F748E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated) Task: {07FB5B5B-8A2D-4A9E-AD85-EB5FD6AF1789} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.) Task: {2A348BC6-66EA-43AD-8F71-0470B11747E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.) Task: {5ED97A44-9BAC-4B08-AA04-1069146C9288} - System32\Tasks\GuntonyBrowserUpdateCore => C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [2016-05-12] () <==== ACHTUNG Task: {7E1A5E0C-D3B1-45BF-BB0C-28E1632744FC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd) Task: {A8F6F5A3-4864-4473-AB42-C1B7C19A62E7} - System32\Tasks\GuntonyBrowserUpdateUA => C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [2016-05-12] () <==== ACHTUNG Task: {BD77D142-0DB2-42E3-B606-03C3771D3D92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {D88946E8-79B6-4C3D-885C-B78CC3CF1B02} - System32\Tasks\GuntonyCheckTask => C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [2016-05-12] () <==== ACHTUNG (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.) Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.) Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.) Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-02-12 23:13 - 2016-02-12 23:13 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2016-05-16 10:23 - 2016-05-12 10:08 - 00302976 _____ () C:\ProgramData\Guntony\protect\protect.exe 2016-05-16 10:25 - 2016-05-03 11:12 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll 2016-05-16 10:25 - 2015-06-30 04:50 - 00176976 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll 2016-05-16 10:25 - 2015-06-30 04:50 - 00087744 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll 2015-12-23 15:33 - 2015-12-23 15:33 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2016-05-16 10:25 - 2016-05-03 11:12 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll 2014-07-17 21:44 - 2009-02-27 14:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{7F0883AE-4217-472B-A0B7-A84CCF3D9383}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{13CEAE4F-40BC-4D7C-9082-D40ECF266D03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3366C49C-020F-42E9-AF6C-01213720ECA0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D2DF957A-0F99-4A9E-A649-2F073FCF7C48}] => (Allow) C:\ProgramData\Guntony\protect\protect.exe FirewallRules: [{1B37851A-C72D-4876-990F-AC01CD36DFC1}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\chrome.exe FirewallRules: [{86542B32-4B41-4FCA-946D-16ADAE498F7C}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe ==================== Wiederherstellungspunkte ========================= 05-05-2016 23:06:11 Windows Update 06-05-2016 09:35:49 Windows Update 10-05-2016 07:00:25 Windows Update 10-05-2016 23:41:04 Windows Update 11-05-2016 23:05:25 Windows Update 12-05-2016 17:16:21 Windows Update 13-05-2016 07:33:44 Installed Citavi 5 . ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (05/20/2016 11:15:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d Ausnahmecode: 0xc0000005 Fehleroffset: 0x003225d6 ID des fehlerhaften Prozesses: 0x66c Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (05/20/2016 11:02:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d Ausnahmecode: 0xc0000005 Fehleroffset: 0x003225d6 ID des fehlerhaften Prozesses: 0x1304 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (05/20/2016 11:01:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d Ausnahmecode: 0xc0000005 Fehleroffset: 0x003225d6 ID des fehlerhaften Prozesses: 0x10cc Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (05/20/2016 11:00:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d Ausnahmecode: 0xc0000005 Fehleroffset: 0x003225d6 ID des fehlerhaften Prozesses: 0xd54 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (05/20/2016 10:59:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d Ausnahmecode: 0xc0000005 Fehleroffset: 0x003225d6 ID des fehlerhaften Prozesses: 0xc70 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (05/19/2016 06:45:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d Ausnahmecode: 0xc0000005 Fehleroffset: 0x003225d6 ID des fehlerhaften Prozesses: 0x1380 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (05/18/2016 12:19:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d Ausnahmecode: 0xc0000005 Fehleroffset: 0x003225d6 ID des fehlerhaften Prozesses: 0x5c8 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (05/18/2016 09:19:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d Ausnahmecode: 0xc0000005 Fehleroffset: 0x003225d6 ID des fehlerhaften Prozesses: 0x1094 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (05/18/2016 09:18:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d Ausnahmecode: 0xc0000005 Fehleroffset: 0x003225d6 ID des fehlerhaften Prozesses: 0xcf8 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (05/18/2016 09:18:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d Ausnahmecode: 0xc0000005 Fehleroffset: 0x003225d6 ID des fehlerhaften Prozesses: 0x12bc Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Systemfehler: ============= Error: (05/20/2016 11:06:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "YAC NDIS Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/20/2016 11:06:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: iSafeNetFilter Error: (05/20/2016 11:00:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Protect Service(Guntony_protect)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/20/2016 11:00:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/20/2016 11:00:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/20/2016 11:00:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "BrYNSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/20/2016 11:00:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/20/2016 11:00:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/20/2016 11:00:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "PDFProFiltSrvPP" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/20/2016 11:00:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz Prozentuale Nutzung des RAM: 37% Installierter physikalischer RAM: 4056.56 MB Verfügbarer physikalischer RAM: 2545.35 MB Summe virtueller Speicher: 8111.3 MB Verfügbarer virtueller Speicher: 6055.13 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:297.99 GB) (Free:150.36 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D6776FFD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ Code:
ATTFilter Emsisoft Anti-Malware - Version 11.7.0.6394 Letztes Update: 24.05.2016 16:12:40 Benutzerkonto: user-PC\user Scaneinstellungen: Scantyp: Malware-Scan Objekte: Rootkits, Speicher, Traces, Dateien Erkenne PUPs: Aus Archive scannen: Aus ADS-Scan: An Dateierweiterungen: Aus Advanced Caching: An Direct Disk Access: Aus Scan Beginn: 24.05.2016 16:16:03 Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\APPLICATION\WPM Application.AdShort (A) Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\APPLICATION\WPM Application.AdShort (A) C:\Users\user\AppData\Local\Temp\ist17C5.tmp\OmigaZip_patch\wzShellctx64.dll Trojan.GenericKD.3204865 (B) C:\Users\user\AppData\Local\Temp\ist17C5.tmp\OmigaZip_patch\winzipersvc.exe Trojan.GenericKD.3242516 (B) Gescannt 95597 Gefunden 6 Scan Ende: 24.05.2016 16:42:53 Scanzeit: 0:26:50 Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7c2c7255cc359948b0854a388a9f67ff # end=init # utc_time=2016-05-24 02:53:18 # local_time=2016-05-24 04:53:18 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Init Update Download esets_scanner_update returned -1 esets_gle=41221 Update Finalize Updated modules version: 0 Old modules - leave modules Update Init Update Download ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7c2c7255cc359948b0854a388a9f67ff # end=init # utc_time=2016-05-24 03:38:56 # local_time=2016-05-24 05:38:56 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 29575 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7c2c7255cc359948b0854a388a9f67ff # end=updated # utc_time=2016-05-24 04:47:11 # local_time=2016-05-24 06:47:11 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7c2c7255cc359948b0854a388a9f67ff # engine=29575 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2016-05-24 11:39:52 # local_time=2016-05-25 01:39:52 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Antivirus' # compatibility_mode=1815 16777213 100 99 41807 4350749 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 745922 215763041 0 0 # scanned=244636 # found=25 # cleaned=25 # scan_time=24759 sh=03EF7E54E63086DE731DE7D5718D4C9F04DF2D61 ft=1 fh=b4ae41b8d891d689 vn="Variante von Win32/ELEX.HU evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir" sh=194C469880E642387FD6A16E2CBDD22183F85BE6 ft=1 fh=1ac99bc7033e47b0 vn="Variante von Win32/ELEX.HW evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\WinZipper\wzUpg.exe.vir" sh=0874684898BD2E937EBB456CEA806CB3216C9F49 ft=0 fh=0000000000000000 vn="Win32/ELEX.HU evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\users\user\AppData\Roaming\WinZiper\update\wzp_update_v2.0.16.exe.vir" sh=D7C1CFAC4300B2D32A85EBA8EED24ECD79629C50 ft=0 fh=0000000000000000 vn="Variante von Win32/ELEX.HU evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\users\user\AppData\Roaming\WinZiper\update\wzp_update_v2.0.39.exe.vir" sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\FileQuarantine\C\Windows\SysNative\drivers\iSafeNetFilter.sys.vir" sh=23FC768BA59A17A76EF6CED1F4FFCC26F67EB8F2 ft=1 fh=65afe576d276f696 vn="Variante von Win32/ELEX.BP evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iImportLib.dll" sh=BFC712282D22A4DC02D4594EC5AF71C790347E36 ft=1 fh=91d61e330d1da7f8 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlCall64.dll" sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys" sh=A99A057031BE5E697F08A6B32F08D279C673DB78 ft=1 fh=bf29d5f4060d2337 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeRKScanShell64.dll" sh=A340BA98EC7BA228D8E66AC55C47F6A0F0FCCBD2 ft=1 fh=92c69192d39a3ccb vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll" sh=54F84BF7920B818D988BA6A1CDE598FA17F19368 ft=1 fh=4be25ff8c3b8aee8 vn="Variante von Win32/ELEX.CS evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSvc.dll" sh=04654BF4B65060F9490885A1A7BD435562EA6DE4 ft=1 fh=9c254fd99edfd587 vn="Variante von Win32/ELEX.CQ evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\iSvc2.dll" sh=5AF0B98E324EB8D81F97EEE2D11E3F996B5C91F5 ft=1 fh=955761e6ce5527b5 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\ouilibx.dll" sh=83023BA2BDF35B7534C1B9A5717C82E66FFA4713 ft=1 fh=155a36bb06b48bf7 vn="Variante von Win32/ELEX.DB evtl. unerwünschte Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe" sh=4BAC7EB623632405322CBD8CCDC3DEC06DDB4AC0 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart))" ac=C fn="C:\Program Files (x86)\Elex-tech\YAC\data\fst.dat" sh=D7C1CFAC4300B2D32A85EBA8EED24ECD79629C50 ft=0 fh=0000000000000000 vn="Variante von Win32/ELEX.HU evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55WVK17Z\wzp_2016.5.16[1].dat" sh=73EC77361CCACF77F2125010E7C09A9D54671022 ft=1 fh=44f21e0f798c5bb0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LA01TQVK\Emsisoft Anti Malware - CHIP-Installer.exe" sh=4709BC60AD30644E4340E12B51C6F39ABAA424B8 ft=1 fh=f95490e65ec6bbab vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\user\AppData\Local\Temp\DMR\dmr_72.exe" sh=910EF3E9F92D811FA824DEA5F4285F4653DF342D ft=1 fh=5f872e7b04cf450e vn="Variante von Win32/ELEX.HW evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\user\AppData\Local\Temp\ist17C5.tmp\OmigaZip_patch\wzUpg.exe" sh=03EF7E54E63086DE731DE7D5718D4C9F04DF2D61 ft=1 fh=b4ae41b8d891d689 vn="Variante von Win32/ELEX.HU evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\user\AppData\Local\Temp\ist823C.tmp\tools\wzp\OmigaZip_patch\winzipersvc.exe" sh=194C469880E642387FD6A16E2CBDD22183F85BE6 ft=1 fh=1ac99bc7033e47b0 vn="Variante von Win32/ELEX.HW evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\user\AppData\Local\Temp\ist823C.tmp\tools\wzp\OmigaZip_patch\wzUpg.exe" sh=2A479117E8D4FA069EF5271CB37EDDF6C314F7E3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\chrome\content\toolbar.js" sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Windows\System32\drivers\iSafeNetFilter.sys" sh=2FBB4A5BCB76B20040AC36355679F301D31F1809 ft=1 fh=dbb82f17f8f59ab1 vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\zipa[1].exe" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/ELEX.BP evtl. unerwünschte Anwendung (gelöscht (nach dem nächsten Neustart))" ac=C fn="${Memory}" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7c2c7255cc359948b0854a388a9f67ff # end=init # utc_time=2016-05-25 04:54:23 # local_time=2016-05-25 06:54:23 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Init Update Download esets_scanner_update returned -1 esets_gle=53251 Update Finalize Updated modules version: 29587 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7c2c7255cc359948b0854a388a9f67ff # end=updated # utc_time=2016-05-25 04:57:47 # local_time=2016-05-25 06:57:47 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7c2c7255cc359948b0854a388a9f67ff # engine=29587 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2016-05-25 05:07:15 # local_time=2016-05-25 07:07:15 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Antivirus' # compatibility_mode=1815 16777213 100 99 1150 4413593 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 808766 215825885 0 0 # scanned=3974 # found=0 # cleaned=0 # scan_time=567 Code:
ATTFilter # AdwCleaner v5.117 - Bericht erstellt am 25/05/2016 um 19:13:46 # Aktualisiert am 15/05/2016 von Xplode # Datenbank : 2016-05-23.3 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64) # Benutzername : user - USER-PC # Gestartet von : C:\Users\user\Desktop\adwcleaner_5.117.exe # Option : Suchlauf # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** Dienst gefunden : iSafeKrnl Dienst gefunden : iSafeKrnlBoot Dienst gefunden : iSafeKrnlKit Dienst gefunden : iSafeKrnlMon Dienst gefunden : iSafeKrnlR3 Dienst gefunden : iSafeNetFilter Dienst gefunden : iSafeService ***** [ Ordner ] ***** Ordner gefunden : C:\Program Files (x86)\Elex-tech Ordner gefunden : C:\users\user\AppData\Roaming\Elex-tech ***** [ Dateien ] ***** Datei gefunden : C:\Windows\SysNative\drivers\iSafeNetFilter.sys ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel gefunden : HKCU\Software\OCS Schlüssel gefunden : HKLM\SOFTWARE\Elex-tech Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe Schlüssel gefunden : HKU\.DEFAULT\Software\Elex-tech Schlüssel gefunden : HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\OCS Schlüssel gefunden : HKU\S-1-5-18\Software\Elex-tech Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\eshopcomp.com Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.eshopcomp.com Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com ***** [ Internetbrowser ] ***** [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.alias", ""); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine"); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://www.nicesearches.com/favicon.ico?t=1"); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.name", "nice "); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.ptid", "wpm07153"); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.ref", ""); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.ts", "1463387536"); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.type", ""); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.uid", "fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x"); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.url", "hxxp://www.nicesearches.com/search.php?type=ds&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c[...] [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("extensions.quick_start.enable_search1", false); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.startup.homepage", "hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q"); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.newtab.url", "hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q"); [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] gefunden : hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] gefunden : hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [9941 Bytes] - [20/05/2016 14:16:23] C:\AdwCleaner\AdwCleaner[C2].txt - [5707 Bytes] - [20/05/2016 14:42:45] C:\AdwCleaner\AdwCleaner[C3].txt - [5685 Bytes] - [20/05/2016 23:00:22] C:\AdwCleaner\AdwCleaner[S1].txt - [9683 Bytes] - [20/05/2016 14:11:55] C:\AdwCleaner\AdwCleaner[S2].txt - [5330 Bytes] - [20/05/2016 14:37:10] C:\AdwCleaner\AdwCleaner[S3].txt - [5374 Bytes] - [20/05/2016 22:57:53] C:\AdwCleaner\AdwCleaner[S4].txt - [6076 Bytes] - [25/05/2016 19:13:46] ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [6149 Bytes] ########## |
25.05.2016, 22:31 | #2 |
/// TB-Ausbilder | Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefundenMein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags: So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1
Schritt 2 Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
25.05.2016, 23:23 | #3 |
| Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Vielen lieben Dank für Ihre schnelle Antwort!
__________________Hier die Untersuchungsergebnisse: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01 durchgeführt von user (Administrator) auf USER-PC (25-05-2016 23:36:56) Gestartet von C:\Users\user\Desktop Geladene Profile: user (Verfügbare Profile: user) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe () C:\ProgramData\Guntony\protect\protect.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_242_ActiveX.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9405904 2016-04-26] (Emsisoft Ltd) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1027472 2015-12-23] (Cisco Systems, Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-31] (Microsoft Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{36398523-7615-4AF2-A2A6-A18130B35576}: [DhcpNameServer] 192.168.3.2 Tcpip\..\Interfaces\{9D540E77-56BB-4FAB-9711-18067F181277}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229 FF Homepage: hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q FF NewTab: hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] () FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Extension: xRocket Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com [2016-05-16] [ist nicht signiert] FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-29] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-05-13] FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com Chrome: ======= CHR HomePage: Default -> hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q CHR StartupUrls: Default -> "hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q" CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q&q={searchTerms} CHR DefaultSearchKeyword: Default -> nice CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-06] CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-06] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-06] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-06] CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-06] CHR Extension: (Google Tabellen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-06] CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-06] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06] CHR Extension: (Citavi Picker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-05-02] CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-06] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [11341584 2016-04-26] (Emsisoft Ltd) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert] R2 Guntony_protect; C:\ProgramData\Guntony\protect\protect.exe [302976 2016-05-12] () S2 Guntony_update; C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [473472 2016-05-12] () R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-03] (Elex do Brasil Participações Ltda) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Datei ist nicht signiert] R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-04-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141920 2016-04-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-04-04] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-04-04] (Avira Operations GmbH & Co. KG) S3 eapihdrv; C:\Users\user\AppData\Local\Temp\ehdrv.sys [135760 2016-05-25] (ESET) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [126280 2016-04-07] (Emsisoft Ltd) R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-03] (Elex do Brasil Participações Ltda) R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-03] (Elex do Brasil Participações Ltda) R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-04-08] (Elex do Brasil Participações Ltda) R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-03] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-06-30] (Elex do Brasil Participações Ltda) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-04-20] (Cisco Systems, Inc.) R2 zntport; C:\Windows\system32\drivers\zntport.sys [13880 2007-12-22] (Zeal SoftStudio) S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-25 23:36 - 2016-05-25 23:36 - 00000000 ____D C:\Users\user\Desktop\FRST-OlderVersion 2016-05-25 23:24 - 2016-05-25 23:24 - 00000209 _____ C:\Users\user\Desktop\Trojaner-Board - Suchergebnisse.url 2016-05-25 07:50 - 2015-06-30 04:50 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys 2016-05-24 16:53 - 2016-05-24 16:53 - 00000000 ____D C:\Program Files (x86)\ESET 2016-05-24 16:46 - 2016-05-24 16:46 - 00002348 _____ C:\Users\user\Desktop\scan_160524-161603_Emsosoft.txt 2016-05-24 16:42 - 2016-05-24 16:42 - 00000000 ____D C:\ProgramData\Emsisoft 2016-05-24 15:57 - 2016-05-24 15:57 - 00000896 _____ C:\Users\user\Desktop\Emsisoft Anti-Malware.lnk 2016-05-24 15:57 - 2016-05-24 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2016-05-24 15:52 - 2016-05-25 22:40 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware 2016-05-23 23:30 - 2016-05-25 21:57 - 00000000 ____D C:\Users\user\Desktop\forum 2016-05-23 22:43 - 2016-05-23 22:43 - 00284818 _____ C:\Users\user\Desktop\Anti-Malware.txt 2016-05-23 20:56 - 2016-05-23 23:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-23 20:53 - 2016-05-23 20:53 - 00001102 _____ C:\Users\user\Desktop\ Malwarebytes Anti-Malware .lnk 2016-05-23 20:53 - 2016-05-23 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-05-23 20:53 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-05-23 20:53 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-05-23 20:53 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-05-23 20:52 - 2016-05-23 20:53 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-05-23 19:29 - 2016-05-23 19:29 - 00095558 _____ C:\Users\user\Desktop\Ereignisse_Avira.txt 2016-05-20 23:29 - 2016-05-20 23:29 - 00000239 _____ C:\Users\user\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten.url 2016-05-20 23:21 - 2016-05-20 23:29 - 00025693 _____ C:\Users\user\Desktop\Addition.txt 2016-05-20 23:14 - 2016-05-25 23:36 - 00019542 _____ C:\Users\user\Desktop\FRST.txt 2016-05-20 23:13 - 2016-05-25 23:36 - 00000000 ____D C:\FRST 2016-05-20 23:12 - 2016-05-25 23:36 - 02383360 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2016-05-20 23:04 - 2016-05-20 23:04 - 00000000 ____D C:\Users\user\AppData\Roaming\Elex-tech 2016-05-20 22:17 - 2016-05-20 22:17 - 00000124 _____ C:\Users\user\Desktop\Singles und Partnersuche bei NEU.DE.url 2016-05-20 14:11 - 2016-05-25 19:13 - 00000000 ____D C:\AdwCleaner 2016-05-20 14:11 - 2016-05-17 13:55 - 03651136 _____ C:\Users\user\Desktop\adwcleaner_5.117.exe 2016-05-18 23:49 - 2016-05-18 23:49 - 00000209 _____ C:\Users\user\Desktop\KenFM-Positionen 1 Krieg oder Frieden in Europa - Wer bestimmt auf dem Kontinent - YouTube.url 2016-05-17 16:12 - 2016-05-17 16:12 - 00000201 _____ C:\Users\user\Desktop\Startseite.url 2016-05-16 15:54 - 2016-05-16 15:54 - 00000000 ____D C:\Users\user\AppData\Roaming\Avira 2016-05-16 15:45 - 2016-04-04 17:07 - 00154816 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2016-05-16 15:45 - 2016-04-04 17:07 - 00141920 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2016-05-16 15:45 - 2016-04-04 17:07 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2016-05-16 15:45 - 2016-04-04 17:07 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2016-05-16 15:39 - 2016-05-16 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-05-16 15:39 - 2016-05-16 15:39 - 00001210 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\ProgramData\Avira 2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\Program Files (x86)\Avira 2016-05-16 10:26 - 2016-05-16 10:26 - 00000000 ____D C:\ProgramData\Guntony 2016-05-16 10:25 - 2016-05-20 14:17 - 00000000 ____D C:\Windows\system32\log 2016-05-16 10:24 - 2016-05-16 10:24 - 00014744 _____ C:\Windows\System32\Tasks\GuntonyBrowserUpdateUA 2016-05-16 10:24 - 2016-05-16 10:24 - 00014726 _____ C:\Windows\System32\Tasks\GuntonyCheckTask 2016-05-16 10:24 - 2016-05-16 10:24 - 00003804 _____ C:\Windows\System32\Tasks\GuntonyBrowserUpdateCore 2016-05-16 10:24 - 2016-05-16 10:24 - 00000000 ____D C:\Users\user\AppData\Local\Guntony 2016-05-16 10:24 - 2016-05-16 10:24 - 00000000 ____D C:\Program Files (x86)\Elex-tech 2016-05-16 10:23 - 2016-05-25 23:24 - 00000000 ____D C:\Program Files (x86)\Guntony 2016-05-16 10:23 - 2016-05-16 10:23 - 00002102 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-16 10:23 - 2016-05-16 10:23 - 00000000 ____D C:\Users\Public\Documents\Guntony 2016-05-15 22:41 - 2016-05-15 23:09 - 00000000 ____D C:\Users\user\Desktop\15.05.16 2016-05-15 20:17 - 2016-05-23 15:10 - 00000000 ____D C:\Users\user\Desktop\Theorie_MA 2016-05-14 17:41 - 2016-05-14 17:43 - 00000000 ____D C:\Users\user\Desktop\SPSS_16 2016-05-13 07:37 - 2016-05-15 18:36 - 00000000 ____D C:\Users\user\Documents\Citavi 5 2016-05-13 07:37 - 2016-05-13 07:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Swiss Academic Software 2016-05-13 07:36 - 2016-05-13 07:36 - 00001961 _____ C:\Users\Public\Desktop\Citavi 5.lnk 2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5 2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\Program Files (x86)\Citavi 5 2016-05-11 19:07 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-05-11 19:07 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-05-11 19:07 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-05-11 19:07 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-05-11 19:07 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-05-11 19:07 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-05-11 19:07 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-05-11 19:07 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-05-11 19:07 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-05-11 19:07 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-05-11 19:07 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-05-11 19:07 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-05-11 19:07 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-05-11 19:07 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-05-11 19:07 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-05-11 19:07 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-05-11 19:07 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-05-11 19:07 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-05-11 19:07 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-05-11 19:07 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-05-11 19:07 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-05-11 19:07 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-05-11 19:07 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-05-11 19:07 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-05-11 19:07 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-05-11 19:07 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-05-11 19:07 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-05-11 19:07 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-05-11 19:07 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-05-11 19:07 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-05-11 19:07 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-05-11 19:07 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-05-11 19:07 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-05-11 19:07 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-05-11 19:07 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-05-11 19:07 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-05-11 19:07 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-05-11 19:06 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-05-11 19:06 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-05-11 19:06 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-05-11 19:06 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-05-11 19:06 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-05-11 19:06 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-05-11 19:06 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-05-11 19:06 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-05-11 19:06 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-05-11 19:06 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-05-11 19:06 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-05-11 19:06 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-05-11 19:06 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-05-11 19:06 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-05-11 19:06 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-05-11 19:06 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-05-11 19:06 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-05-11 19:06 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-05-11 19:06 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-05-11 19:06 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-05-11 19:06 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-05-11 19:06 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-05-11 19:06 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-05-11 19:06 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-05-11 19:06 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-05-11 19:06 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-05-11 19:06 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-05-11 19:06 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-05-11 19:06 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-05-11 19:04 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-05-11 19:04 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-05-11 19:04 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-05-11 19:03 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-05-11 19:03 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-05-11 19:03 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-05-11 19:02 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-05-11 19:02 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-05-11 19:02 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-05-11 19:02 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-05-11 19:02 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-05-11 19:02 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-05-11 19:02 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-05-11 18:58 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-05-11 18:58 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-05-11 18:58 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-05-11 18:58 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-05-11 18:58 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-05-11 18:58 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-05-11 18:58 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-05-11 18:58 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-05-11 18:58 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-05-11 18:58 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-05-11 18:58 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-05-11 18:58 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-05-11 18:58 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-05-11 18:58 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-05-11 18:58 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-05-11 18:58 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-05-11 18:58 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-05-11 18:58 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-05-11 18:58 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-05-11 18:58 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-05-11 18:58 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-05-11 18:58 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-05-11 18:58 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-05-11 18:58 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-05-11 18:57 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-05-11 18:57 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-05-04 21:59 - 2016-05-17 19:30 - 00000000 ____D C:\Users\user\Desktop\MA schreiben 2016-05-04 15:28 - 2016-05-04 15:28 - 00000143 _____ C:\Users\user\Desktop\Osteopathie.url 2016-05-03 17:40 - 2016-05-11 12:36 - 00000000 ____D C:\Users\user\Desktop\Fachschaft 2016-05-02 20:24 - 2016-05-13 07:37 - 00000000 ____D C:\ProgramData\Swiss Academic Software 2016-05-01 18:44 - 2016-05-17 13:50 - 00000000 ____D C:\Users\user\Desktop\Notizen ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-25 22:54 - 2015-03-15 14:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-25 22:52 - 2016-04-06 18:39 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-25 20:28 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-25 20:28 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-25 12:36 - 2016-04-06 18:39 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-25 12:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-25 07:57 - 2014-07-17 21:44 - 00000000 ____D C:\Program Files (x86)\ControlCenter4 2016-05-23 23:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2016-05-20 14:04 - 2009-07-27 11:10 - 00699342 _____ C:\Windows\system32\perfh007.dat 2016-05-20 14:04 - 2009-07-27 11:10 - 00149450 _____ C:\Windows\system32\perfc007.dat 2016-05-20 14:04 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-20 14:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-05-20 14:01 - 2015-03-27 09:03 - 00000000 ____D C:\Users\user\Desktop\fotos 2016-05-20 11:47 - 2015-03-19 15:25 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner 2016-05-20 10:21 - 2016-04-06 17:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-20 07:01 - 2015-03-18 11:48 - 00000000 ____D C:\Users\user\Desktop\Eigene Dateien 2016-05-16 15:37 - 2016-01-14 00:17 - 00000000 ____D C:\ProgramData\Package Cache 2016-05-16 10:23 - 2016-04-06 18:40 - 00002054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-16 09:50 - 2016-04-24 21:35 - 00000000 ____D C:\Users\user\Desktop\cad 2016-05-15 20:09 - 2016-04-24 14:36 - 00000000 ____D C:\Users\user\Desktop\SRP 2016-05-14 16:27 - 2015-07-13 18:01 - 00000000 ____D C:\Users\user\Desktop\Prüfung 2016-05-13 20:54 - 2015-05-24 19:54 - 00000000 ____D C:\Users\user\Desktop\Uni_2015 2016-05-13 07:32 - 2014-01-25 21:04 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations 2016-05-13 07:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2016-05-12 21:55 - 2015-03-15 14:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-05-12 21:54 - 2015-03-15 14:28 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-12 21:54 - 2015-03-15 14:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-12 17:16 - 2015-03-15 20:06 - 00000000 ____D C:\Windows\system32\appraiser 2016-05-12 08:08 - 2009-07-14 06:45 - 00414280 _____ C:\Windows\system32\FNTCACHE.DAT 2016-05-12 08:04 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-11 23:56 - 2013-10-30 12:16 - 00000000 ____D C:\Windows\system32\MRT 2016-05-11 23:19 - 2013-10-30 12:16 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-05-11 18:10 - 2015-10-14 11:11 - 00000000 ____D C:\Users\user\Desktop\masterarbeit 2016-05-11 07:47 - 2016-04-06 18:39 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-11 07:46 - 2016-04-06 18:39 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-10 22:22 - 2016-04-06 17:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-05-08 14:10 - 2016-01-15 22:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Millisecond Software 2016-05-06 09:36 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-05-06 09:36 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\system32\GWX 2016-05-04 23:24 - 2014-07-06 12:11 - 00000000 ____D C:\Users\user\Desktop\Uni Einige Dateien in TEMP: ==================== C:\Users\user\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-05-18 08:54 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-05-2016 01 durchgeführt von user (2016-05-25 23:39:29) Gestartet von C:\Users\user\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2013-10-30 09:00:08) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1718339690-3013972182-446857107-500 - Administrator - Disabled) Gast (S-1-5-21-1718339690-3013972182-446857107-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1718339690-3013972182-446857107-1002 - Limited - Enabled) user (S-1-5-21-1718339690-3013972182-446857107-1000 - Administrator - Enabled) => C:\Users\user ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Emsisoft Anti-Malware (Enabled - Up to date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Emsisoft Anti-Malware (Enabled - Up to date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden Brother MFL-Pro Suite DCP-7055W (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.2.01035 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 4.2.01035 - Cisco Systems, Inc.) Hidden Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Deutsche Grammatik (HKLM-x32\...\Deutsche Grammatik_is1) (Version: - Magnamedia) Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.7 - Emsisoft Ltd.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp) Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.18.07 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MediaLab Research Software v2012 (HKLM-x32\...\{67350CFB-529E-4173-91DC-0AE79DEE1ACC}) (Version: 20.12.4.131 - Empirisoft Corporation) Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nuance PaperPort 12 (HKLM-x32\...\{DA715959-CFF1-48A2-B3BB-98B9E569C6AC}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.) Scansoft PDF Professional (x32 Version: - ) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) WinZip (HKLM-x32\...\WinZip) (Version: 2.0.39 - Winzipper Pvt Ltd.) <==== ACHTUNG YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ACHTUNG ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {02913145-BEBF-4240-AC37-A7F08F3F748E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated) Task: {07FB5B5B-8A2D-4A9E-AD85-EB5FD6AF1789} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.) Task: {2A348BC6-66EA-43AD-8F71-0470B11747E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.) Task: {5ED97A44-9BAC-4B08-AA04-1069146C9288} - System32\Tasks\GuntonyBrowserUpdateCore => C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [2016-05-12] () <==== ACHTUNG Task: {7E1A5E0C-D3B1-45BF-BB0C-28E1632744FC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd) Task: {A8F6F5A3-4864-4473-AB42-C1B7C19A62E7} - System32\Tasks\GuntonyBrowserUpdateUA => C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [2016-05-12] () <==== ACHTUNG Task: {BD77D142-0DB2-42E3-B606-03C3771D3D92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {D88946E8-79B6-4C3D-885C-B78CC3CF1B02} - System32\Tasks\GuntonyCheckTask => C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [2016-05-12] () <==== ACHTUNG (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.) Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.) Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.) Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-02-12 23:13 - 2016-02-12 23:13 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2016-05-16 10:23 - 2016-05-12 10:08 - 00302976 _____ () C:\ProgramData\Guntony\protect\protect.exe 2016-05-16 10:25 - 2016-05-03 11:12 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll 2016-05-16 10:25 - 2015-06-30 04:50 - 00176976 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll 2016-05-16 10:25 - 2015-06-30 04:50 - 00087744 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll 2015-12-23 15:33 - 2015-12-23 15:33 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2016-05-16 10:25 - 2016-05-03 11:12 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll 2014-07-17 21:44 - 2009-02-27 14:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{7F0883AE-4217-472B-A0B7-A84CCF3D9383}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{13CEAE4F-40BC-4D7C-9082-D40ECF266D03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3366C49C-020F-42E9-AF6C-01213720ECA0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{26406C68-85C1-43A2-8444-E5C51703F242}] => (Allow) C:\ProgramData\Guntony\protect\protect.exe FirewallRules: [{502CC798-9623-4A5D-936D-69AD1ED7B76D}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\chrome.exe FirewallRules: [{39E47CAE-FF7E-4663-BAD4-5D966767542F}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe ==================== Wiederherstellungspunkte ========================= 12-05-2016 17:16:21 Windows Update 13-05-2016 07:33:44 Installed Citavi 5 . 23-05-2016 14:17:37 Geplanter Prüfpunkt ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (05/25/2016 08:16:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x7189000a ID des fehlerhaften Prozesses: 0x%9 Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Error: (05/25/2016 07:07:07 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (05/25/2016 06:54:06 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (05/25/2016 06:54:02 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (05/25/2016 06:02:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x717a000a ID des fehlerhaften Prozesses: 0x12d8 Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Error: (05/25/2016 05:37:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x717a000a ID des fehlerhaften Prozesses: 0xc14 Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Error: (05/25/2016 04:45:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x717c000a ID des fehlerhaften Prozesses: 0xcfc Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Error: (05/25/2016 03:44:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d Ausnahmecode: 0xc0000005 Fehleroffset: 0x003225d6 ID des fehlerhaften Prozesses: 0x10bc Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (05/25/2016 02:29:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x7185000a ID des fehlerhaften Prozesses: 0x%9 Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Error: (05/25/2016 02:17:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x7185000a ID des fehlerhaften Prozesses: 0x%9 Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Systemfehler: ============= Error: (05/25/2016 07:07:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (05/25/2016 07:07:21 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (05/25/2016 07:07:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (05/25/2016 07:07:21 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (05/25/2016 07:07:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (05/25/2016 07:07:20 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (05/25/2016 07:07:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (05/25/2016 07:07:19 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (05/25/2016 07:07:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (05/25/2016 07:07:18 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz Prozentuale Nutzung des RAM: 50% Installierter physikalischer RAM: 4056.56 MB Verfügbarer physikalischer RAM: 1995.84 MB Summe virtueller Speicher: 8111.3 MB Verfügbarer virtueller Speicher: 5244.69 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:297.99 GB) (Free:151.71 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D6776FFD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
25.05.2016, 23:29 | #4 |
| Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Das Ergebnis der TDSSKiller Untersuchung: Code:
ATTFilter 23:46:34.0282 0x143c TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12 23:46:42.0986 0x143c ============================================================ 23:46:42.0986 0x143c Current date / time: 2016/05/25 23:46:42.0986 23:46:42.0986 0x143c SystemInfo: 23:46:42.0986 0x143c 23:46:42.0986 0x143c OS Version: 6.1.7601 ServicePack: 1.0 23:46:42.0986 0x143c Product type: Workstation 23:46:42.0986 0x143c ComputerName: USER-PC 23:46:42.0986 0x143c UserName: user 23:46:42.0986 0x143c Windows directory: C:\Windows 23:46:42.0986 0x143c System windows directory: C:\Windows 23:46:42.0986 0x143c Running under WOW64 23:46:42.0986 0x143c Processor architecture: Intel x64 23:46:42.0986 0x143c Number of processors: 2 23:46:42.0986 0x143c Page size: 0x1000 23:46:42.0986 0x143c Boot type: Normal boot 23:46:42.0986 0x143c ============================================================ 23:46:45.0264 0x143c KLMD registered as C:\Windows\system32\drivers\44936176.sys 23:46:46.0169 0x143c System UUID: {B40ACAE7-93F2-2E06-7303-9B5107E9A584} 23:46:48.0556 0x143c Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 23:46:48.0571 0x143c ============================================================ 23:46:48.0571 0x143c \Device\Harddisk0\DR0: 23:46:48.0571 0x143c MBR partitions: 23:46:48.0571 0x143c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 23:46:48.0571 0x143c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800 23:46:48.0571 0x143c ============================================================ 23:46:48.0587 0x143c C: <-> \Device\Harddisk0\DR0\Partition2 23:46:48.0587 0x143c ============================================================ 23:46:48.0587 0x143c Initialize success 23:46:48.0587 0x143c ============================================================ 23:46:55.0622 0x0ab8 ============================================================ 23:46:55.0622 0x0ab8 Scan started 23:46:55.0622 0x0ab8 Mode: Manual; 23:46:55.0622 0x0ab8 ============================================================ 23:46:55.0622 0x0ab8 KSN ping started 23:47:10.0442 0x0ab8 KSN ping finished: true 23:47:20.0302 0x0ab8 ================ Scan system memory ======================== 23:47:20.0302 0x0ab8 System memory - ok 23:47:20.0302 0x0ab8 ================ Scan services ============================= 23:47:20.0551 0x0ab8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 23:47:20.0567 0x0ab8 1394ohci - ok 23:47:22.0096 0x0ab8 [ 6A9A920C6A0BC688D819B389E3573940, 209EEA8B854E15528365C2246F13EFD37F2C9A749398D2A607E967A2BE5B551A ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe 23:47:22.0876 0x0ab8 a2AntiMalware - ok 23:47:23.0172 0x0ab8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 23:47:23.0203 0x0ab8 ACPI - ok 23:47:23.0281 0x0ab8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 23:47:23.0297 0x0ab8 AcpiPmi - ok 23:47:23.0406 0x0ab8 [ 028F7CFA4B2F7A7049375C4088ADB369, DAE4F092734655F99C097C1F6E49B4F7C2110A35839139CB62C1FFD84379DE4A ] acsock C:\Windows\system32\DRIVERS\acsock64.sys 23:47:23.0437 0x0ab8 acsock - ok 23:47:23.0562 0x0ab8 [ 36114214BF8D7C464D1E92E4EB6B2DD3, 8E7CB266D4ABCDF332A3D4D341753811D51B72985E36F24A7E757DCA11A65A2A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 23:47:23.0562 0x0ab8 AdobeARMservice - ok 23:47:23.0765 0x0ab8 [ 6A050671F2C76FB48131F12786802807, 71B37A9CEAE5AB1B069FB010BC547E14445461885B74FA879E63F9F2DAF644A5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 23:47:23.0796 0x0ab8 AdobeFlashPlayerUpdateSvc - ok 23:47:23.0905 0x0ab8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 23:47:23.0952 0x0ab8 adp94xx - ok 23:47:24.0092 0x0ab8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 23:47:24.0124 0x0ab8 adpahci - ok 23:47:24.0186 0x0ab8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 23:47:24.0217 0x0ab8 adpu320 - ok 23:47:24.0280 0x0ab8 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 23:47:24.0295 0x0ab8 AeLookupSvc - ok 23:47:24.0389 0x0ab8 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys 23:47:24.0436 0x0ab8 AFD - ok 23:47:24.0498 0x0ab8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 23:47:24.0514 0x0ab8 agp440 - ok 23:47:24.0560 0x0ab8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 23:47:24.0560 0x0ab8 ALG - ok 23:47:24.0607 0x0ab8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 23:47:24.0607 0x0ab8 aliide - ok 23:47:24.0654 0x0ab8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 23:47:24.0654 0x0ab8 amdide - ok 23:47:24.0732 0x0ab8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 23:47:24.0732 0x0ab8 AmdK8 - ok 23:47:24.0794 0x0ab8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 23:47:24.0794 0x0ab8 AmdPPM - ok 23:47:24.0857 0x0ab8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 23:47:24.0872 0x0ab8 amdsata - ok 23:47:24.0950 0x0ab8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 23:47:24.0966 0x0ab8 amdsbs - ok 23:47:25.0044 0x0ab8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 23:47:25.0044 0x0ab8 amdxata - ok 23:47:25.0637 0x0ab8 [ 157DA3885AA4F03C80C10DAEB0949CAA, 69EA1C9F904FBDFE904A3BC52CB0E188AF18A93EA87A119E5E6234C6F5D4742E ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe 23:47:25.0715 0x0ab8 AntiVirMailService - ok 23:47:25.0824 0x0ab8 [ BD65021AB0EC790AECC503C394E61BA4, 51AD9C6F1192A3604902AE4F3B4B791DF1D58EA0B39B12AE4FA38F59E02F6D68 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe 23:47:25.0855 0x0ab8 AntiVirSchedulerService - ok 23:47:25.0949 0x0ab8 [ BD65021AB0EC790AECC503C394E61BA4, 51AD9C6F1192A3604902AE4F3B4B791DF1D58EA0B39B12AE4FA38F59E02F6D68 ] AntiVirService C:\Program Files (x86)\Avira\Antivirus\avguard.exe 23:47:25.0980 0x0ab8 AntiVirService - ok 23:47:26.0167 0x0ab8 [ CF586007CB1F9189CDF07D0D5A02C448, 7BA6E27A835A0851C12A7A115C24665631CC77D857DAF32D24BF2D2AF676FE30 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe 23:47:26.0292 0x0ab8 AntiVirWebService - ok 23:47:26.0401 0x0ab8 [ 6474F8823C7188D2DA579F01FB6CED6B, 81D4E9D026CA60FB8840D520D151B8C2F4745A75DF90A4D6C80641F1A23AB605 ] AppID C:\Windows\system32\drivers\appid.sys 23:47:26.0417 0x0ab8 AppID - ok 23:47:26.0448 0x0ab8 [ 8F58BA1F7772D6D7CE45F03309608001, CDB109E0DD241042C058F7D81A1BDEBC34435CB2DC4A7A7A3692193DD5806097 ] AppIDSvc C:\Windows\System32\appidsvc.dll 23:47:26.0448 0x0ab8 AppIDSvc - ok 23:47:26.0542 0x0ab8 [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo C:\Windows\System32\appinfo.dll 23:47:26.0557 0x0ab8 Appinfo - ok 23:47:26.0604 0x0ab8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys 23:47:26.0620 0x0ab8 arc - ok 23:47:26.0666 0x0ab8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 23:47:26.0682 0x0ab8 arcsas - ok 23:47:26.0869 0x0ab8 [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 23:47:27.0025 0x0ab8 aspnet_state - ok 23:47:27.0088 0x0ab8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 23:47:27.0088 0x0ab8 AsyncMac - ok 23:47:27.0150 0x0ab8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 23:47:27.0150 0x0ab8 atapi - ok 23:47:27.0290 0x0ab8 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 23:47:27.0431 0x0ab8 AudioEndpointBuilder - ok 23:47:27.0571 0x0ab8 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll 23:47:27.0618 0x0ab8 AudioSrv - ok 23:47:27.0727 0x0ab8 [ 742D578C28F6F58B8B576F91A1D8EB4E, 6C49EC198E67CE40728F0C19CB2BDCB59310BA59324F58E4D456DA2C8CC28BA6 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 23:47:27.0743 0x0ab8 avgntflt - ok 23:47:27.0790 0x0ab8 [ C9BED3BDC39FBCAA77A88308355B237E, AFC74D4BF86FB695D7D31534C174D926C8ED57E7D8E98339CE3ED060AC3BB6D0 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 23:47:27.0805 0x0ab8 avipbb - ok 23:47:27.0961 0x0ab8 [ 04B922C5BE92C42DD0C2B9D085D7C0CA, 7E1F76A1FB2D6CB78CD0A881A0A55DC8478BABC42F9BFE63FB838E087C7DA3AB ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe 23:47:27.0977 0x0ab8 Avira.ServiceHost - ok 23:47:28.0039 0x0ab8 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 23:47:28.0039 0x0ab8 avkmgr - ok 23:47:28.0086 0x0ab8 [ 138A53D17B040F5A3A307D44A89D0905, AD212E430F2DE43F037BECF6A46FCD53270A5EE11427030C7D5CBC3EAAAAA029 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys 23:47:28.0086 0x0ab8 avnetflt - ok 23:47:28.0195 0x0ab8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 23:47:28.0211 0x0ab8 AxInstSV - ok 23:47:28.0351 0x0ab8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 23:47:28.0414 0x0ab8 b06bdrv - ok 23:47:28.0648 0x0ab8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 23:47:28.0726 0x0ab8 b57nd60a - ok 23:47:28.0882 0x0ab8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 23:47:28.0882 0x0ab8 BDESVC - ok 23:47:28.0960 0x0ab8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 23:47:28.0960 0x0ab8 Beep - ok 23:47:29.0100 0x0ab8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 23:47:29.0162 0x0ab8 BFE - ok 23:47:29.0552 0x0ab8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 23:47:29.0630 0x0ab8 BITS - ok 23:47:29.0818 0x0ab8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 23:47:29.0818 0x0ab8 blbdrive - ok 23:47:29.0880 0x0ab8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 23:47:29.0880 0x0ab8 bowser - ok 23:47:29.0927 0x0ab8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 23:47:29.0927 0x0ab8 BrFiltLo - ok 23:47:29.0958 0x0ab8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 23:47:29.0958 0x0ab8 BrFiltUp - ok 23:47:30.0020 0x0ab8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 23:47:30.0036 0x0ab8 Browser - ok 23:47:30.0098 0x0ab8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 23:47:30.0114 0x0ab8 Brserid - ok 23:47:30.0145 0x0ab8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 23:47:30.0161 0x0ab8 BrSerWdm - ok 23:47:30.0192 0x0ab8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 23:47:30.0208 0x0ab8 BrUsbMdm - ok 23:47:30.0239 0x0ab8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 23:47:30.0239 0x0ab8 BrUsbSer - ok 23:47:30.0348 0x0ab8 [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe 23:47:30.0379 0x0ab8 BrYNSvc - ok 23:47:30.0426 0x0ab8 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 23:47:30.0426 0x0ab8 BthEnum - ok 23:47:30.0473 0x0ab8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 23:47:30.0473 0x0ab8 BTHMODEM - ok 23:47:30.0535 0x0ab8 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 23:47:30.0551 0x0ab8 BthPan - ok 23:47:30.0676 0x0ab8 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 23:47:30.0722 0x0ab8 BTHPORT - ok 23:47:30.0785 0x0ab8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 23:47:30.0785 0x0ab8 bthserv - ok 23:47:30.0832 0x0ab8 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 23:47:30.0847 0x0ab8 BTHUSB - ok 23:47:30.0878 0x0ab8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 23:47:30.0894 0x0ab8 cdfs - ok 23:47:30.0972 0x0ab8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys 23:47:30.0988 0x0ab8 cdrom - ok 23:47:31.0034 0x0ab8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 23:47:31.0050 0x0ab8 CertPropSvc - ok 23:47:31.0097 0x0ab8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 23:47:31.0112 0x0ab8 circlass - ok 23:47:31.0222 0x0ab8 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys 23:47:31.0268 0x0ab8 CLFS - ok 23:47:31.0378 0x0ab8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:47:31.0378 0x0ab8 clr_optimization_v2.0.50727_32 - ok 23:47:31.0456 0x0ab8 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 23:47:31.0471 0x0ab8 clr_optimization_v2.0.50727_64 - ok 23:47:31.0580 0x0ab8 [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:47:31.0938 0x0ab8 clr_optimization_v4.0.30319_32 - ok 23:47:31.0986 0x0ab8 [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 23:47:32.0046 0x0ab8 clr_optimization_v4.0.30319_64 - ok 23:47:32.0121 0x0ab8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 23:47:32.0126 0x0ab8 CmBatt - ok 23:47:32.0166 0x0ab8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 23:47:32.0171 0x0ab8 cmdide - ok 23:47:32.0293 0x0ab8 [ CA3FB5A6B626D8A00A89E049CF95954E, CD5E3E40972513195108BA46CEC1D0AEA6B09A67EEBDD17EB759BD1729B07C06 ] CNG C:\Windows\system32\Drivers\cng.sys 23:47:32.0346 0x0ab8 CNG - ok 23:47:32.0446 0x0ab8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 23:47:32.0451 0x0ab8 Compbatt - ok 23:47:32.0521 0x0ab8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 23:47:32.0526 0x0ab8 CompositeBus - ok 23:47:32.0548 0x0ab8 COMSysApp - ok 23:47:32.0591 0x0ab8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 23:47:32.0596 0x0ab8 crcdisk - ok 23:47:32.0693 0x0ab8 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll 23:47:32.0711 0x0ab8 CryptSvc - ok 23:47:32.0861 0x0ab8 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch C:\Windows\system32\rpcss.dll 23:47:32.0903 0x0ab8 DcomLaunch - ok 23:47:32.0963 0x0ab8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 23:47:32.0991 0x0ab8 defragsvc - ok 23:47:33.0098 0x0ab8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 23:47:33.0108 0x0ab8 DfsC - ok 23:47:33.0246 0x0ab8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 23:47:33.0286 0x0ab8 Dhcp - ok 23:47:33.0518 0x0ab8 [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack C:\Windows\system32\diagtrack.dll 23:47:33.0733 0x0ab8 DiagTrack - ok 23:47:33.0838 0x0ab8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 23:47:33.0843 0x0ab8 discache - ok 23:47:33.0906 0x0ab8 [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk C:\Windows\system32\drivers\disk.sys 23:47:33.0916 0x0ab8 Disk - ok 23:47:33.0993 0x0ab8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 23:47:34.0016 0x0ab8 Dnscache - ok 23:47:34.0088 0x0ab8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 23:47:34.0111 0x0ab8 dot3svc - ok 23:47:34.0191 0x0ab8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 23:47:34.0223 0x0ab8 DPS - ok 23:47:34.0301 0x0ab8 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 23:47:34.0301 0x0ab8 drmkaud - ok 23:47:34.0503 0x0ab8 [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 23:47:34.0613 0x0ab8 DXGKrnl - ok 23:47:34.0691 0x0ab8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 23:47:34.0706 0x0ab8 EapHost - ok 23:47:35.0330 0x0ab8 [ 560EDC0912BDB68290930E2542823A24, CB9578A19F717FBD388F2BE8179CF2D4755DF11AD246E13AF1D43E25CA026386 ] eapihdrv C:\Users\user\AppData\Local\Temp\ehdrv.sys 23:47:35.0361 0x0ab8 eapihdrv - ok 23:47:36.0048 0x0ab8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 23:47:36.0422 0x0ab8 ebdrv - ok 23:47:36.0563 0x0ab8 [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] EFS C:\Windows\System32\lsass.exe 23:47:36.0563 0x0ab8 EFS - ok 23:47:36.0750 0x0ab8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 23:47:36.0812 0x0ab8 ehRecvr - ok 23:47:36.0890 0x0ab8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 23:47:36.0921 0x0ab8 ehSched - ok 23:47:37.0015 0x0ab8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 23:47:37.0062 0x0ab8 elxstor - ok 23:47:37.0249 0x0ab8 [ F093114300542DBF3DAB97D7A4BB4E36, 5E3A1663A1227BE8F8D31BD7E8E42BA205652B5D3916800D0939484BAB81AFE7 ] epp C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys 23:47:37.0265 0x0ab8 epp - ok 23:47:37.0327 0x0ab8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 23:47:37.0327 0x0ab8 ErrDev - ok 23:47:37.0467 0x0ab8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 23:47:37.0514 0x0ab8 EventSystem - ok 23:47:37.0748 0x0ab8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 23:47:37.0764 0x0ab8 exfat - ok 23:47:37.0857 0x0ab8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 23:47:37.0873 0x0ab8 fastfat - ok 23:47:37.0998 0x0ab8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 23:47:38.0060 0x0ab8 Fax - ok 23:47:38.0091 0x0ab8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys 23:47:38.0091 0x0ab8 fdc - ok 23:47:38.0138 0x0ab8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 23:47:38.0138 0x0ab8 fdPHost - ok 23:47:38.0247 0x0ab8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 23:47:38.0247 0x0ab8 FDResPub - ok 23:47:38.0279 0x0ab8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 23:47:38.0294 0x0ab8 FileInfo - ok 23:47:38.0325 0x0ab8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 23:47:38.0341 0x0ab8 Filetrace - ok 23:47:38.0372 0x0ab8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 23:47:38.0372 0x0ab8 flpydisk - ok 23:47:38.0435 0x0ab8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 23:47:38.0466 0x0ab8 FltMgr - ok 23:47:38.0918 0x0ab8 [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\Windows\system32\FntCache.dll 23:47:39.0137 0x0ab8 FontCache - ok 23:47:39.0371 0x0ab8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 23:47:39.0371 0x0ab8 FontCache3.0.0.0 - ok 23:47:39.0417 0x0ab8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 23:47:39.0417 0x0ab8 FsDepends - ok 23:47:39.0464 0x0ab8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 23:47:39.0480 0x0ab8 Fs_Rec - ok 23:47:39.0542 0x0ab8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 23:47:39.0558 0x0ab8 fvevol - ok 23:47:39.0589 0x0ab8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 23:47:39.0605 0x0ab8 gagp30kx - ok 23:47:39.0729 0x0ab8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 23:47:39.0792 0x0ab8 gpsvc - ok 23:47:40.0010 0x0ab8 [ E7DF232FB4670F5C7A517D7FFFB0A8FC, 15A2C138EDB4D8E2B097579762DF7AA3E90503820219ED040D3002DDF265C16F ] Guntony_protect C:\ProgramData\Guntony\protect\protect.exe 23:47:40.0041 0x0ab8 Guntony_protect - ok 23:47:40.0213 0x0ab8 [ FA2C5B35CA039D86F76911F711CA3F30, B5A6FDBF3214809754C1D230D479387E141C82B3911D1E917E6CC531D313F3A2 ] Guntony_update C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe 23:47:40.0291 0x0ab8 Guntony_update - ok 23:47:40.0399 0x0ab8 [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 23:47:40.0429 0x0ab8 gupdate - ok 23:47:40.0482 0x0ab8 [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 23:47:40.0497 0x0ab8 gupdatem - ok 23:47:40.0552 0x0ab8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 23:47:40.0557 0x0ab8 hcw85cir - ok 23:47:40.0647 0x0ab8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 23:47:40.0694 0x0ab8 HdAudAddService - ok 23:47:40.0744 0x0ab8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 23:47:40.0754 0x0ab8 HDAudBus - ok 23:47:40.0792 0x0ab8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 23:47:40.0794 0x0ab8 HidBatt - ok 23:47:40.0857 0x0ab8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 23:47:40.0872 0x0ab8 HidBth - ok 23:47:40.0914 0x0ab8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 23:47:40.0919 0x0ab8 HidIr - ok 23:47:40.0974 0x0ab8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll 23:47:40.0984 0x0ab8 hidserv - ok 23:47:41.0034 0x0ab8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 23:47:41.0039 0x0ab8 HidUsb - ok 23:47:41.0094 0x0ab8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 23:47:41.0112 0x0ab8 hkmsvc - ok 23:47:41.0187 0x0ab8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 23:47:41.0209 0x0ab8 HomeGroupListener - ok 23:47:41.0272 0x0ab8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 23:47:41.0297 0x0ab8 HomeGroupProvider - ok 23:47:41.0354 0x0ab8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 23:47:41.0362 0x0ab8 HpSAMD - ok 23:47:41.0467 0x0ab8 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys 23:47:41.0582 0x0ab8 HTTP - ok 23:47:41.0647 0x0ab8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 23:47:41.0652 0x0ab8 hwpolicy - ok 23:47:41.0694 0x0ab8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 23:47:41.0709 0x0ab8 i8042prt - ok 23:47:41.0844 0x0ab8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 23:47:41.0879 0x0ab8 iaStorV - ok 23:47:42.0044 0x0ab8 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 23:47:42.0157 0x0ab8 idsvc - ok 23:47:42.0244 0x0ab8 IEEtwCollectorService - ok 23:47:43.0824 0x0ab8 [ C6238C6ABD6AC99F5D152DA4E9439A3D, 6FC490B94CEF523C7C099AEA3D36AB75C9896B1D83D4467D237E698A8E0D9E7B ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 23:47:44.0825 0x0ab8 igfx - ok 23:47:45.0152 0x0ab8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 23:47:45.0168 0x0ab8 iirsp - ok 23:47:45.0558 0x0ab8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 23:47:45.0652 0x0ab8 IKEEXT - ok 23:47:45.0792 0x0ab8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 23:47:45.0792 0x0ab8 intelide - ok 23:47:45.0839 0x0ab8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 23:47:45.0839 0x0ab8 intelppm - ok 23:47:45.0901 0x0ab8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 23:47:45.0917 0x0ab8 IPBusEnum - ok 23:47:45.0979 0x0ab8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:47:45.0995 0x0ab8 IpFilterDriver - ok 23:47:46.0120 0x0ab8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 23:47:46.0166 0x0ab8 iphlpsvc - ok 23:47:46.0291 0x0ab8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 23:47:46.0307 0x0ab8 IPMIDRV - ok 23:47:46.0354 0x0ab8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 23:47:46.0354 0x0ab8 IPNAT - ok 23:47:46.0416 0x0ab8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 23:47:46.0432 0x0ab8 IRENUM - ok 23:47:46.0619 0x0ab8 [ BFA3107D0755568C3B55CA3BCB5491C7, D05D8DE5A2FAA50DB0BD981FA20186A6DFFD19581BE35C8AD5EEC3A7908585B6 ] iSafeKrnl C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys 23:47:46.0634 0x0ab8 iSafeKrnl - ok 23:47:46.0666 0x0ab8 iSafeKrnlBoot - ok 23:47:46.0775 0x0ab8 [ B3D0539ACB9A047EFF69EE8DD96CA84B, 02292131819989DC10C9390903905405086A5E995D82C4B556ACCB78D84F4B75 ] iSafeKrnlKit C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys 23:47:46.0806 0x0ab8 iSafeKrnlKit - ok 23:47:46.0900 0x0ab8 [ 093A45CB22A0B33C30314CB3BF21C096, 685105DCD02200959A72B4D83FB245C3C3B894DC07F8C628879091B9FCC3EED9 ] iSafeKrnlMon C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys 23:47:46.0900 0x0ab8 iSafeKrnlMon - ok 23:47:46.0962 0x0ab8 [ A21E9AB248B7D7A419FAF26B265F5CDE, 668112269744E05EF0613E65E3FDD908BA6DFA82D6C30C98808CEC6D89FE89B7 ] iSafeKrnlR3 C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys 23:47:46.0978 0x0ab8 iSafeKrnlR3 - ok 23:47:47.0056 0x0ab8 [ 9FB02FBA90F6AF59537A30C3DB9777C8, 6597D4994D0D6262B853F64A6E828C5D411225624F137901F6DCF3D3BA81BB80 ] iSafeNetFilter C:\Windows\system32\DRIVERS\iSafeNetFilter.sys 23:47:47.0056 0x0ab8 iSafeNetFilter - ok 23:47:47.0118 0x0ab8 [ 11F6F9216D8F77EAC196B07D66E819EA, 5902ACF11432A320948237ED791C5B9724BAE8A9F78592BDB9562BD18788A6B1 ] iSafeService C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe 23:47:47.0134 0x0ab8 iSafeService - ok 23:47:47.0212 0x0ab8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 23:47:47.0212 0x0ab8 isapnp - ok 23:47:47.0290 0x0ab8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 23:47:47.0305 0x0ab8 iScsiPrt - ok 23:47:47.0399 0x0ab8 [ 232DAF11B2D1363BC8CABF1A0E33601B, 4DF618ABCCFA54A1102FD732EBB18508D3F0F4201E4D9143852B740945F30ADE ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys 23:47:47.0414 0x0ab8 JMCR - ok 23:47:47.0492 0x0ab8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 23:47:47.0492 0x0ab8 kbdclass - ok 23:47:47.0555 0x0ab8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 23:47:47.0555 0x0ab8 kbdhid - ok 23:47:47.0602 0x0ab8 [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] KeyIso C:\Windows\system32\lsass.exe 23:47:47.0617 0x0ab8 KeyIso - ok 23:47:47.0695 0x0ab8 [ 0878723427BA190E5ABA5AA0112FA4D4, E332C83D3F4DF71761AA3DAC2C721FC2029F71ECC88A66E175BA56510855C4D4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 23:47:47.0695 0x0ab8 KSecDD - ok 23:47:47.0758 0x0ab8 [ C08CCCE2BE68D04E6C142614736959DA, AEC0AFC5C28DDC14DD6918BB6E236FA1C85CC30D69DA9AE40F9962D88248040F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 23:47:47.0773 0x0ab8 KSecPkg - ok 23:47:47.0836 0x0ab8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 23:47:47.0836 0x0ab8 ksthunk - ok 23:47:47.0914 0x0ab8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 23:47:47.0945 0x0ab8 KtmRm - ok 23:47:48.0148 0x0ab8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll 23:47:48.0179 0x0ab8 LanmanServer - ok 23:47:48.0257 0x0ab8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 23:47:48.0288 0x0ab8 LanmanWorkstation - ok 23:47:48.0350 0x0ab8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 23:47:48.0350 0x0ab8 lltdio - ok 23:47:48.0444 0x0ab8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 23:47:48.0475 0x0ab8 lltdsvc - ok 23:47:48.0506 0x0ab8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 23:47:48.0522 0x0ab8 lmhosts - ok 23:47:48.0569 0x0ab8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 23:47:48.0584 0x0ab8 LSI_FC - ok 23:47:48.0662 0x0ab8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 23:47:48.0678 0x0ab8 LSI_SAS - ok 23:47:48.0740 0x0ab8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 23:47:48.0740 0x0ab8 LSI_SAS2 - ok 23:47:48.0772 0x0ab8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 23:47:48.0787 0x0ab8 LSI_SCSI - ok 23:47:48.0834 0x0ab8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 23:47:48.0850 0x0ab8 luafv - ok 23:47:48.0943 0x0ab8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 23:47:48.0943 0x0ab8 Mcx2Svc - ok 23:47:49.0068 0x0ab8 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe 23:47:49.0099 0x0ab8 MDM - ok 23:47:49.0208 0x0ab8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 23:47:49.0208 0x0ab8 megasas - ok 23:47:49.0286 0x0ab8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 23:47:49.0302 0x0ab8 MegaSR - ok 23:47:49.0411 0x0ab8 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 23:47:49.0411 0x0ab8 Microsoft Office Groove Audit Service - ok 23:47:49.0489 0x0ab8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 23:47:49.0489 0x0ab8 MMCSS - ok 23:47:49.0520 0x0ab8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 23:47:49.0520 0x0ab8 Modem - ok 23:47:49.0614 0x0ab8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 23:47:49.0614 0x0ab8 monitor - ok 23:47:49.0676 0x0ab8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 23:47:49.0676 0x0ab8 mouclass - ok 23:47:49.0754 0x0ab8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 23:47:49.0754 0x0ab8 mouhid - ok 23:47:49.0832 0x0ab8 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 23:47:49.0832 0x0ab8 mountmgr - ok 23:47:49.0957 0x0ab8 [ 0DE2474F316C515482ABAD3B697F8714, 62862AE7432F5350068E96AD466093359C6CF444EB517AE6D09134FAF78C49F5 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 23:47:49.0957 0x0ab8 MozillaMaintenance - ok 23:47:50.0129 0x0ab8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 23:47:50.0144 0x0ab8 mpio - ok 23:47:50.0254 0x0ab8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 23:47:50.0254 0x0ab8 mpsdrv - ok 23:47:50.0378 0x0ab8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 23:47:50.0456 0x0ab8 MpsSvc - ok 23:47:50.0550 0x0ab8 [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 23:47:50.0566 0x0ab8 MRxDAV - ok 23:47:50.0659 0x0ab8 [ 035C0A9A63DF3F3A52B90D8F6BF0F166, F409C8A31156E31A6D16D2B34EEE3098CE0D76A4DB7B49810EDDA2E2E19B2E26 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 23:47:50.0675 0x0ab8 mrxsmb - ok 23:47:50.0737 0x0ab8 [ 8308FC2E9147D7632221E3279BB14660, 3051FF91493FD03B7EDD4EDB23B2DE8DD7E03D46E231BC5925502BE98E78B1CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:47:50.0768 0x0ab8 mrxsmb10 - ok 23:47:50.0815 0x0ab8 [ 1F8DA4ECAEA7E2BCD97E738795817431, FBEF64C7067F5AFF864EF7E220C8A47AC43EB0BFD9A4E4C908F9D9D159AC5139 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:47:50.0956 0x0ab8 mrxsmb20 - ok 23:47:51.0002 0x0ab8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 23:47:51.0002 0x0ab8 msahci - ok 23:47:51.0080 0x0ab8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 23:47:51.0096 0x0ab8 msdsm - ok 23:47:51.0174 0x0ab8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 23:47:51.0190 0x0ab8 MSDTC - ok 23:47:51.0268 0x0ab8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 23:47:51.0268 0x0ab8 Msfs - ok 23:47:51.0314 0x0ab8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 23:47:51.0314 0x0ab8 mshidkmdf - ok 23:47:51.0392 0x0ab8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 23:47:51.0408 0x0ab8 msisadrv - ok 23:47:51.0470 0x0ab8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 23:47:51.0486 0x0ab8 MSiSCSI - ok 23:47:51.0533 0x0ab8 msiserver - ok 23:47:51.0626 0x0ab8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 23:47:51.0626 0x0ab8 MSKSSRV - ok 23:47:51.0673 0x0ab8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 23:47:51.0689 0x0ab8 MSPCLOCK - ok 23:47:51.0704 0x0ab8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 23:47:51.0704 0x0ab8 MSPQM - ok 23:47:51.0845 0x0ab8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 23:47:51.0892 0x0ab8 MsRPC - ok 23:47:51.0938 0x0ab8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 23:47:51.0938 0x0ab8 mssmbios - ok 23:47:51.0985 0x0ab8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 23:47:52.0001 0x0ab8 MSTEE - ok 23:47:52.0032 0x0ab8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 23:47:52.0032 0x0ab8 MTConfig - ok 23:47:52.0079 0x0ab8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 23:47:52.0094 0x0ab8 Mup - ok 23:47:52.0172 0x0ab8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 23:47:52.0219 0x0ab8 napagent - ok 23:47:52.0360 0x0ab8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 23:47:52.0391 0x0ab8 NativeWifiP - ok 23:47:52.0547 0x0ab8 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys 23:47:52.0656 0x0ab8 NDIS - ok 23:47:52.0734 0x0ab8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 23:47:52.0734 0x0ab8 NdisCap - ok 23:47:52.0796 0x0ab8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 23:47:52.0812 0x0ab8 NdisTapi - ok 23:47:52.0874 0x0ab8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 23:47:52.0874 0x0ab8 Ndisuio - ok 23:47:52.0937 0x0ab8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 23:47:52.0952 0x0ab8 NdisWan - ok 23:47:53.0015 0x0ab8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 23:47:53.0030 0x0ab8 NDProxy - ok 23:47:53.0062 0x0ab8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 23:47:53.0077 0x0ab8 NetBIOS - ok 23:47:53.0202 0x0ab8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 23:47:53.0249 0x0ab8 NetBT - ok 23:47:53.0327 0x0ab8 [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] Netlogon C:\Windows\system32\lsass.exe 23:47:53.0342 0x0ab8 Netlogon - ok 23:47:53.0405 0x0ab8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 23:47:53.0452 0x0ab8 Netman - ok 23:47:53.0764 0x0ab8 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:47:53.0795 0x0ab8 NetMsmqActivator - ok 23:47:53.0857 0x0ab8 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:47:53.0873 0x0ab8 NetPipeActivator - ok 23:47:54.0029 0x0ab8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 23:47:54.0076 0x0ab8 netprofm - ok 23:47:54.0154 0x0ab8 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:47:54.0169 0x0ab8 NetTcpActivator - ok 23:47:54.0200 0x0ab8 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:47:54.0216 0x0ab8 NetTcpPortSharing - ok 23:47:55.0090 0x0ab8 [ 4D85A450EDEF10C38882182753A49AAE, FB6C2D91B2CF834315498BB31F931E2A49066A3158A588FD705F59628DF2F8FC ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys 23:47:55.0651 0x0ab8 NETw5s64 - ok 23:47:56.0260 0x0ab8 [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys 23:47:56.0696 0x0ab8 netw5v64 - ok 23:47:56.0837 0x0ab8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 23:47:56.0852 0x0ab8 nfrd960 - ok 23:47:56.0930 0x0ab8 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll 23:47:56.0962 0x0ab8 NlaSvc - ok 23:47:57.0008 0x0ab8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 23:47:57.0008 0x0ab8 Npfs - ok 23:47:57.0071 0x0ab8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 23:47:57.0086 0x0ab8 nsi - ok 23:47:57.0133 0x0ab8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 23:47:57.0133 0x0ab8 nsiproxy - ok 23:47:57.0352 0x0ab8 [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 23:47:57.0539 0x0ab8 Ntfs - ok 23:47:57.0617 0x0ab8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 23:47:57.0632 0x0ab8 Null - ok 23:47:57.0679 0x0ab8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 23:47:57.0710 0x0ab8 nvraid - ok 23:47:57.0757 0x0ab8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 23:47:57.0773 0x0ab8 nvstor - ok 23:47:57.0835 0x0ab8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 23:47:57.0851 0x0ab8 nv_agp - ok 23:47:57.0976 0x0ab8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 23:47:58.0007 0x0ab8 odserv - ok 23:47:58.0054 0x0ab8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 23:47:58.0069 0x0ab8 ohci1394 - ok 23:47:58.0147 0x0ab8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:47:58.0163 0x0ab8 ose - ok 23:47:58.0256 0x0ab8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 23:47:58.0288 0x0ab8 p2pimsvc - ok 23:47:58.0412 0x0ab8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 23:47:58.0444 0x0ab8 p2psvc - ok 23:47:58.0506 0x0ab8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys 23:47:58.0506 0x0ab8 Parport - ok 23:47:58.0568 0x0ab8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 23:47:58.0584 0x0ab8 partmgr - ok 23:47:58.0662 0x0ab8 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll 23:47:58.0678 0x0ab8 PcaSvc - ok 23:47:58.0756 0x0ab8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 23:47:58.0787 0x0ab8 pci - ok 23:47:58.0849 0x0ab8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 23:47:58.0865 0x0ab8 pciide - ok 23:47:58.0927 0x0ab8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 23:47:58.0943 0x0ab8 pcmcia - ok 23:47:58.0974 0x0ab8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 23:47:58.0974 0x0ab8 pcw - ok 23:47:59.0146 0x0ab8 [ C1C3BAF078BE5A14384A4BA2D730817D, 6E4D2F73A1CB250B3EE270CCE806A37EB2140E34EAF9F48C45CC12D2A451AA16 ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe 23:47:59.0177 0x0ab8 PDFProFiltSrvPP - ok 23:47:59.0317 0x0ab8 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 23:47:59.0380 0x0ab8 PEAUTH - ok 23:47:59.0551 0x0ab8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 23:47:59.0567 0x0ab8 PerfHost - ok 23:47:59.0832 0x0ab8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 23:47:59.0988 0x0ab8 pla - ok 23:48:00.0097 0x0ab8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 23:48:00.0144 0x0ab8 PlugPlay - ok 23:48:00.0175 0x0ab8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 23:48:00.0191 0x0ab8 PNRPAutoReg - ok 23:48:00.0269 0x0ab8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 23:48:00.0331 0x0ab8 PNRPsvc - ok 23:48:00.0518 0x0ab8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 23:48:00.0612 0x0ab8 PolicyAgent - ok 23:48:00.0737 0x0ab8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 23:48:00.0768 0x0ab8 Power - ok 23:48:00.0846 0x0ab8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 23:48:00.0877 0x0ab8 PptpMiniport - ok 23:48:00.0924 0x0ab8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys 23:48:00.0940 0x0ab8 Processor - ok 23:48:01.0018 0x0ab8 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll 23:48:01.0033 0x0ab8 ProfSvc - ok 23:48:01.0064 0x0ab8 [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] ProtectedStorage C:\Windows\system32\lsass.exe 23:48:01.0080 0x0ab8 ProtectedStorage - ok 23:48:01.0174 0x0ab8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 23:48:01.0189 0x0ab8 Psched - ok 23:48:01.0408 0x0ab8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 23:48:01.0564 0x0ab8 ql2300 - ok 23:48:01.0657 0x0ab8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 23:48:01.0657 0x0ab8 ql40xx - ok 23:48:01.0735 0x0ab8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 23:48:01.0766 0x0ab8 QWAVE - ok 23:48:01.0798 0x0ab8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 23:48:01.0798 0x0ab8 QWAVEdrv - ok 23:48:01.0844 0x0ab8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 23:48:01.0860 0x0ab8 RasAcd - ok 23:48:01.0907 0x0ab8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 23:48:01.0907 0x0ab8 RasAgileVpn - ok 23:48:01.0954 0x0ab8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 23:48:01.0985 0x0ab8 RasAuto - ok 23:48:02.0047 0x0ab8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 23:48:02.0063 0x0ab8 Rasl2tp - ok 23:48:02.0125 0x0ab8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 23:48:02.0156 0x0ab8 RasMan - ok 23:48:02.0203 0x0ab8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 23:48:02.0203 0x0ab8 RasPppoe - ok 23:48:02.0250 0x0ab8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 23:48:02.0266 0x0ab8 RasSstp - ok 23:48:02.0328 0x0ab8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 23:48:02.0359 0x0ab8 rdbss - ok 23:48:02.0406 0x0ab8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 23:48:02.0406 0x0ab8 rdpbus - ok 23:48:02.0437 0x0ab8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 23:48:02.0437 0x0ab8 RDPCDD - ok 23:48:02.0484 0x0ab8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 23:48:02.0484 0x0ab8 RDPENCDD - ok 23:48:02.0562 0x0ab8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 23:48:02.0578 0x0ab8 RDPREFMP - ok 23:48:02.0640 0x0ab8 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 23:48:02.0656 0x0ab8 RDPWD - ok 23:48:02.0718 0x0ab8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 23:48:02.0734 0x0ab8 rdyboost - ok 23:48:02.0796 0x0ab8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 23:48:02.0812 0x0ab8 RemoteAccess - ok 23:48:02.0874 0x0ab8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 23:48:02.0905 0x0ab8 RemoteRegistry - ok 23:48:02.0968 0x0ab8 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 23:48:02.0983 0x0ab8 RFCOMM - ok 23:48:03.0030 0x0ab8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 23:48:03.0046 0x0ab8 RpcEptMapper - ok 23:48:03.0124 0x0ab8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 23:48:03.0139 0x0ab8 RpcLocator - ok 23:48:03.0217 0x0ab8 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs C:\Windows\system32\rpcss.dll 23:48:03.0280 0x0ab8 RpcSs - ok 23:48:03.0342 0x0ab8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 23:48:03.0358 0x0ab8 rspndr - ok 23:48:03.0404 0x0ab8 [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] SamSs C:\Windows\system32\lsass.exe 23:48:03.0436 0x0ab8 SamSs - ok 23:48:03.0482 0x0ab8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 23:48:03.0498 0x0ab8 sbp2port - ok 23:48:03.0560 0x0ab8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 23:48:03.0623 0x0ab8 SCardSvr - ok 23:48:03.0685 0x0ab8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 23:48:03.0685 0x0ab8 scfilter - ok 23:48:03.0857 0x0ab8 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll 23:48:03.0966 0x0ab8 Schedule - ok 23:48:04.0028 0x0ab8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 23:48:04.0044 0x0ab8 SCPolicySvc - ok 23:48:04.0138 0x0ab8 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\drivers\sdbus.sys 23:48:04.0153 0x0ab8 sdbus - ok 23:48:04.0231 0x0ab8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 23:48:04.0247 0x0ab8 SDRSVC - ok 23:48:04.0309 0x0ab8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 23:48:04.0309 0x0ab8 secdrv - ok 23:48:04.0387 0x0ab8 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon C:\Windows\system32\seclogon.dll 23:48:04.0403 0x0ab8 seclogon - ok 23:48:04.0465 0x0ab8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll 23:48:04.0481 0x0ab8 SENS - ok 23:48:04.0496 0x0ab8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 23:48:04.0512 0x0ab8 SensrSvc - ok 23:48:04.0543 0x0ab8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 23:48:04.0559 0x0ab8 Serenum - ok 23:48:04.0606 0x0ab8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys 23:48:04.0606 0x0ab8 Serial - ok 23:48:04.0699 0x0ab8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 23:48:04.0699 0x0ab8 sermouse - ok 23:48:04.0824 0x0ab8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 23:48:04.0840 0x0ab8 SessionEnv - ok 23:48:04.0886 0x0ab8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 23:48:04.0886 0x0ab8 sffdisk - ok 23:48:04.0933 0x0ab8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 23:48:04.0933 0x0ab8 sffp_mmc - ok 23:48:04.0980 0x0ab8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 23:48:04.0980 0x0ab8 sffp_sd - ok 23:48:05.0027 0x0ab8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 23:48:05.0042 0x0ab8 sfloppy - ok 23:48:05.0214 0x0ab8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 23:48:05.0245 0x0ab8 SharedAccess - ok 23:48:05.0323 0x0ab8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 23:48:05.0432 0x0ab8 ShellHWDetection - ok 23:48:05.0557 0x0ab8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 23:48:05.0573 0x0ab8 SiSRaid2 - ok 23:48:05.0682 0x0ab8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 23:48:05.0698 0x0ab8 SiSRaid4 - ok 23:48:05.0760 0x0ab8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 23:48:05.0760 0x0ab8 Smb - ok 23:48:05.0838 0x0ab8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 23:48:05.0838 0x0ab8 SNMPTRAP - ok 23:48:05.0869 0x0ab8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 23:48:05.0885 0x0ab8 spldr - ok 23:48:05.0963 0x0ab8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 23:48:06.0025 0x0ab8 Spooler - ok 23:48:06.0524 0x0ab8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 23:48:06.0821 0x0ab8 sppsvc - ok 23:48:06.0914 0x0ab8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 23:48:06.0930 0x0ab8 sppuinotify - ok 23:48:07.0024 0x0ab8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 23:48:07.0055 0x0ab8 srv - ok 23:48:07.0211 0x0ab8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 23:48:07.0258 0x0ab8 srv2 - ok 23:48:07.0336 0x0ab8 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS 23:48:07.0398 0x0ab8 SrvHsfHDA - ok 23:48:07.0632 0x0ab8 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS 23:48:07.0772 0x0ab8 SrvHsfV92 - ok 23:48:07.0960 0x0ab8 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 23:48:08.0038 0x0ab8 SrvHsfWinac - ok 23:48:08.0084 0x0ab8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 23:48:08.0100 0x0ab8 srvnet - ok 23:48:08.0209 0x0ab8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 23:48:08.0240 0x0ab8 SSDPSRV - ok 23:48:08.0303 0x0ab8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 23:48:08.0318 0x0ab8 SstpSvc - ok 23:48:08.0365 0x0ab8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 23:48:08.0365 0x0ab8 stexstor - ok 23:48:08.0537 0x0ab8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 23:48:08.0599 0x0ab8 stisvc - ok 23:48:08.0693 0x0ab8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys 23:48:08.0693 0x0ab8 swenum - ok 23:48:08.0802 0x0ab8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 23:48:08.0849 0x0ab8 swprv - ok 23:48:09.0130 0x0ab8 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll 23:48:09.0332 0x0ab8 SysMain - ok 23:48:09.0504 0x0ab8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 23:48:09.0520 0x0ab8 TabletInputService - ok 23:48:09.0691 0x0ab8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 23:48:09.0754 0x0ab8 TapiSrv - ok 23:48:10.0112 0x0ab8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 23:48:10.0300 0x0ab8 Tcpip - ok 23:48:10.0424 0x13d0 Object required for P2P: [ 6A9A920C6A0BC688D819B389E3573940 ] a2AntiMalware 23:48:10.0736 0x0ab8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 23:48:10.0970 0x0ab8 TCPIP6 - ok 23:48:11.0080 0x0ab8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 23:48:11.0080 0x0ab8 tcpipreg - ok 23:48:11.0158 0x0ab8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 23:48:11.0173 0x0ab8 TDPIPE - ok 23:48:11.0220 0x0ab8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 23:48:11.0220 0x0ab8 TDTCP - ok 23:48:11.0314 0x0ab8 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 23:48:11.0329 0x0ab8 tdx - ok 23:48:11.0407 0x0ab8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys 23:48:11.0423 0x0ab8 TermDD - ok 23:48:11.0719 0x0ab8 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll 23:48:11.0782 0x0ab8 TermService - ok 23:48:11.0860 0x0ab8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 23:48:11.0875 0x0ab8 Themes - ok 23:48:11.0922 0x0ab8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 23:48:11.0938 0x0ab8 THREADORDER - ok 23:48:12.0000 0x0ab8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 23:48:12.0031 0x0ab8 TrkWks - ok 23:48:12.0094 0x0ab8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 23:48:12.0109 0x0ab8 TrustedInstaller - ok 23:48:12.0172 0x0ab8 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 23:48:12.0187 0x0ab8 tssecsrv - ok 23:48:12.0250 0x0ab8 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 23:48:12.0265 0x0ab8 TsUsbFlt - ok 23:48:12.0421 0x0ab8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 23:48:12.0421 0x0ab8 tunnel - ok 23:48:12.0468 0x0ab8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 23:48:12.0484 0x0ab8 uagp35 - ok 23:48:12.0562 0x0ab8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 23:48:12.0593 0x0ab8 udfs - ok 23:48:12.0718 0x0ab8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 23:48:12.0733 0x0ab8 UI0Detect - ok 23:48:12.0780 0x0ab8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 23:48:12.0780 0x0ab8 uliagpkx - ok 23:48:12.0842 0x0ab8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 23:48:12.0842 0x0ab8 umbus - ok 23:48:12.0889 0x0ab8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 23:48:12.0889 0x0ab8 UmPass - ok 23:48:12.0967 0x0ab8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 23:48:12.0998 0x0ab8 upnphost - ok 23:48:13.0045 0x0ab8 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 23:48:13.0061 0x0ab8 usbccgp - ok 23:48:13.0108 0x0ab8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 23:48:13.0123 0x0ab8 usbcir - ok 23:48:13.0154 0x0ab8 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 23:48:13.0170 0x0ab8 usbehci - ok 23:48:13.0248 0x0ab8 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 23:48:13.0279 0x0ab8 usbhub - ok 23:48:13.0342 0x0ab8 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 23:48:13.0342 0x0ab8 usbohci - ok 23:48:13.0513 0x0ab8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 23:48:13.0513 0x0ab8 usbprint - ok 23:48:13.0607 0x0ab8 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 23:48:13.0622 0x0ab8 usbscan - ok 23:48:13.0716 0x0ab8 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:48:13.0732 0x0ab8 USBSTOR - ok 23:48:13.0794 0x0ab8 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 23:48:13.0794 0x0ab8 usbuhci - ok 23:48:13.0872 0x0ab8 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 23:48:13.0903 0x0ab8 usbvideo - ok 23:48:13.0934 0x0ab8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 23:48:13.0950 0x0ab8 UxSms - ok 23:48:14.0012 0x0ab8 [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] VaultSvc C:\Windows\system32\lsass.exe 23:48:14.0028 0x0ab8 VaultSvc - ok 23:48:14.0075 0x0ab8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 23:48:14.0075 0x0ab8 vdrvroot - ok 23:48:14.0184 0x0ab8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 23:48:14.0246 0x0ab8 vds - ok 23:48:14.0309 0x0ab8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 23:48:14.0309 0x0ab8 vga - ok 23:48:14.0356 0x0ab8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 23:48:14.0356 0x0ab8 VgaSave - ok 23:48:14.0480 0x0ab8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 23:48:14.0512 0x0ab8 vhdmp - ok 23:48:14.0558 0x0ab8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 23:48:14.0574 0x0ab8 viaide - ok 23:48:14.0636 0x0ab8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 23:48:14.0668 0x0ab8 volmgr - ok 23:48:14.0808 0x0ab8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 23:48:14.0839 0x0ab8 volmgrx - ok 23:48:14.0902 0x0ab8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 23:48:14.0933 0x0ab8 volsnap - ok 23:48:15.0058 0x0ab8 [ 9CAE0EB0A9A42D2339DA2CF72EEC8DE0, D55468B7186641BE043366ABF7DAF601847806F82988D1768387337D094D74F7 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe 23:48:15.0104 0x0ab8 vpnagent - ok 23:48:15.0182 0x0ab8 [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva C:\Windows\system32\DRIVERS\vpnva64-6.sys 23:48:15.0182 0x0ab8 vpnva - ok 23:48:15.0307 0x0ab8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 23:48:15.0338 0x0ab8 vsmraid - ok 23:48:15.0588 0x0ab8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 23:48:15.0744 0x0ab8 VSS - ok 23:48:15.0838 0x0ab8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 23:48:15.0838 0x0ab8 vwifibus - ok 23:48:15.0962 0x0ab8 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 23:48:15.0978 0x0ab8 vwififlt - ok 23:48:16.0040 0x0ab8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 23:48:16.0087 0x0ab8 W32Time - ok 23:48:16.0165 0x0ab8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 23:48:16.0181 0x0ab8 WacomPen - ok 23:48:16.0243 0x0ab8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 23:48:16.0259 0x0ab8 WANARP - ok 23:48:16.0290 0x0ab8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 23:48:16.0306 0x0ab8 Wanarpv6 - ok 23:48:16.0508 0x0ab8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 23:48:16.0711 0x0ab8 WatAdminSvc - ok 23:48:16.0992 0x0ab8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 23:48:17.0117 0x0ab8 wbengine - ok 23:48:17.0226 0x0ab8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 23:48:17.0257 0x0ab8 WbioSrvc - ok 23:48:17.0366 0x0ab8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 23:48:17.0444 0x0ab8 wcncsvc - ok 23:48:17.0569 0x0ab8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 23:48:17.0585 0x0ab8 WcsPlugInService - ok 23:48:17.0616 0x0ab8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys 23:48:17.0616 0x0ab8 Wd - ok 23:48:17.0756 0x0ab8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 23:48:17.0819 0x0ab8 Wdf01000 - ok 23:48:17.0912 0x0ab8 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll 23:48:17.0944 0x0ab8 WdiServiceHost - ok 23:48:18.0006 0x0ab8 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll 23:48:18.0037 0x0ab8 WdiSystemHost - ok 23:48:18.0162 0x0ab8 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll 23:48:18.0193 0x0ab8 WebClient - ok 23:48:18.0302 0x0ab8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 23:48:18.0380 0x0ab8 Wecsvc - ok 23:48:18.0505 0x0ab8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 23:48:18.0521 0x0ab8 wercplsupport - ok 23:48:18.0568 0x0ab8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 23:48:18.0583 0x0ab8 WerSvc - ok 23:48:18.0646 0x0ab8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 23:48:18.0646 0x0ab8 WfpLwf - ok 23:48:18.0677 0x0ab8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 23:48:18.0692 0x0ab8 WIMMount - ok 23:48:18.0755 0x0ab8 WinDefend - ok 23:48:18.0802 0x0ab8 WinHttpAutoProxySvc - ok 23:48:18.0911 0x0ab8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 23:48:18.0942 0x0ab8 Winmgmt - ok 23:48:19.0238 0x0ab8 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll 23:48:19.0394 0x0ab8 WinRM - ok 23:48:19.0691 0x0ab8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 23:48:19.0784 0x0ab8 Wlansvc - ok 23:48:20.0112 0x0ab8 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 23:48:20.0315 0x0ab8 wlidsvc - ok 23:48:20.0455 0x0ab8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 23:48:20.0455 0x0ab8 WmiAcpi - ok 23:48:20.0518 0x0ab8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 23:48:20.0549 0x0ab8 wmiApSrv - ok 23:48:20.0627 0x0ab8 WMPNetworkSvc - ok 23:48:20.0674 0x0ab8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 23:48:20.0689 0x0ab8 WPCSvc - ok 23:48:20.0767 0x0ab8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 23:48:20.0783 0x0ab8 WPDBusEnum - ok 23:48:20.0845 0x0ab8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 23:48:20.0845 0x0ab8 ws2ifsl - ok 23:48:20.0892 0x0ab8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll 23:48:20.0908 0x0ab8 wscsvc - ok 23:48:20.0954 0x0ab8 WSearch - ok 23:48:21.0500 0x0ab8 [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv C:\Windows\system32\wuaueng.dll 23:48:21.0766 0x0ab8 wuauserv - ok 23:48:21.0844 0x0ab8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 23:48:21.0859 0x0ab8 WudfPf - ok 23:48:21.0922 0x0ab8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 23:48:21.0953 0x0ab8 WUDFRd - ok 23:48:21.0984 0x0ab8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 23:48:22.0000 0x0ab8 wudfsvc - ok 23:48:22.0062 0x0ab8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 23:48:22.0109 0x0ab8 WwanSvc - ok 23:48:22.0202 0x0ab8 [ 9EB8FD651D6EEF8DF25B1147269B2B3D, 9783473692FF95E4FBB7A43F96E6EBB5D93D2ACA5603484929625158BCB5DA3E ] zntport C:\Windows\system32\drivers\zntport.sys 23:48:22.0202 0x0ab8 zntport - ok 23:48:22.0280 0x0ab8 ================ Scan global =============================== 23:48:22.0343 0x0ab8 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll 23:48:22.0405 0x0ab8 [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll 23:48:22.0483 0x0ab8 [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll 23:48:22.0561 0x0ab8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 23:48:22.0639 0x0ab8 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe 23:48:22.0702 0x0ab8 [ Global ] - ok 23:48:22.0702 0x0ab8 ================ Scan MBR ================================== 23:48:22.0717 0x0ab8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 23:48:23.0123 0x0ab8 \Device\Harddisk0\DR0 - ok 23:48:23.0123 0x0ab8 ================ Scan VBR ================================== 23:48:23.0138 0x0ab8 [ 498D46FDC16A6596D6C766023FDEF40E ] \Device\Harddisk0\DR0\Partition1 23:48:23.0201 0x0ab8 \Device\Harddisk0\DR0\Partition1 - ok 23:48:23.0341 0x0ab8 [ A3DDB40EEF6628B71EC6BAF3FE57A325 ] \Device\Harddisk0\DR0\Partition2 23:48:23.0357 0x0ab8 \Device\Harddisk0\DR0\Partition2 - ok 23:48:23.0357 0x0ab8 ================ Scan generic autorun ====================== 23:48:23.0435 0x0ab8 [ 87A4570E9D15A2821015B7FB6B821654, BDF5266905DC3F9ED0DBE41798D9907FC9E8D030DD5C28975BBF9BFD8BD9DA71 ] C:\Windows\system32\igfxtray.exe 23:48:23.0450 0x0ab8 IgfxTray - ok 23:48:23.0513 0x0ab8 [ 99F8C1060BFB20D2039716BBF741D6C2, 8C578E288D88697E88AB9BEAE79D33AF23AD6176D830D5916BD2DD42EC6FADC5 ] C:\Windows\system32\igfxpers.exe 23:48:23.0575 0x0ab8 Persistence - ok 23:48:24.0886 0x0ab8 [ 9C112F246DB378202DA0C5031C2F0625, EE2127CD65FEE86DC968EC7C278EA7702045D96ED7E01D85C8006F0000825025 ] c:\program files\emsisoft anti-malware\a2guard.exe 23:48:25.0073 0x13d0 Object send P2P result: true 23:48:25.0088 0x13d0 Object required for P2P: [ 6A050671F2C76FB48131F12786802807 ] AdobeFlashPlayerUpdateSvc 23:48:25.0822 0x0ab8 emsisoft anti-malware - ok 23:48:25.0993 0x0ab8 [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe 23:48:26.0009 0x0ab8 GrooveMonitor - ok 23:48:26.0071 0x0ab8 [ 07C4EBD3107799774FA3103956CD1C40, BB798DE0F18D2A28B18467D958B68C23DBA0A802512C36E708D9EBD9352492F6 ] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe 23:48:26.0087 0x0ab8 IndexSearch - ok 23:48:26.0165 0x0ab8 [ E5F1D2C7D51C816437BBE2306828BC4B, BBBEB3294EF02F3E4C73A3A2FAE83C261A095602D86E1FF272C6FDFCE0C05E1B ] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe 23:48:26.0243 0x0ab8 PaperPort PTD - ok 23:48:26.0430 0x0ab8 [ 0D1D2FBAE112BDDB9F77B7BC7A956D3A, BD833CF275B4EC4EC12E868EB2EE049A6F9F0792A326BEAEB1433586257C098F ] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe 23:48:26.0461 0x0ab8 PPort12reminder - ok 23:48:26.0648 0x0ab8 [ 9F0ACAA725CF5A391AF7E2067AE45746, CA7F3C2C9D4DCB135ECBFFEB3448D272552B5DB720E0A526B4AC07B1F5E8BC9E ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe 23:48:26.0711 0x0ab8 PDFHook - ok 23:48:26.0758 0x0ab8 [ 154420A93E4F676AA33A055A116255D9, DF76577C22EBB439DF2B72D1B6B7A465F067CCEC886FC7A7FB337865DA1DB914 ] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe 23:48:26.0758 0x0ab8 PDF5 Registry Controller - ok 23:48:27.0101 0x0ab8 [ 63E9C23A386FFFA84B5E03BFF9B628F0, A370962791EFC4B10548AAD31F89A2B288FBD5BDBF5749323C2D98C14DFB8B49 ] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe 23:48:27.0475 0x0ab8 BrStsMon00 - ok 23:48:27.0584 0x0ab8 [ 4F9DD96AECDC12373D4203253D665C6D, 871FF2367ACD5F9A378FED53574BF28A8129224C4B7C4AF074809ED7CF870904 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 23:48:27.0647 0x0ab8 SunJavaUpdateSched - ok 23:48:27.0787 0x0ab8 [ 2EC8F42EC98D72F3B5D37F3D2632E3E3, E9FB8732B0A8E71D1E39E736C47943C879149F25822D6564D2162E2C70C8B013 ] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe 23:48:27.0896 0x0ab8 Cisco AnyConnect Secure Mobility Agent for Windows - ok 23:48:27.0974 0x0ab8 [ 57EC74A47981099D5F55B595F73442D3, 2AACEA8A01770685113C3CF0BF3833E14DDEEC2D4FFE82473824EC44C945396F ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe 23:48:27.0990 0x0ab8 Avira SystrayStartTrigger - ok 23:48:28.0177 0x0ab8 [ F316A9C0C8BBA9D2A98BE70EE0D8CA96, 20C83B6D1706DED7B645008CD29346A5FD14A4F67FCF17FED28E7A17F021E15B ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe 23:48:28.0255 0x0ab8 avgnt - ok 23:48:28.0583 0x0ab8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 23:48:29.0020 0x13d0 Object send P2P result: true 23:48:29.0020 0x13d0 Object required for P2P: [ 157DA3885AA4F03C80C10DAEB0949CAA ] AntiVirMailService 23:48:29.0144 0x0ab8 Sidebar - ok 23:48:29.0222 0x0ab8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 23:48:29.0238 0x0ab8 mctadmin - ok 23:48:29.0472 0x0ab8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 23:48:29.0566 0x0ab8 Sidebar - ok 23:48:29.0597 0x0ab8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 23:48:29.0612 0x0ab8 mctadmin - ok 23:48:29.0722 0x0ab8 [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe 23:48:29.0753 0x0ab8 ISUSPM - ok 23:48:30.0876 0x0ab8 [ E93D62A6DB736AA82A3EEDDFDFE73311, 96EC57F66EE1A36580536518A814299DE6D5DACC0026F5A659B41918434ED8FA ] C:\Program Files\CCleaner\CCleaner64.exe 23:48:31.0687 0x0ab8 CCleaner Monitoring - ok 23:48:31.0750 0x0ab8 Waiting for KSN requests completion. In queue: 311 23:48:32.0764 0x0ab8 Waiting for KSN requests completion. In queue: 311 23:48:33.0341 0x13d0 Object send P2P result: true 23:48:33.0356 0x13d0 Object required for P2P: [ C9BED3BDC39FBCAA77A88308355B237E ] avipbb 23:48:33.0778 0x0ab8 Waiting for KSN requests completion. In queue: 296 23:48:34.0480 0x1448 Object required for P2P: [ 9C112F246DB378202DA0C5031C2F0625 ] c:\program files\emsisoft anti-malware\a2guard.exe 23:48:34.0792 0x0ab8 Waiting for KSN requests completion. In queue: 296 23:48:35.0806 0x0ab8 Waiting for KSN requests completion. In queue: 296 23:48:36.0040 0x13d0 Object send P2P result: true 23:48:36.0040 0x13d0 Object required for P2P: [ 04B922C5BE92C42DD0C2B9D085D7C0CA ] Avira.ServiceHost 23:48:36.0820 0x0ab8 Waiting for KSN requests completion. In queue: 295 23:48:37.0256 0x1448 Object send P2P result: true 23:48:37.0256 0x1448 Object required for P2P: [ E93D62A6DB736AA82A3EEDDFDFE73311 ] C:\Program Files\CCleaner\CCleaner64.exe 23:48:37.0834 0x0ab8 Waiting for KSN requests completion. In queue: 278 23:48:38.0660 0x13d0 Object send P2P result: true 23:48:38.0660 0x13d0 Object required for P2P: [ 138A53D17B040F5A3A307D44A89D0905 ] avnetflt 23:48:38.0848 0x0ab8 Waiting for KSN requests completion. In queue: 276 23:48:39.0862 0x0ab8 Waiting for KSN requests completion. In queue: 276 23:48:40.0002 0x1448 Object send P2P result: true 23:48:40.0876 0x0ab8 Waiting for KSN requests completion. In queue: 275 23:48:41.0312 0x13d0 Object send P2P result: true 23:48:42.0342 0x0ab8 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.17.264 ), 0x41000 ( enabled : updated ) 23:48:42.0342 0x0ab8 AV detected via SS2: Emsisoft Anti-Malware, C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2start.exe ( 11.7.0.6394 ), 0x41000 ( enabled : updated ) 23:48:42.0482 0x0ab8 Win FW state via NFP2: enabled ( trusted ) 23:48:45.0041 0x0ab8 ============================================================ 23:48:45.0041 0x0ab8 Scan finished 23:48:45.0041 0x0ab8 ============================================================ 23:48:45.0072 0x0724 Detected object count: 0 23:48:45.0072 0x0724 Actual detected object count: 0 23:48:48.0301 0x10f0 Deinitialize success |
26.05.2016, 09:12 | #5 |
/// TB-Ausbilder | Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden Servus, Mehrere Anti-Virus-Programme Code:
ATTFilter Emsisoft Avira Ich würde Avira deinstallieren. Scan mit Combofix
|
26.05.2016, 12:34 | #6 |
| Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden Hier das Ergebnis der ComboFix Untersuchung: Code:
ATTFilter ComboFix 16-05-18.01 - user 26.05.2016 12:39:39.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4057.1853 [GMT 2:00] ausgeführt von:: c:\users\user\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\user\AppData\Local\Adobe\downloader.dll c:\users\user\AppData\Local\Adobe\gccheck.exe c:\users\user\AppData\Local\Adobe\gtbcheck.exe . . ((((((((((((((((((((((( Dateien erstellt von 2016-04-26 bis 2016-05-26 )))))))))))))))))))))))))))))) . . 2016-05-26 11:04 . 2016-05-26 11:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-05-26 10:26 . 2016-05-26 10:26 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EB13FC2-B82C-4826-8A57-832A82DB03B6}\offreg.3060.dll 2016-05-26 09:46 . 2016-05-26 09:46 -------- d-----w- c:\program files (x86)\VS Revo Group 2016-05-25 05:50 . 2015-06-30 02:50 52392 ----a-w- c:\windows\system32\drivers\iSafeNetFilter.sys 2016-05-24 14:53 . 2016-05-24 14:53 -------- d-----w- c:\program files (x86)\ESET 2016-05-24 14:42 . 2016-05-24 14:42 -------- d-----w- c:\programdata\Emsisoft 2016-05-24 13:52 . 2016-05-26 10:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2016-05-23 18:56 . 2016-05-23 21:02 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2016-05-23 18:53 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys 2016-05-23 18:53 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2016-05-23 18:53 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys 2016-05-23 18:52 . 2016-05-23 18:53 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware 2016-05-20 21:13 . 2016-05-25 21:42 -------- d-----w- C:\FRST 2016-05-20 21:04 . 2016-05-20 21:04 -------- d-----w- c:\users\user\AppData\Roaming\Elex-tech 2016-05-20 12:11 . 2016-05-26 08:34 -------- d-----w- C:\AdwCleaner 2016-05-16 13:38 . 2016-05-26 10:00 -------- d-----w- c:\program files (x86)\Avira 2016-05-16 13:38 . 2016-05-26 10:00 -------- d-----w- c:\programdata\Avira 2016-05-16 08:26 . 2016-05-16 08:26 -------- d-----w- c:\programdata\Guntony 2016-05-16 08:25 . 2016-05-20 12:17 -------- d-----w- c:\windows\system32\log 2016-05-16 08:24 . 2016-05-16 08:24 -------- d-----w- c:\users\user\AppData\Local\Guntony 2016-05-16 08:24 . 2016-05-16 08:24 -------- d-----w- c:\program files (x86)\Elex-tech 2016-05-16 08:23 . 2016-05-26 10:04 -------- d-----w- c:\program files (x86)\Guntony 2016-05-13 07:28 . 2016-04-20 01:13 11695896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EB13FC2-B82C-4826-8A57-832A82DB03B6}\mpengine.dll 2016-05-13 05:37 . 2016-05-13 05:43 -------- d-----w- c:\users\user\AppData\Roaming\Swiss Academic Software 2016-05-13 05:36 . 2016-05-03 09:42 713256 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.dll 2016-05-13 05:36 . 2016-05-03 09:42 103920 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\x64\IEPickerBroker.exe 2016-05-13 05:36 . 2015-08-13 13:08 126976 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\x64\Interop.SHDocVw.dll 2016-05-13 05:36 . 2012-07-26 18:08 8022976 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\x64\Microsoft.mshtml.dll 2016-05-13 05:36 . 2016-05-03 09:42 713256 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.dll 2016-05-13 05:36 . 2012-07-26 18:08 8022976 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\Microsoft.mshtml.dll 2016-05-13 05:36 . 2016-05-03 09:42 103920 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\IEPickerBroker.exe 2016-05-13 05:36 . 2015-08-13 13:08 126976 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\Interop.SHDocVw.dll 2016-05-13 05:36 . 2016-05-13 05:36 -------- d-----w- c:\program files (x86)\Citavi 5 2016-05-11 17:04 . 2016-04-09 05:49 3217408 ----a-w- c:\windows\system32\win32k.sys 2016-05-11 17:04 . 2016-04-09 06:58 2048 ----a-w- c:\windows\system32\tzres.dll 2016-05-11 17:04 . 2016-04-09 06:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2016-05-11 17:03 . 2016-04-09 07:01 986344 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2016-05-11 17:03 . 2016-04-09 07:01 264936 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2016-05-11 17:03 . 2016-04-09 06:57 144384 ----a-w- c:\windows\system32\cdd.dll 2016-05-11 16:58 . 2016-04-09 07:01 5546216 ----a-w- c:\windows\system32\ntoskrnl.exe 2016-05-11 16:57 . 2016-04-09 03:52 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll 2016-05-11 16:57 . 2016-04-09 04:20 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2016-05-02 18:24 . 2016-05-13 05:37 -------- d-----w- c:\programdata\Swiss Academic Software . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2016-05-12 19:54 . 2015-03-15 12:28 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2016-05-12 19:54 . 2015-03-15 12:28 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2016-05-11 21:19 . 2013-10-30 10:16 139319312 ----a-w- c:\windows\system32\MRT.exe 2016-04-21 13:05 . 2013-10-30 09:21 453288 ------w- c:\windows\system32\MpSigStub.exe 2016-04-09 06:54 . 2016-05-11 16:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2016-04-04 18:14 . 2016-04-18 21:43 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe 2016-04-04 18:02 . 2016-04-18 21:43 1169408 ----a-w- c:\windows\system32\aeinv.dll 2016-04-02 13:08 . 2016-04-18 21:43 1386496 ----a-w- c:\windows\system32\appraiser.dll 2016-03-23 14:02 . 2016-04-18 21:43 215040 ----a-w- c:\windows\system32\aepic.dll 2016-03-17 22:56 . 2016-04-19 18:40 2084864 ----a-w- c:\windows\system32\ole32.dll 2016-03-17 22:28 . 2016-04-19 18:40 1414144 ----a-w- c:\windows\SysWow64\ole32.dll 2016-03-17 18:04 . 2016-04-18 21:43 698368 ----a-w- c:\windows\system32\generaltel.dll 2016-03-17 18:04 . 2016-04-18 21:43 499200 ----a-w- c:\windows\system32\devinv.dll 2016-03-17 18:04 . 2016-04-18 21:43 279040 ----a-w- c:\windows\system32\invagent.dll 2016-03-17 18:04 . 2016-04-18 21:43 76800 ----a-w- c:\windows\system32\acmigration.dll 2016-03-16 18:50 . 2016-04-18 21:46 156672 ----a-w- c:\windows\system32\mtxoci.dll 2016-03-16 18:28 . 2016-04-18 21:46 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll 2016-03-16 18:28 . 2016-04-18 21:46 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll 2016-03-16 00:16 . 2016-04-18 21:43 760320 ----a-w- c:\windows\system32\samsrv.dll 2016-03-16 00:16 . 2016-04-18 21:43 106496 ----a-w- c:\windows\system32\samlib.dll 2016-03-15 23:53 . 2016-04-18 21:43 60416 ----a-w- c:\windows\SysWow64\samlib.dll 2016-03-06 18:53 . 2016-04-18 21:44 2048 ----a-w- c:\windows\system32\msxml3r.dll 2016-03-06 18:53 . 2016-04-18 21:44 1885696 ----a-w- c:\windows\system32\msxml3.dll 2016-03-06 18:38 . 2016-04-18 21:44 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2016-03-06 18:38 . 2016-04-18 21:44 1240576 ----a-w- c:\windows\SysWow64\msxml3.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-02-12 8641240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368] "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984] "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192] "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896] "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2015-12-23 1027472] "Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-05-04 67840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Guntony_protect;Protect Service(Guntony_protect);c:\programdata\Guntony\protect\protect.exe;c:\programdata\Guntony\protect\protect.exe [x] R2 Guntony_update;Update Service(Guntony_update);c:\program files (x86)\Guntony\Guntony\bin\Guntony_server.exe;c:\program files (x86)\Guntony\Guntony\bin\Guntony_server.exe [x] R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x] R3 eapihdrv;eapihdrv;c:\users\user\AppData\Local\Temp\ehdrv.sys;c:\users\user\AppData\Local\Temp\ehdrv.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 iSafeKrnlBoot;YAC Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 epp;epp;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys [x] S1 iSafeKrnl;YAC Mini-Filter Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys [x] S1 iSafeKrnlKit;YAC Kit Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [x] S1 iSafeKrnlMon;YAC Monitor Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [x] S1 iSafeKrnlR3;YAC Ring3 Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [x] S1 iSafeNetFilter;YAC NDIS Driver;c:\windows\system32\DRIVERS\iSafeNetFilter.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeNetFilter.sys [x] S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 iSafeService;YAC Service;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe [x] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x] S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x] S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2016-05-13 04:53 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2016-05-03 14:41 287416 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll . Inhalt des "geplante Tasks" Ordners . 2016-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-15 19:54] . 2016-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06 16:39] . 2016-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06 16:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Page_URL = www.google.com uDefault_Search_URL = www.google.com mDefault_Page_URL = www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = www.google.com mDefault_Search_URL = www.google.com IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\ FF - prefs.js: browser.startup.homepage - hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe AddRemove-WinZip - c:\program files (x86)\WinZipper\wzUninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.21" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2016-05-26 13:16:09 ComboFix-quarantined-files.txt 2016-05-26 11:16 . Vor Suchlauf: 19 Verzeichnis(se), 163.946.160.128 Bytes frei Nach Suchlauf: 23 Verzeichnis(se), 164.238.041.088 Bytes frei . - - End Of File - - 7F733BD72F531BA27C5B777B9EBD3B2E A36C5E4F47E84449FF07ED3517B43A31 |
26.05.2016, 20:52 | #7 |
/// TB-Ausbilder | Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden Servus, Schritt 1 Combofix-Skript
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
27.05.2016, 08:22 | #8 |
| Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden Guten Morgen Matthias, Die Logdatei von ComboFix ist zu groß. Ich wollte diese als Zip-Datei anhängen. Leider wurde der Zugriff verweigert, die Logdatei in eine Zip-Datei umzuwandeln. Hättest du eine Idee, was der Grund sein kann, dass es nicht geklappt hat, und wie ich dir die ComboFix Datei posten kann? Hier die Logdateien von AdwCleaner, MBAM und FRST: Code:
ATTFilter # AdwCleaner v5.117 - Bericht erstellt am 27/05/2016 um 00:10:03 # Aktualisiert am 15/05/2016 von Xplode # Datenbank : 2016-05-26.2 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64) # Benutzername : user - USER-PC # Gestartet von : C:\Users\user\Desktop\AdwCleaner_5.117.exe # Option : Suchlauf # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel gefunden : HKCU\Software\OCS Schlüssel gefunden : HKLM\SOFTWARE\Elex-tech Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe Schlüssel gefunden : HKU\.DEFAULT\Software\Elex-tech Schlüssel gefunden : HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\OCS Schlüssel gefunden : HKU\S-1-5-18\Software\Elex-tech Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\eshopcomp.com Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.eshopcomp.com Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com ***** [ Internetbrowser ] ***** [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.alias", ""); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine"); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://www.nicesearches.com/favicon.ico?t=1"); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.name", "nice "); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.ptid", "wpm07153"); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.ref", ""); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.ts", "1463387536"); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.type", ""); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.uid", "fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x"); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.search.searchengine.url", "hxxp://www.nicesearches.com/search.php?type=ds&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c[...] [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("extensions.quick_start.enable_search1", false); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.startup.homepage", "hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q"); [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\prefs.js] gefunden : user_pref("browser.newtab.url", "hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q"); [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] gefunden : hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] gefunden : hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [9941 Bytes] - [20/05/2016 14:16:23] C:\AdwCleaner\AdwCleaner[C2].txt - [5707 Bytes] - [20/05/2016 14:42:45] C:\AdwCleaner\AdwCleaner[C3].txt - [5685 Bytes] - [20/05/2016 23:00:22] C:\AdwCleaner\AdwCleaner[S1].txt - [9683 Bytes] - [20/05/2016 14:11:55] C:\AdwCleaner\AdwCleaner[S2].txt - [5330 Bytes] - [20/05/2016 14:37:10] C:\AdwCleaner\AdwCleaner[S3].txt - [5374 Bytes] - [20/05/2016 22:57:53] C:\AdwCleaner\AdwCleaner[S4].txt - [6228 Bytes] - [25/05/2016 19:13:46] C:\AdwCleaner\AdwCleaner[S5].txt - [6514 Bytes] - [26/05/2016 10:34:51] C:\AdwCleaner\AdwCleaner[S6].txt - [6593 Bytes] - [26/05/2016 15:47:26] C:\AdwCleaner\AdwCleaner[S7].txt - [6108 Bytes] - [27/05/2016 00:10:03] ########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [6181 Bytes] ########## Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 27.05.2016 Suchlaufzeit: 00:23 Protokolldatei: mbat.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.05.26.07 Rootkit-Datenbank: v2016.05.20.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: user Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 313493 Abgelaufene Zeit: 35 Min., 32 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 6 PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5ED97A44-9BAC-4B08-AA04-1069146C9288}, Löschen bei Neustart, [c6b91ac0f7a2e650ca8f57854cb73ac6], PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A8F6F5A3-4864-4473-AB42-C1B7C19A62E7}, Löschen bei Neustart, [aed1dbff643577bf4c0dcf0d32d114ec], PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D88946E8-79B6-4C3D-885C-B78CC3CF1B02}, Löschen bei Neustart, [304ffedcb2e776c06fec924abf44e11f], PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GuntonyBrowserUpdateCore, Löschen bei Neustart, [f08f12c85c3dff374b11a735d1324eb2], PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GuntonyBrowserUpdateUA, Löschen bei Neustart, [dea1c6148c0d2b0b8dd04d8f5da614ec], PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GuntonyCheckTask, Löschen bei Neustart, [38478654f4a51125fb63a13b5ea5ae52], Registrierungswerte: 4 PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5ED97A44-9BAC-4B08-AA04-1069146C9288}|Path, \GuntonyBrowserUpdateCore, Löschen bei Neustart, [c6b91ac0f7a2e650ca8f57854cb73ac6] PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A8F6F5A3-4864-4473-AB42-C1B7C19A62E7}|Path, \GuntonyBrowserUpdateUA, Löschen bei Neustart, [aed1dbff643577bf4c0dcf0d32d114ec] PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D88946E8-79B6-4C3D-885C-B78CC3CF1B02}|Path, \GuntonyCheckTask, Löschen bei Neustart, [304ffedcb2e776c06fec924abf44e11f] PUP.Optional.xRocketToolbar, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|arthurj8283@gmail.com, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com, In Quarantäne, [2956904aecadad892ce09b1bd32f04fc] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 4 PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\chrome, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\chrome\content, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\chrome\skin, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], Dateien: 7 PUP.Optional.Ghokswa.Gen, C:\Windows\System32\Tasks\GuntonyBrowserUpdateCore, In Quarantäne, [1c6314c618812610e1729b4120e3c43c], PUP.Optional.Ghokswa.Gen, C:\Windows\System32\Tasks\GuntonyBrowserUpdateUA, In Quarantäne, [46391ac03f5a2b0b0f45a23a06fdfd03], PUP.Optional.Ghokswa.Gen, C:\Windows\System32\Tasks\GuntonyCheckTask, In Quarantäne, [e19e706a128777bf4213a03c4db63fc1], PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\chrome.manifest, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\install.rdf, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\chrome\content\toolbar.xul, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], PUP.Optional.xRocketToolbar, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\extensions\arthurj8283@gmail.com\chrome\skin\icon.png, In Quarantäne, [f48b69710396bb7bcd48386f46bc46ba], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-05-2016 01 durchgeführt von user (2016-05-27 08:35:10) Gestartet von C:\Users\user\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2013-10-30 09:00:08) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1718339690-3013972182-446857107-500 - Administrator - Disabled) Gast (S-1-5-21-1718339690-3013972182-446857107-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1718339690-3013972182-446857107-1002 - Limited - Enabled) user (S-1-5-21-1718339690-3013972182-446857107-1000 - Administrator - Enabled) => C:\Users\user ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Absolute Uninstaller 5.3.1.21 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.21 - Glarysoft Ltd) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) Avira Launcher (HKLM-x32\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden Brother MFL-Pro Suite DCP-7055W (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.2.01035 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 4.2.01035 - Cisco Systems, Inc.) Hidden Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Deutsche Grammatik (HKLM-x32\...\Deutsche Grammatik_is1) (Version: - Magnamedia) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Glary Utilities 5.51 (HKLM-x32\...\Glary Utilities 5) (Version: 5.51.0.71 - Glarysoft Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp) Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.18.07 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MediaLab Research Software v2012 (HKLM-x32\...\{67350CFB-529E-4173-91DC-0AE79DEE1ACC}) (Version: 20.12.4.131 - Empirisoft Corporation) Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nuance PaperPort 12 (HKLM-x32\...\{DA715959-CFF1-48A2-B3BB-98B9E569C6AC}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.) Scansoft PDF Professional (x32 Version: - ) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) WinZip (HKLM-x32\...\WinZip) (Version: 2.0.39 - Winzipper Pvt Ltd.) <==== ACHTUNG ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {02913145-BEBF-4240-AC37-A7F08F3F748E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated) Task: {07FB5B5B-8A2D-4A9E-AD85-EB5FD6AF1789} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.) Task: {2A348BC6-66EA-43AD-8F71-0470B11747E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.) Task: {7E1A5E0C-D3B1-45BF-BB0C-28E1632744FC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd) Task: {97157EED-5525-4662-9121-314373D31ED1} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-05-16] (Glarysoft Ltd) Task: {BD77D142-0DB2-42E3-B606-03C3771D3D92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {E02B5983-D93F-49E9-9E57-034AE913F0FD} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-05-16] (Glarysoft Ltd) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-02-12 23:13 - 2016-02-12 23:13 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-12-23 15:33 - 2015-12-23 15:33 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2014-07-17 21:44 - 2009-02-27 14:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2016-05-16 04:36 - 2016-05-16 04:36 - 00086992 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2016-05-26 23:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{7F0883AE-4217-472B-A0B7-A84CCF3D9383}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{13CEAE4F-40BC-4D7C-9082-D40ECF266D03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3366C49C-020F-42E9-AF6C-01213720ECA0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{27C60F1F-7E7F-4B3C-B713-06D3263CB87D}] => (Allow) C:\ProgramData\Guntony\protect\protect.exe FirewallRules: [{EC1D2487-8B36-4655-97A5-1FD40416AA30}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\chrome.exe FirewallRules: [{952C26F6-922A-405D-8899-D5E858F4EE28}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe ==================== Wiederherstellungspunkte ========================= 23-05-2016 14:17:37 Geplanter Prüfpunkt 26-05-2016 11:48:56 Revo Uninstaller's restore point - Avira Antivirus 26-05-2016 15:20:18 Windows Update 26-05-2016 15:59:14 Windows Update 26-05-2016 21:57:20 Revo Uninstaller's restore point - Revo Uninstaller 1.95 ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (05/26/2016 07:59:44 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (05/25/2016 08:16:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x7189000a ID des fehlerhaften Prozesses: 0x%9 Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Error: (05/25/2016 07:07:07 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (05/25/2016 06:54:06 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (05/25/2016 06:54:02 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (05/25/2016 06:02:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x717a000a ID des fehlerhaften Prozesses: 0x12d8 Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Error: (05/25/2016 05:37:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x717a000a ID des fehlerhaften Prozesses: 0xc14 Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Error: (05/25/2016 04:45:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x717c000a ID des fehlerhaften Prozesses: 0xcfc Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Error: (05/25/2016 03:44:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18315, Zeitstempel: 0x571ae616 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.18315, Zeitstempel: 0x571af57d Ausnahmecode: 0xc0000005 Fehleroffset: 0x003225d6 ID des fehlerhaften Prozesses: 0x10bc Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (05/25/2016 02:29:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x7185000a ID des fehlerhaften Prozesses: 0x%9 Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Systemfehler: ============= Error: (05/27/2016 08:24:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: epp Error: (05/27/2016 01:31:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: epp Error: (05/27/2016 01:30:54 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT) Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402. Error: (05/27/2016 12:16:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: epp Error: (05/27/2016 12:16:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/27/2016 12:15:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Live ID Sign-in Assistant erreicht. Error: (05/27/2016 12:13:39 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (05/27/2016 12:13:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/27/2016 12:13:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/27/2016 12:13:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. CodeIntegrity: =================================== Date: 2016-05-26 23:02:54.483 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2016-05-26 23:02:53.765 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2016-05-26 23:02:53.063 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2016-05-26 23:02:52.346 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2016-05-26 13:02:33.031 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2016-05-26 13:02:32.360 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz Prozentuale Nutzung des RAM: 59% Installierter physikalischer RAM: 4056.56 MB Verfügbarer physikalischer RAM: 1650.7 MB Summe virtueller Speicher: 8111.3 MB Verfügbarer virtueller Speicher: 5654.76 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:297.99 GB) (Free:157.84 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D6776FFD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01 durchgeführt von user (Administrator) auf USER-PC (27-05-2016 08:33:51) Gestartet von C:\Users\user\Desktop Geladene Profile: user (Verfügbare Profile: user) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_242_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1027472 2015-12-23] (Cisco Systems, Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd) HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-05-16] (Glarysoft Ltd) BootExecute: autocheck autochk * ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{36398523-7615-4AF2-A2A6-A18130B35576}: [DhcpNameServer] 192.168.3.2 Tcpip\..\Interfaces\{9D540E77-56BB-4FAB-9711-18067F181277}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1718339690-3013972182-446857107-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] () FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-05-13] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q&q={searchTerms} CHR DefaultSearchKeyword: Default -> nice CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-06] CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-06] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-06] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-06] CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-06] CHR Extension: (Google Tabellen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-06] CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-06] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06] CHR Extension: (Citavi Picker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-05-02] CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-06] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert] R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Datei ist nicht signiert] R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-05-26] (Glarysoft Ltd) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-04-20] (Cisco Systems, Inc.) R2 zntport; C:\Windows\system32\drivers\zntport.sys [13880 2007-12-22] (Zeal SoftStudio) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 eapihdrv; \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys [X] S1 epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-27 08:33 - 2016-05-27 08:34 - 00015365 _____ C:\Users\user\Desktop\FRST.txt 2016-05-27 01:39 - 2016-05-27 01:39 - 00005280 _____ C:\Users\user\Desktop\mbat.txt 2016-05-27 01:39 - 2016-05-27 01:39 - 00000632 _____ C:\Users\user\Desktop\protokoll.txt 2016-05-27 00:04 - 2016-05-27 00:04 - 00248372 _____ C:\ComboFix.txt 2016-05-26 22:24 - 2016-05-26 22:24 - 05659526 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe 2016-05-26 22:13 - 2016-05-27 01:34 - 00001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2016-05-26 22:13 - 2016-05-27 01:33 - 00001074 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk 2016-05-26 22:13 - 2016-05-26 22:13 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys 2016-05-26 22:13 - 2016-05-26 22:13 - 00003310 _____ C:\Windows\System32\Tasks\GlaryInitialize 5 2016-05-26 22:13 - 2016-05-26 22:13 - 00002968 _____ C:\Windows\System32\Tasks\GU5SkipUAC 2016-05-26 22:13 - 2016-05-26 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5 2016-05-26 22:12 - 2016-05-27 08:25 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5 2016-05-26 22:11 - 2016-05-27 01:34 - 00001258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk 2016-05-26 22:11 - 2016-05-27 01:33 - 00001252 _____ C:\Users\Public\Desktop\Absolute Uninstaller.lnk 2016-05-26 22:11 - 2016-05-26 22:12 - 00001562 _____ C:\GUDownLoaddebug.txt 2016-05-26 22:11 - 2016-05-26 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft 2016-05-26 22:11 - 2016-05-26 22:11 - 00000000 ____D C:\Program Files (x86)\Glarysoft 2016-05-26 22:09 - 2016-05-26 22:10 - 04999096 _____ C:\Users\user\Desktop\ausetup_5.3.1.21.exe 2016-05-26 19:33 - 2016-05-26 19:33 - 00000229 _____ C:\Users\user\Desktop\Schüssler-Salze Nr. 15. Kalium jodatum.url 2016-05-26 17:55 - 2016-05-26 17:55 - 00000230 _____ C:\Users\user\Desktop\Master Rechtspsychologie am Institut für Psychologie, Universität Bonn.url 2016-05-26 12:33 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2016-05-26 12:33 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2016-05-26 12:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2016-05-26 12:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2016-05-26 12:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2016-05-26 12:33 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2016-05-26 12:33 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2016-05-26 12:33 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2016-05-26 12:20 - 2016-05-27 00:04 - 00000000 ____D C:\Qoobox 2016-05-26 12:09 - 2016-05-26 23:36 - 00000000 ____D C:\Windows\erdnt 2016-05-26 11:46 - 2016-05-26 22:02 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2016-05-26 10:33 - 2016-05-26 10:33 - 03651136 _____ C:\Users\user\Desktop\AdwCleaner_5.117.exe 2016-05-26 09:05 - 2016-05-26 09:08 - 00206986 _____ C:\TDSSKiller.3.1.0.9_26.05.2016_09.05.21_log.txt 2016-05-25 23:52 - 2016-05-26 00:40 - 00611252 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_23.52.37_log.txt 2016-05-25 23:46 - 2016-05-25 23:48 - 00206206 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_23.46.34_log.txt 2016-05-24 16:53 - 2016-05-24 16:53 - 00000000 ____D C:\Program Files (x86)\ESET 2016-05-24 16:42 - 2016-05-24 16:42 - 00000000 ____D C:\ProgramData\Emsisoft 2016-05-24 15:52 - 2016-05-26 15:30 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware 2016-05-23 23:30 - 2016-05-27 08:33 - 00000000 ____D C:\Users\user\Desktop\forum 2016-05-23 20:56 - 2016-05-27 01:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-23 20:53 - 2016-05-27 01:32 - 00001102 _____ C:\Users\user\Desktop\ Malwarebytes Anti-Malware .lnk 2016-05-23 20:53 - 2016-05-23 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-05-23 20:53 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-05-23 20:53 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-05-23 20:53 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-05-23 20:52 - 2016-05-23 20:53 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-05-20 23:29 - 2016-05-20 23:29 - 00000239 _____ C:\Users\user\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten.url 2016-05-20 23:13 - 2016-05-27 08:33 - 00000000 ____D C:\FRST 2016-05-20 23:12 - 2016-05-25 23:36 - 02383360 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2016-05-20 22:17 - 2016-05-20 22:17 - 00000124 _____ C:\Users\user\Desktop\Singles und Partnersuche bei NEU.DE.url 2016-05-20 14:11 - 2016-05-27 00:13 - 00000000 ____D C:\AdwCleaner 2016-05-17 16:12 - 2016-05-17 16:12 - 00000201 _____ C:\Users\user\Desktop\Startseite.url 2016-05-16 15:39 - 2016-05-27 01:33 - 00001178 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2016-05-16 15:39 - 2016-05-26 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\ProgramData\Avira 2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\Program Files (x86)\Avira 2016-05-16 10:25 - 2016-05-20 14:17 - 00000000 ____D C:\Windows\system32\log 2016-05-16 10:23 - 2016-05-27 01:33 - 00002102 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-16 10:23 - 2016-05-16 10:23 - 00000000 ____D C:\Users\Public\Documents\Guntony 2016-05-15 22:41 - 2016-05-15 23:09 - 00000000 ____D C:\Users\user\Desktop\15.05.16 2016-05-15 20:17 - 2016-05-23 15:10 - 00000000 ____D C:\Users\user\Desktop\Theorie_MA 2016-05-14 17:41 - 2016-05-14 17:43 - 00000000 ____D C:\Users\user\Desktop\SPSS_16 2016-05-13 07:37 - 2016-05-15 18:36 - 00000000 ____D C:\Users\user\Documents\Citavi 5 2016-05-13 07:37 - 2016-05-13 07:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Swiss Academic Software 2016-05-13 07:36 - 2016-05-27 01:33 - 00001955 _____ C:\Users\Public\Desktop\Citavi 5.lnk 2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5 2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\Program Files (x86)\Citavi 5 2016-05-11 19:07 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-05-11 19:07 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-05-11 19:07 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-05-11 19:07 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-05-11 19:07 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-05-11 19:07 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-05-11 19:07 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-05-11 19:07 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-05-11 19:07 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-05-11 19:07 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-05-11 19:07 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-05-11 19:07 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-05-11 19:07 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-05-11 19:07 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-05-11 19:07 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-05-11 19:07 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-05-11 19:07 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-05-11 19:07 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-05-11 19:07 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-05-11 19:07 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-05-11 19:07 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-05-11 19:07 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-05-11 19:07 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-05-11 19:07 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-05-11 19:07 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-05-11 19:07 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-05-11 19:07 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-05-11 19:07 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-05-11 19:07 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-05-11 19:07 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-05-11 19:07 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-05-11 19:07 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-05-11 19:07 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-05-11 19:07 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-05-11 19:07 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-05-11 19:07 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-05-11 19:07 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-05-11 19:06 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-05-11 19:06 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-05-11 19:06 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-05-11 19:06 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-05-11 19:06 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-05-11 19:06 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-05-11 19:06 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-05-11 19:06 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-05-11 19:06 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-05-11 19:06 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-05-11 19:06 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-05-11 19:06 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-05-11 19:06 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-05-11 19:06 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-05-11 19:06 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-05-11 19:06 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-05-11 19:06 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-05-11 19:06 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-05-11 19:06 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-05-11 19:06 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-05-11 19:06 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-05-11 19:06 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-05-11 19:06 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-05-11 19:06 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-05-11 19:06 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-05-11 19:06 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-05-11 19:06 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-05-11 19:06 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-05-11 19:06 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-05-11 19:04 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-05-11 19:04 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-05-11 19:04 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-05-11 19:03 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-05-11 19:03 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-05-11 19:03 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-05-11 19:02 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-05-11 19:02 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-05-11 19:02 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-05-11 19:02 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-05-11 19:02 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-05-11 19:02 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-05-11 19:02 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-05-11 18:58 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-05-11 18:58 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-05-11 18:58 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-05-11 18:58 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-05-11 18:58 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-05-11 18:58 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-05-11 18:58 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-05-11 18:58 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-05-11 18:58 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-05-11 18:58 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-05-11 18:58 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-05-11 18:58 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-05-11 18:58 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-05-11 18:58 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-05-11 18:58 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-05-11 18:58 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-05-11 18:58 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-05-11 18:58 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-05-11 18:58 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-05-11 18:58 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-05-11 18:58 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-05-11 18:58 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-05-11 18:58 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-05-11 18:58 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-05-11 18:57 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-05-11 18:57 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-05-04 21:59 - 2016-05-17 19:30 - 00000000 ____D C:\Users\user\Desktop\MA schreiben 2016-05-03 17:40 - 2016-05-26 11:08 - 00000000 ____D C:\Users\user\Desktop\Fachschaft 2016-05-02 20:24 - 2016-05-13 07:37 - 00000000 ____D C:\ProgramData\Swiss Academic Software 2016-05-01 18:44 - 2016-05-17 13:50 - 00000000 ____D C:\Users\user\Desktop\Notizen ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-27 08:32 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-27 08:32 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-27 08:24 - 2016-04-06 18:39 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-27 08:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-27 01:34 - 2016-04-06 18:40 - 00002042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-27 01:34 - 2016-04-06 17:30 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-27 01:34 - 2014-06-25 21:46 - 00001446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2016-05-27 01:34 - 2014-01-25 21:05 - 00001596 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaLab.exe.lnk 2016-05-27 01:34 - 2013-10-31 18:05 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-05-27 01:34 - 2013-10-30 10:44 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-05-27 01:34 - 2013-10-30 10:44 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2016-05-27 01:34 - 2009-07-14 06:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-05-27 01:34 - 2009-07-14 06:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2016-05-27 01:34 - 2009-07-14 06:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2016-05-27 01:34 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2016-05-27 01:34 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2016-05-27 01:33 - 2014-07-17 21:40 - 00001866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk 2016-05-27 01:33 - 2014-04-19 12:47 - 00002633 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Neues Microsoft Office-Dokument.lnk 2016-05-27 01:33 - 2014-04-19 12:47 - 00002633 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Microsoft Office-Dokument öffnen.lnk 2016-05-27 01:33 - 2013-10-31 18:14 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk 2016-05-27 01:33 - 2009-07-14 07:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2016-05-27 01:33 - 2009-07-14 06:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2016-05-27 01:32 - 2015-03-25 12:17 - 00001446 _____ C:\Users\user\Desktop\Windows Live Mail.lnk 2016-05-27 01:32 - 2014-04-19 20:36 - 00000355 _____ C:\Users\user\Desktop\Computer -.lnk 2016-05-27 01:32 - 2014-04-19 12:47 - 00002679 _____ C:\Users\user\Desktop\Microsoft Office Word 2007.lnk 2016-05-27 01:32 - 2013-12-21 19:36 - 00002216 _____ C:\Users\user\Desktop\IBM SPSS Statistics 21.lnk 2016-05-27 00:54 - 2015-03-15 14:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-27 00:52 - 2016-04-06 18:39 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-26 23:56 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2016-05-26 23:37 - 2009-07-14 04:34 - 94896128 _____ C:\Windows\system32\config\software.bak 2016-05-26 23:37 - 2009-07-14 04:34 - 17301504 _____ C:\Windows\system32\config\system.bak 2016-05-26 23:37 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\default.bak 2016-05-26 23:37 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak 2016-05-26 23:37 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak 2016-05-26 23:36 - 2009-07-14 04:34 - 60030976 _____ C:\Windows\system32\config\components.bak 2016-05-26 22:13 - 2015-04-24 11:54 - 00000000 ____D C:\Users\user\AppData\Roaming\GlarySoft 2016-05-26 20:55 - 2009-07-27 11:10 - 00699342 _____ C:\Windows\system32\perfh007.dat 2016-05-26 20:55 - 2009-07-27 11:10 - 00149450 _____ C:\Windows\system32\perfc007.dat 2016-05-26 20:55 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-26 20:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-05-26 15:59 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-05-26 15:59 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\system32\GWX 2016-05-26 13:02 - 2014-04-10 10:57 - 00000000 ____D C:\Users\user\AppData\Local\Adobe 2016-05-25 07:57 - 2014-07-17 21:44 - 00000000 ____D C:\Program Files (x86)\ControlCenter4 2016-05-23 23:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2016-05-20 14:01 - 2015-03-27 09:03 - 00000000 ____D C:\Users\user\Desktop\fotos 2016-05-20 11:47 - 2015-03-19 15:25 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner 2016-05-20 07:01 - 2015-03-18 11:48 - 00000000 ____D C:\Users\user\Desktop\Eigene Dateien 2016-05-16 15:37 - 2016-01-14 00:17 - 00000000 ____D C:\ProgramData\Package Cache 2016-05-16 09:50 - 2016-04-24 21:35 - 00000000 ____D C:\Users\user\Desktop\cad 2016-05-15 20:09 - 2016-04-24 14:36 - 00000000 ____D C:\Users\user\Desktop\SRP 2016-05-14 16:27 - 2015-07-13 18:01 - 00000000 ____D C:\Users\user\Desktop\Prüfung 2016-05-13 20:54 - 2015-05-24 19:54 - 00000000 ____D C:\Users\user\Desktop\Uni_2015 2016-05-13 07:32 - 2014-01-25 21:04 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations 2016-05-13 07:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2016-05-12 21:55 - 2015-03-15 14:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-05-12 21:54 - 2015-03-15 14:28 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-12 21:54 - 2015-03-15 14:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-12 17:16 - 2015-03-15 20:06 - 00000000 ____D C:\Windows\system32\appraiser 2016-05-12 08:08 - 2009-07-14 06:45 - 00414280 _____ C:\Windows\system32\FNTCACHE.DAT 2016-05-12 08:04 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-11 23:56 - 2013-10-30 12:16 - 00000000 ____D C:\Windows\system32\MRT 2016-05-11 23:19 - 2013-10-30 12:16 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-05-11 18:10 - 2015-10-14 11:11 - 00000000 ____D C:\Users\user\Desktop\masterarbeit 2016-05-11 07:47 - 2016-04-06 18:39 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-11 07:46 - 2016-04-06 18:39 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-10 22:22 - 2016-04-06 17:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-05-08 14:10 - 2016-01-15 22:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Millisecond Software 2016-05-04 23:24 - 2014-07-06 12:11 - 00000000 ____D C:\Users\user\Desktop\Uni ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-05-18 08:54 ==================== Ende von FRST.txt ============================ |
27.05.2016, 08:50 | #9 |
| Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden ComboFix_Teil1: Code:
ATTFilter ComboFix 16-05-18.01 - user 26.05.2016 22:42:05.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4057.2589 [GMT 2:00] ausgeführt von:: c:\users\user\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\user\Desktop\CFScript.txt.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys" "c:\windows\system32\drivers\iSafeNetFilter.sys" . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Elex-tech c:\program files (x86)\Elex-tech\YAC\bugreport.exe c:\program files (x86)\Elex-tech\YAC\cfg\ccc.dat c:\program files (x86)\Elex-tech\YAC\cfg\customscan.dat c:\program files (x86)\Elex-tech\YAC\cfg\dbucg.dat c:\program files (x86)\Elex-tech\YAC\cfg\hyperscan.dat c:\program files (x86)\Elex-tech\YAC\cfg\isafe.dat c:\program files (x86)\Elex-tech\YAC\cfg\quickscan.dat c:\program files (x86)\Elex-tech\YAC\cfg\scanfilter.dat c:\program files (x86)\Elex-tech\YAC\cfg\ucg.dat c:\program files (x86)\Elex-tech\YAC\cfg\updatedb.dat c:\program files (x86)\Elex-tech\YAC\curlpp.dll c:\program files (x86)\Elex-tech\YAC\data\adb.dat c:\program files (x86)\Elex-tech\YAC\data\bas.dat c:\program files (x86)\Elex-tech\YAC\data\bts.dat c:\program files (x86)\Elex-tech\YAC\data\bwd.dat c:\program files (x86)\Elex-tech\YAC\data\cls.dat c:\program files (x86)\Elex-tech\YAC\data\clx.dat c:\program files (x86)\Elex-tech\YAC\data\eas.dat c:\program files (x86)\Elex-tech\YAC\data\ess.dat c:\program files (x86)\Elex-tech\YAC\data\fst.dat c:\program files (x86)\Elex-tech\YAC\data\gcs.dat c:\program files (x86)\Elex-tech\YAC\data\gcx.dat c:\program files (x86)\Elex-tech\YAC\data\hs.dat c:\program files (x86)\Elex-tech\YAC\data\mic.dat c:\program files (x86)\Elex-tech\YAC\data\nlu.dat c:\program files (x86)\Elex-tech\YAC\data\plx.dat c:\program files (x86)\Elex-tech\YAC\data\rms.dat c:\program files (x86)\Elex-tech\YAC\data\sta.dat c:\program files (x86)\Elex-tech\YAC\data\stu.dat c:\program files (x86)\Elex-tech\YAC\data\tbc.dat c:\program files (x86)\Elex-tech\YAC\data\uis.dat c:\program files (x86)\Elex-tech\YAC\data\was.dat c:\program files (x86)\Elex-tech\YAC\data\ysm.dat c:\program files (x86)\Elex-tech\YAC\engine\cache\index.dat c:\program files (x86)\Elex-tech\YAC\engine\defs\bs.dat c:\program files (x86)\Elex-tech\YAC\engine\defs\sr.dat c:\program files (x86)\Elex-tech\YAC\engine\defs\vn.dat c:\program files (x86)\Elex-tech\YAC\engine\defs\ws.dat c:\program files (x86)\Elex-tech\YAC\engine\trustzone\index.dat c:\program files (x86)\Elex-tech\YAC\feedback.exe c:\program files (x86)\Elex-tech\YAC\font\segoeui.ttf c:\program files (x86)\Elex-tech\YAC\font\segoeuib.ttf c:\program files (x86)\Elex-tech\YAC\iCommon.dll c:\program files (x86)\Elex-tech\YAC\iCommu.dll c:\program files (x86)\Elex-tech\YAC\iddmgr.dll c:\program files (x86)\Elex-tech\YAC\iDesk.exe c:\program files (x86)\Elex-tech\YAC\iDskDllPatch.dll c:\program files (x86)\Elex-tech\YAC\iDskDllPatch64.dll c:\program files (x86)\Elex-tech\YAC\iImportLib.dll c:\program files (x86)\Elex-tech\YAC\ipcdl.exe c:\program files (x86)\Elex-tech\YAC\ipcproxy.dll c:\program files (x86)\Elex-tech\YAC\iSafe.exe c:\program files (x86)\Elex-tech\YAC\isafeadfv.dll c:\program files (x86)\Elex-tech\YAC\iSafeAdless.dll c:\program files (x86)\Elex-tech\YAC\isafebase.dll c:\program files (x86)\Elex-tech\YAC\isafebs.dll c:\program files (x86)\Elex-tech\YAC\iSafeBugReport.exe c:\program files (x86)\Elex-tech\YAC\iSafeCheckEngine.dll c:\program files (x86)\Elex-tech\YAC\isafechlp.dll c:\program files (x86)\Elex-tech\YAC\isafeclc.dll c:\program files (x86)\Elex-tech\YAC\isafeclcv.dll c:\program files (x86)\Elex-tech\YAC\isafeclean.dll c:\program files (x86)\Elex-tech\YAC\iSafeDisp.dll c:\program files (x86)\Elex-tech\YAC\iSafeEngineBase.dll c:\program files (x86)\Elex-tech\YAC\iSafeEngineDisp.dll c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys c:\program files (x86)\Elex-tech\YAC\iSafeKrnlBoot.sys c:\program files (x86)\Elex-tech\YAC\iSafeKrnlCall.dll c:\program files (x86)\Elex-tech\YAC\iSafeKrnlCall64.dll c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMonCall.dll c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys c:\program files (x86)\Elex-tech\YAC\iSafeKrnlShell.dll c:\program files (x86)\Elex-tech\YAC\isafemadwc.dll c:\program files (x86)\Elex-tech\YAC\isafembp.dll c:\program files (x86)\Elex-tech\YAC\isafemc.dll c:\program files (x86)\Elex-tech\YAC\isafemclv.dll c:\program files (x86)\Elex-tech\YAC\isafemgc.dll c:\program files (x86)\Elex-tech\YAC\iSafeMon.dll c:\program files (x86)\Elex-tech\YAC\iSafeMon64.dll c:\program files (x86)\Elex-tech\YAC\isafemoptv.dll c:\program files (x86)\Elex-tech\YAC\isafemsmv.dll c:\program files (x86)\Elex-tech\YAC\isafemvsv.dll c:\program files (x86)\Elex-tech\YAC\iSafeNetFilter.sys c:\program files (x86)\Elex-tech\YAC\iSafenpf.dll c:\program files (x86)\Elex-tech\YAC\isafepxy.dll c:\program files (x86)\Elex-tech\YAC\iSafeRKScanShell64.dll c:\program files (x86)\Elex-tech\YAC\isaferpt.dll c:\program files (x86)\Elex-tech\YAC\isafesmgr.dll c:\program files (x86)\Elex-tech\YAC\isafesopt.dll c:\program files (x86)\Elex-tech\YAC\isafesptv.dll c:\program files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll c:\program files (x86)\Elex-tech\YAC\isafesv.dll c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe c:\program files (x86)\Elex-tech\YAC\iSafeSvc2.exe c:\program files (x86)\Elex-tech\YAC\isafetbv.dll c:\program files (x86)\Elex-tech\YAC\iSafeTHlp.exe c:\program files (x86)\Elex-tech\YAC\iSafeTHlp64.exe c:\program files (x86)\Elex-tech\YAC\iSafeTray.exe c:\program files (x86)\Elex-tech\YAC\isafeupbiz.dll c:\program files (x86)\Elex-tech\YAC\iSafeVirusScanner.exe c:\program files (x86)\Elex-tech\YAC\iStart.exe c:\program files (x86)\Elex-tech\YAC\iSvc.dll c:\program files (x86)\Elex-tech\YAC\iSvc2.dll c:\program files (x86)\Elex-tech\YAC\iTPAutoClean.dll c:\program files (x86)\Elex-tech\YAC\iTPDesk.dll c:\program files (x86)\Elex-tech\YAC\iTPFeedback.dll c:\program files (x86)\Elex-tech\YAC\iTPFloaty.dll c:\program files (x86)\Elex-tech\YAC\iTPMsgCenter.dll c:\program files (x86)\Elex-tech\YAC\iTpNodisturb.dll c:\program files (x86)\Elex-tech\YAC\iTPProtect.dll c:\program files (x86)\Elex-tech\YAC\iTPPush.dll c:\program files (x86)\Elex-tech\YAC\iTPStartupAssist.dll c:\program files (x86)\Elex-tech\YAC\iTPVirus.dll c:\program files (x86)\Elex-tech\YAC\lang\AdBlock_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\adwclean_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\bugreport.xml c:\program files (x86)\Elex-tech\YAC\lang\clean_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\clean_scanfilter_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\common_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\dsk_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\fblang.xml c:\program files (x86)\Elex-tech\YAC\lang\iSafeRKScanShell.lang c:\program files (x86)\Elex-tech\YAC\lang\iSafeSet_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\lang.xml c:\program files (x86)\Elex-tech\YAC\lang\Lottery_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\new_clean_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\NewVirusScan_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\optimize_lang2.xml c:\program files (x86)\Elex-tech\YAC\lang\PCClinicUI_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\plugin_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\SafeProtect_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\shell.xml c:\program files (x86)\Elex-tech\YAC\lang\softmgr_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\startup_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\taskhelper_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\ToolBox_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\tray2_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_appstore_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_desk_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_feedback_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_floaty_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_nodisturb_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_protect_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_startupassist_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\trayplugin_virus_lang.xml c:\program files (x86)\Elex-tech\YAC\lang\uninstall_lang.xml c:\program files (x86)\Elex-tech\YAC\libcurl.dll c:\program files (x86)\Elex-tech\YAC\libeay32.dll c:\program files (x86)\Elex-tech\YAC\libpng.dll c:\program files (x86)\Elex-tech\YAC\log\bugreport.LOG c:\program files (x86)\Elex-tech\YAC\log\ipcdl.log c:\program files (x86)\Elex-tech\YAC\log\ipcproxy.log c:\program files (x86)\Elex-tech\YAC\log\iSafeBS.log c:\program files (x86)\Elex-tech\YAC\log\iSafeKrnlCall.log c:\program files (x86)\Elex-tech\YAC\log\iSafeKrnlMonCall.log c:\program files (x86)\Elex-tech\YAC\log\iSafeSvc.LOG c:\program files (x86)\Elex-tech\YAC\log\iSafeSvc2.LOG c:\program files (x86)\Elex-tech\YAC\log\iSafeSvc2_a53e8dea-63b4-4925-8337-4cb3a4777361.dmp c:\program files (x86)\Elex-tech\YAC\log\iSafeTaskHelper.LOG c:\program files (x86)\Elex-tech\YAC\log\iSafeTHlp64.LOG c:\program files (x86)\Elex-tech\YAC\main c:\program files (x86)\Elex-tech\YAC\msvcp110.dll c:\program files (x86)\Elex-tech\YAC\msvcr110.dll c:\program files (x86)\Elex-tech\YAC\ouilibx.dll c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set_gray.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set_hide.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set_hide_gray.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set_show.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\adb_set_show_gray.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\AdblockToggle.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\Add.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\Beta.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\check.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\Delete.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\edit_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\FilterDesc.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\FilterDesc_gray.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\lock_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\LogDetail.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\LogDetail_gray.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\opt_arrow_down.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\popup_menu_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\popup_menu_itemskin.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\Resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\unlocked_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\WhiteList.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\image\default\WhiteList_gray.png c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\layout\default\AdBlockView.xml c:\program files (x86)\Elex-tech\YAC\skin2\AdBlock\style\Style.xml c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\about_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\activity.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\activity_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\appstore_new.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\appstore_refresh.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\BG.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\btn_set.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\check_checked.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\check_indeterminate.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\check_uncheck.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\cm_iconlist.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\combo_browser_dropdown_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\connecting_anim.gif c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\dbup_dlg_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\dbup_dlg_bk_arrow.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\dbup_dlg_onekey_up_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\dbup_dlg_reboot_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\bk_bag.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\bk_green.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\bk_orange.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\bk_red.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\btn_repair.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_adblock_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_back_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_cancel.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_do.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_number_0.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_health_number_hover.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_health_number_normal.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_health_number_pressed.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_health_plus_normal.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_hover.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_hover_red.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_normal.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_normal_red.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_pressed.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_number_pressed_red.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_ok_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_result_plus_normal.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_rubbish_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_rubbish_icon_warning.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_safe_protect_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_safe_protect_icon_warning.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_scanning_mid.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_scanning_pic.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_scanning_small.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_softmgr_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_softmgr_icon_warning.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_sys_opt_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_sys_opt_icon_warning.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_tip_wnd_arrow_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_tip_wnd_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_tip_wnd_bk2.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_type_btn_bottom_line.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_bn.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_gb.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_health_bn.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_health_kn.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_health_mn.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_kb.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_kn.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_mb.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_unit_mn.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\exam_vscroll.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\green_right.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\icon_big_home.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\ignore_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\manual_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\manual_item.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\number_big_green.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\number_big_red.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\number_big_red2.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\opt_arrow_down.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\opt_arrow_up.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\right_green.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\score_none.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\warning_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\warning_gray.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\warning_red.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\warning_yellow.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\exam\yellow_wrong.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\head_checked.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\head_indeteminate.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\head_unchecked.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_adblock.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_adw_clean.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_appstore.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_avira.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_deep_clean.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_exam.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_netmon.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_optimize.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_protect.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_recovery.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_softmgr.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_toolbox.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\icon_virusscan.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\if_block.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\if_prompt.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\if_question.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\if_warning.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\language_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\language_selected_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\like.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\like_count.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\line1.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\line2.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\listctrlbtn.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\menu_bkg.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\menu_bkg2.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\menu_item_over.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\menu_nation_iconlist.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\menu_setting_over.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\msgbox_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\number_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\number_bg2.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\pop_sys_button2.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\pop_sys_close.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\progressbar_anim.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\progressbar_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\progressbar_image.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\recovery.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\setting.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\setting_img_list.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\slidebutton_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\small_dl.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\small_download.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\small_new.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\small_progress.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\small_progress_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\special_line.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\startmenu_deepclean.ico c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\sub_toggle_btn.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\sys_imglist.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\tab_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_check.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_cheking.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_chk_err.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_chk_ok.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_client_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_downlodaing.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_error.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_latest.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\update_server_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\updatedlg_ok_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\vscroll.png c:\program files (x86)\Elex-tech\YAC\skin2\app\image\new\wifi_logo.png c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\aboutdlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\dbupdatedlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\DemoApp.xml c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\language_select.xml c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\maindlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\msgbox.xml c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\slide_button_wnd.xml c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\tipwnd.xml c:\program files (x86)\Elex-tech\YAC\skin2\app\layout\new\updatedlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\app\style\style_new.xml c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\bg.png c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\crash_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\detail_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\error_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\input.png c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\reset_yac_btn_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\send_btn_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\smell_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\sorry_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\sucess_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\vscroll.png c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\wait.png c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\wait_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\res\waitting_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\image\default\resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\layout\default\detailwnd.xml c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\layout\default\mainwnd.xml c:\program files (x86)\Elex-tech\YAC\skin2\bugreport\style\style.xml c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_advance_item_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_advance_item_bk2.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_adware_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_auto_clean_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_clean_smile_face.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_full_scan_virus_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_junk_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_list_header_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_plugin_can_delete.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_plugin_can_disable.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_plugin_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_plugin_normal.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_plugin_type_iconlist.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_privacy_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_quick_clean_iconlist.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_quickclean_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_reg_iconlist.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_registry_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_rubbish_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_scan_check.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_scan_detail_dlg_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_share_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_sysmenu_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\cl_trace_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\cl_combo_skin.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\cl_down_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\cl_menu_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\cl_menu_item_over.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\cl_up_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk1.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk2.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk3.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk4.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk5.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_button_bk6.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_box_select_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_button_open.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_default_image.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_eye_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_file_browser.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_path_edit.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_progress_animate.gif c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_pop_tipwnd_warnning.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_pop_res\clean_togbtn_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\clean_res.xml c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\opt_new_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\opt_rightkeymenu_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\image\default\opt_sendto_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\clean\layout\default\NewCleanPFSettingDlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\clean\layout\default\NewCleanPopDlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\clean\layout\default\NewCleanView.xml c:\program files (x86)\Elex-tech\YAC\skin2\clean\layout\default\ScanDetailDlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\clean\layout\default\Tipswnd.xml c:\program files (x86)\Elex-tech\YAC\skin2\clean\style\clean_style.xml c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\arrow_down.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\arrow_up.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\check_checked.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\check_indeterminate.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\check_uncheck.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\close_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\color_blue_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\color_green_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\color_red_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\color_yellow_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\common_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\common_dlg_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\common_faq_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\common_res.xml c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\common_tip_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\feedback_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\head_checked.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\head_indeteminate.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\head_unchecked.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\if_block.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\if_prompt.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\if_question.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\if_warning.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\min_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\msgbox_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\msgbox_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\msgbox_close_btn.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\msgbox2_button_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\msgbox2_button_green.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\msgbox2_warning.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\nation_icon_list.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\progressbar_anim.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\progressbar_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\progressbar_image.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\pvb_line.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\pvb_skin.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\scan_check.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\scan_complete.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\scan_scanning.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\scan_warning.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\scanview_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\switch_button_off.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\switch_button_on.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\toggle_btn_pop_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\common\image\default\vscroll.png c:\program files (x86)\Elex-tech\YAC\skin2\common\layout\msgbox.xml c:\program files (x86)\Elex-tech\YAC\skin2\common\layout\msgbox2.xml c:\program files (x86)\Elex-tech\YAC\skin2\common\style\common_style.xml c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\close_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_add_file_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_add_file_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_btn_bk1.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_btn_bk2.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_complete_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_ctrl_close_btn.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_edit_skin.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_file_ctrl_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_file_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_live_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_msgbox_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_msgbox_warning.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_pay_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_problem_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_report_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_suggestion_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_tip_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_wait_anim.gif c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_warning_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\fb_yac_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\image\default\tab_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\layout\default\feedback_view.xml c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\layout\default\mainwnd2.xml c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\layout\default\msgbox.xml c:\program files (x86)\Elex-tech\YAC\skin2\fbSkin\style\style.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_1.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_2.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_3.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_4.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_5.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\desk_bkg\desk_bkg_default.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\desk_bkg_list.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\foldericon\app.ico c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\foldericon\file.ico c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\foldericon\folder.ico c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\foldericon\picture.ico c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\add_list_over.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\add_list_til_line.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\app.ico c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrange_arrow.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\arrange_arrow_b.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\arrange_arrow_l.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\arrange_arrow_r.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\arrange_arrow_t.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\btn_close.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\btn_green_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\check_uncheck.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrangedesktop\main_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrow_left.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\arrow_right.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\btn_accelerate_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\button_delete.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\button_selected.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\check_checked.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\check_uncheck.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\cloud_flash.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\combo_skin.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\combo_skin_op.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\customize.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\default_file.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\delete_button.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_all_import.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_bkg_default.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_btn_dkg.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_button_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_close.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_cmd_list.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_default_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_dlg_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_edit.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_edit_light.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_fbar.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_arrow_left.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_arrow_right.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_button_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_gridctrl_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_icon_add_other.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_import_icon_list_add.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_list.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_list_light.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_loading.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_main_panel_edge.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_menu.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_more.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_pc.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_plus_import_bkg_a.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_plus_import_bkg_b.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_power_off.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_power_off_light.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_power_off_unlight.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\desk_skin.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\deskbtnbk.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\edit_skin.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\edit_skin_op.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\file.ico c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\focus_next.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\focus_prev.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\folder.ico c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\icon_adblock_18-18.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\icon_adblock_22-22.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\icon_arrange.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\icon_Tip.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\idesk_pre_view.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\idesk_pre_view_a.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\import_scroll.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\improve_arrow.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\large_add_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\line-foot.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\list_scroll.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\logo_small.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_accelerate.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_arrow.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_close.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_help.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_import.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_noad.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_open.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_quit.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_restore.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_sendto.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menu_set.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\menuitem_selbk.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\monitor_button_next.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\monitor_button_pre.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\mousechoose.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\mypc_bkg.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\new_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\new_icon_large.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\new_icon_small.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\new_icon_xp.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\normal_button_close.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\nothing.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\PageBtnBkg.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\PageBtnBkg_focus.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\PageNavigate.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\pic-error.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\pic-info.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\pic-question.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\pic-warning.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\picture.ico c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\plus_action_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\search_box.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\search_button.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\search_close.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\selected.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\shutdown_button_bkg.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\shutdown_more_button_bkg.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\start_button_hover.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\start_panel_bkg.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\start_shutdown_arrow.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\switch_style.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_ctrl_panel.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_imglist.bmp c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_local_driver.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_lock.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_menu_bkg.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_net_connect.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_recycle.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_restart.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\sys_sleep.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_firstrun_bottom.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_firstrun_left.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_firstrun_right.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_firstrun_top.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_introduce_bottom.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_introduce_left.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_introduce_right.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\desk_tip_introduce_top.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_close.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_add_focus.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_arrow_bottom.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_arrow_left.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_arrow_right.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_arrow_right_large.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_browser_focus.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_focus_mask_point.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_focus_mask_rect.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_item_drag.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_guide_item_focus.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tip\tip_point.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\tips_button_close.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\title_bar.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\user_account_default.bmp c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\vscroll.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\WIN7_bj_X.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\WIN7_bj_Y.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\WIN7_bjSmall_X.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\WIN7_bjSmall_Y.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\win8_desk_16_over.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\win8_desk_32_over.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\XP_bj_hover.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\image\default\XP_bj_normal.png c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\add_shortcut_tip.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\arrange_desktop.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\desk_bkg.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\desk_taskbar_help_tip1.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\desk_taskbar_help_tip2.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\main_import_icon.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\main_panel.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\main_setting.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\main_start.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\my_pc_menu.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\plus_import_icon.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\rename.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\layout\default\taskbar.xml c:\program files (x86)\Elex-tech\YAC\skin2\iDesk\style\style.xml c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\about.png c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\adb.png c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\bep.png c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\bth.png c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\check.png c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\dse.png c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\emailprotect.png c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\fw.png c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\general.png c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\iSafeSet_res.xml c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\jfm.png c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\lang.png c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\lang_btn_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\image\default\nation_icon_list.png c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\layout\default\iSafeSetView.xml c:\program files (x86)\Elex-tech\YAC\skin2\iSafeSet\style\iSafeSet_style.xml c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_arrow_down.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_arrow_up.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_button_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_close_button.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_indeterminate.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_loading.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_logo.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_minimum_button.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_num.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_num_percent.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_num_white.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_brush.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_complete.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_dl_brush.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_dl_complete.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_dl_start.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_install_brush.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_normal.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_op_complete.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_picture_warning.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_point.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_res.xml c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_select.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_speed_bar.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unable.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unit_b.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unit_gb.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unit_kb.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unit_mb.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\new_clean_unselect.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\image\newclean\vscroll.png c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\layout\newclean\NewCleanDlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\layout\newclean\tipsWnd.xml c:\program files (x86)\Elex-tech\YAC\skin2\NewClean\style\new_clean_style.xml c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_appsvc_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_arrow_down_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_arrow_up_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_boottime_nodata_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_combo.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_combo_bk_bottom.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_combo_bk_top.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_combo_dropdown_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_menu_item_over.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_startup_app_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_sysmenu_def_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_syssvc_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_taskschedule_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_type_iconlist.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\opt_vert_line.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\optimize_btn_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\optimize_empty.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\optimize_restore_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\pop_OptDlg_BG.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\st_green.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\st_orange.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\st_red.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\image\default\syssvc_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\layout\default\optimize_popdlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\layout\default\OptimizeView.xml c:\program files (x86)\Elex-tech\YAC\skin2\optimize2\style\style.xml c:\program files (x86)\Elex-tech\YAC\skin2\plugin\image\default\plug_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\plugin\image\default\plug_norm.png c:\program files (x86)\Elex-tech\YAC\skin2\plugin\image\default\plug_sec_level.png c:\program files (x86)\Elex-tech\YAC\skin2\plugin\image\default\plug_should_del.png c:\program files (x86)\Elex-tech\YAC\skin2\plugin\image\default\plug_should_dis.png c:\program files (x86)\Elex-tech\YAC\skin2\plugin\image\default\plugin_res.xml c:\program files (x86)\Elex-tech\YAC\skin2\plugin\layout\default\PluginView.xml c:\program files (x86)\Elex-tech\YAC\skin2\plugin\style\plugin_style.xml c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\bing_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\blank_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\bo.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\bp.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\bw.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\cdbh.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\cdsh.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\check.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\chph.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\chrome_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\cseh.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\dp.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\edit_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\edit_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\edit_skin.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\empty.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\exam_dlg_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\exam_radio_checked.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\exam_radio_unchecked.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\firefix_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\fr.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\google_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\google_small.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\ie_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\iph.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\lastsession_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\lock_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\locked_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\oh.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\opera_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\opt.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\opt_vert_line.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\pop_OptDlg_BG.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\pop_toggle_btn_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\popup_menu_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\popup_menu_itemskin.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\pwb.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\query_btn_safe.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\SafeProtect_res.xml c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\savebtn_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\syssvc_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\to.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\tp.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\tw.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\unlocked_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\yac_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\yahoo_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\image\default\yahoo_small.png c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\layout\default\examdlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\layout\default\SafeProtect_popdlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\layout\default\SafeProtectView.xml c:\program files (x86)\Elex-tech\YAC\skin2\SafeProtect\style\SafeProtect_style.xml c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm_common_btn_bk1.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm_common_btn_bk2.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm_menu_bkg.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm_menu_item_over.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm_remain_ctrl_iconlist.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm_software_def_ico_20.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm_warning_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_check_arrow_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_close_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_collapse_arrow.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_expand_arrow.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_folder_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_opt_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_progbar_anim_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_progbar_indicator.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_progbar_indicator_green.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_search_box_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_search_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_software_def_ico_48.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_step_found.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_step_nofound.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_uninst_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_vscroll.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_warning_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\sm2_whirling_pic.png c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\image\default\softmgr_res.xml c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\layout\default\softmgr_guide.xml c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\layout\default\softmgr_guide2.xml c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\layout\default\softmgr_result.xml c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\layout\default\SoftMgrView.xml c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\layout\default\SoftMgrView2.xml c:\program files (x86)\Elex-tech\YAC\skin2\softmgr\style\softmgr_style.xml c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\bg.png c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\btn_bg_1.png c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\btn_bg_2.png c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\smell_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\sorry_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\taskhlp_ac_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\taskhlp_ac_iconlist.png c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\vscroll.png c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\wait.png c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\res\wait_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\image\default\resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\layout\default\autoclean_guide.xml c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\layout\default\softuninstallwnd.xml c:\program files (x86)\Elex-tech\YAC\skin2\TaskHelper\style\style.xml c:\program files (x86)\Elex-tech\YAC\skin2\ToolBox\image\default\Resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\ToolBox\image\default\tb_close.png c:\program files (x86)\Elex-tech\YAC\skin2\ToolBox\image\default\tb_default.png c:\program files (x86)\Elex-tech\YAC\skin2\ToolBox\image\default\tb_download.png c:\program files (x86)\Elex-tech\YAC\skin2\ToolBox\image\default\tb_new.png c:\program files (x86)\Elex-tech\YAC\skin2\ToolBox\layout\default\ToolBoxView.xml c:\program files (x86)\Elex-tech\YAC\skin2\ToolBox\style\Style.xml c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\if_block.png c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\if_prompt.png c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\if_warning.png c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\notify_bk_dang.png c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\notify_bk_safe.png c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\notify_bk_warning.png c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\pop_sys_close.png c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\query_bk_dang.png c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\query_bk_safe.png c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\query_bk_warning.png c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\query_btn_dang.png c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\query_btn_safe.png c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\query_btn_warning.png c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\traymenu_dlg_bk2.png c:\program files (x86)\Elex-tech\YAC\skin2\tray2\image\vscroll.png c:\program files (x86)\Elex-tech\YAC\skin2\tray2\layout\pop\tippop.xml c:\program files (x86)\Elex-tech\YAC\skin2\tray2\layout\traydlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\tray2\style\style.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\ad_arrow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\adblock_guide_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\pic_ad_off1.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\pic_ad_off2.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\pic_ad_on1.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\pic_ad_on2.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\rubbish.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\image\traymenu_iconlist.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\layout\adblockguide.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\layout\cleartrash.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\layout\strongUnist.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\layout\traydlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Feedback\style\style.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\arrowdown_green.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\arrowup_orange.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\clean_junk_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\default_program_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\download.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\download_gray.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_acc_circle_list_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_acc_circle_list_orange.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_acc_circle_list_red.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_dec_circle_list_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_dec_circle_list_orange.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_dec_circle_list_red.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_left_bk_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_left_bk_orange.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_left_bk_red.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_right_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_round_bk_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_round_bk_orange.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_round_bk_red.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_shadow_bk_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_shadow_bk_orange.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_shadow_bk_red.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_whirling_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_whirling_orange.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_anim_whirling_red.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_btn_close_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_menu_iconlist.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_net_down_arrow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_net_flow_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_net_up_arrow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_numer.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_percent_bk_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_percent_bk_orange.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_percent_bk_red.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_shadow_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_shadow_sh_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_shadow_sv_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_speed_test_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_left.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_rb.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_rb_red.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_right.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_rt.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_arrow_rt_red.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_close_btn.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_go_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_wnd_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_float_tip_wnd_bk_red.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_rope_btn_bk_gl.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_rope_btn_bk_roulette.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_swing_anim_bk_gl.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_swing_anim_bk_roulette.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_throw_anim_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\tray_throw_anim_round_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\trayF_float_tips_left.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\float\trayF_float_tips_right.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\floattray_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\flow_number.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\flow_unit.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\IPicon.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\menu_bkg.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\menu_item_over.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\pop_memory_btn_green_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\pop_memory_btn_yellow_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\pop_network_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\speed_number.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\speed_unit.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\sys_imglist.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\test_speed_download.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\test_speed_upload.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\testspeed_arrow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\testspeed_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\testspeed_light.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\testspeed_light1.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\trayfloatarrow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\trayfloatnetbtnico.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\traymenu_iconlist.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\upload.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\upload_gray.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\upload_gray_mark.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\image\yaclogo.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\floatplugin.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\floattipwnd.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\floattipwnd_hide.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\swing_anim.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\throwdlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\traydlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\trayfloaty2.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\trayfloatypop2.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\trayfloatypop2_bottom.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\trayTaskbar.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\layout\trayTaskbar_wifi.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Floaty\style\style.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\app.ico c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\file.ico c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\folder.ico c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\foldericon\picture.ico c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\app.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\btn_cancel.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\btn_close.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\btn_green_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\file.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\folder.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\logo_small.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\main_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\picture.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\arrangedesktop\yac_logo.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\idesk_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\image\traymenu_iconlist.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\layout\arrange_desktop.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\layout\traydlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\iDesk\style\style.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\MsgCenter\layout\default\MsgCenterDlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\MsgCenter\resouce\default\close.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\MsgCenter\resouce\default\logo.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\MsgCenter\resouce\default\Msg_BG.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\MsgCenter\resouce\default\Resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\MsgCenter\style\Style.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\pop_startup_slow_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\pop_startup_warning_button.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\tray_radio_checked.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\tray_radio_unchecked.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\traymenu_iconlist.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\traymenu_pop_cancel_btn2.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\image\traymenu_pop_ico_query.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\layout\traydlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\layout\traymenupop.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Nodisturb\style\style.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\bing_16_16.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\chrome_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_browser_dropdown_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_browser2.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_pop_modify.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_pop_modify_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_pop_modify2.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\combo_skin4.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\firefix_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\google_16_16.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\ie_16_16.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\ie_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\isafe_16.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\pop_startup_slow_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\pop_startup_warning_button.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\tray_radio_checked.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\tray_radio_unchecked.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\traymenu_iconlist.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\traymenu_pop_cancel_btn2.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\traymenu_pop_ico_query.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\image\yahoo_16_16.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\layout\accesslink.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\layout\blockblacklist.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\layout\lock_guide.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\layout\querymodify.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\layout\querymodify2.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\layout\traydlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\layout\traymenupop.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Protect\style\style.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\close.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\Location_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\new_left.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\new_right.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_assistant_blue_number.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_assistant_yellow_number.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startup_fast_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startup_nomall_button.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startup_slow_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startup_warning_button.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startupass_comb_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_startupass_vscoll.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_sys_close.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_sys_Setting.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\pop_sys_star.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_anim_expand_bk_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_anim_expand_bk_yellow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_char_m.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_char_percent.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_char_s.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_close_btn_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_close_btn_yellow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_combo_drop_bk_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_combo_drop_bk_yellow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_combo_skin_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_combo_skin_yellow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_itemhover_bk_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_itemhover_bk_yellow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_location_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_location_yellow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_news_line_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_news_line_yellow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_number.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_number_fuzzy.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_optimize_btn.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_redpoint_large.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_redpoint_middle.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_redpoint_small.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_late_night_blue.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_late_night_yellow.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_morning_blue.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_morning_yellow.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_nightfall_blue.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_nightfall_yellow.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_noon_blue.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_time_noon_yellow.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_vscoll_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_vscoll_yellow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_cloudy_blue.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_cloudy_yellow.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_icon_large.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_icon_small.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_line_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_line_yellow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_rain_blue.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_rain_yellow.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_snow_blue.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_snow_yellow.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_thunder_blue.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_weather_thunder_yellow.jpg c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\sa_yac_logo.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\weather_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\image\yellow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\layout\daily_news.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\layout\startup_assist.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\layout\startup_assist_2.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\layout\startup_assist_3.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\layout\startup_assist_weather.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\StartupAssist\style\style.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\Anti_Malware.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\dtk_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\dtk_dlg_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\green_bk_new.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\green1_bk_new.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\point.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_safe.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_safe_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_safe_btn.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_scan.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unknow.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unkown_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unkown_btn.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_btn.png c:\program files (x86)\Elex-tech\YAC\skin2 Geändert von Tori22 (27.05.2016 um 09:01 Uhr) |
27.05.2016, 08:52 | #10 |
| Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden CombiFix_Teil2: Code:
ATTFilter \trayplugin\Virus\image\pop_dp_unsafe_clear_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_clear_btn.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_clear_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\pop_dp_unsafe_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\vip_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\image\vip_dlg_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\detectbrowserriskpop.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\detectriskpop.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\downloadprotect.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\outdatepop.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\premiumuserpop.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\PrivilegeTerminateDlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\updatevirussuccesspop.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\layout\virusdboutofdatepop.xml c:\program files (x86)\Elex-tech\YAC\skin2\trayplugin\Virus\style\style.xml c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\av_authority_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\combo_list.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\custom_check.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\custom_uncheck.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\dl_inst_antymal_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\dl_inst_clean_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\dl_inst_optimize_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\dl_inst_protect_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\exam_tip_wnd_arrow_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\exam_tip_wnd_bk2.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\ico_app.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\ico_face.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\ico_upgrade.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\inst_cover_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\install_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\install_combo_skin.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\install_logo.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\install_prog_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\install_prog_meter.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\open_dir.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\popup_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\resource.xml c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\soft_cof_button_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\soft_remove_button_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_acc.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_btn_bg1.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_btn_bg2.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_clean.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_complete.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_cry.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_func_intr.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_func_up.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_func1.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_func3.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_input.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_prog_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_progress.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_protect.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninst_spliter.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_1.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_2.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_3.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_4.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_5.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_6.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\uninstall_pic_7.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\upgrade_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\upgrade_prog_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\upgrade_prog_meter.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\vscroll.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\image\yac_side_ico.png c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\layout\cover.xml c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\layout\install.xml c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\layout\uninstall_logo_fade.xml c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\layout\uninstallpro.xml c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\layout\upgrade.xml c:\program files (x86)\Elex-tech\YAC\skin2\uninstall\style\style.xml c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\avangate.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\avangateflag.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\button_blue.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\button_buy.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\button_green.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\button_yellow.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\buy_flag.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\centili.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\chooseoption_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\chooseoption_close.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\close_message_box_warning.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\cseh.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\edit_skin.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\free_flag_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\general_buy_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\green_bk_new.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\green1_bk_new.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\guarantee.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\icoBW.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\icoBW_gray.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\icoDP.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\icoDP_gray.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\icoRS.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\icoRS_gray.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\main_item_status.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\mobileflag.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\new.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\pay_cancel.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\paypal.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\paypaldetail.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\paypalflag.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\point.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\premium_button_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\premium_flag_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\radio_checked.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\radio_unchecked.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\red_bk_new.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\result_danger.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\result_safe.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\risk_item_see_about_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\skrill.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\skrillflag.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\trail_flag_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_certification_list_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_common_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_custom_scan.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_custom_scan_green.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_custom_scan_red.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_delete_btn.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_expdlg_collapse_arrow.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_expdlg_expand_arrow.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\Virus_feature.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\Virus_feature_right.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hover_btn_iconlist.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hover_tip_arrow.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hover_tip_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hover_tip_iconlist.jpg c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hyper_scan.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hyper_scan_d.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hyper_scan_green.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_hyper_scan_red.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_menu_bkg.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_menu_item_over.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_normal.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_quick_scan.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_quick_scan_green.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_quick_scan_red.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_red.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_restore_btn.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_scan_safe.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_scan_scaning.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_scan_virus.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_setting_icon.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_task_item_combo_skin.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_task_item_edit_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_task_item_save_btn_bk.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_update_db.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_update_db_out.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virus_yellow.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virusopt_btn_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\virusopt_but_bg.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_Btn_BG.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_Loading.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_OptDlg_BG.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_res.xml c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_SetDlg_BG.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_SetDlg_Cancel_BTN_BG.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_SetDlg_EditSkin.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\VirusScan_Tab_Vert_Line.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\wait.gif c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\image\default\yellow_bk_new.png c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\ChooseOptionMessageBox.xml c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\CloseMessageBox.xml c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\explorer_folder_dlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\FinishScanFirstMessageBox.xml c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\InputEmailDlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\TrialFeatureDlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\virushovertip.xml c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\virusscan_popdlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\virusscan_settingdlg.xml c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\VirusScanFeatureView.xml c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\layout\default\VirusScanView.xml c:\program files (x86)\Elex-tech\YAC\skin2\VirusScan\style\VirusScan_style.xml c:\program files (x86)\Elex-tech\YAC\sqlite3.dll c:\program files (x86)\Elex-tech\YAC\sqlite3x64.dll c:\program files (x86)\Elex-tech\YAC\ssleay32.dll c:\program files (x86)\Elex-tech\YAC\tws\antirk.dll c:\program files (x86)\Elex-tech\YAC\tws\common.ini c:\program files (x86)\Elex-tech\YAC\tws\ctools.dll c:\program files (x86)\Elex-tech\YAC\tws\decexp.dll c:\program files (x86)\Elex-tech\YAC\tws\defs\base0000.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\base0001.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\catalog.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0000.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0001.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0002.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0003.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0004.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0005.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0006.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0007.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0008.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0009.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0010.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0011.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0012.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0013.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0014.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0015.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0016.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0017.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0018.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0019.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0020.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0021.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0022.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0023.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0024.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0025.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0026.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0027.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0028.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0029.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0030.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0031.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0032.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0033.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0034.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0035.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0036.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0037.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0038.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0039.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0040.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0041.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0042.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0043.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0044.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0045.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0046.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0047.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0048.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0049.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0050.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0051.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0052.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0053.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0054.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0055.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0056.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0057.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0058.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0059.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0060.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0061.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0062.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0063.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0064.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0065.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0066.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0067.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0068.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0069.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0070.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0071.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0072.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0073.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0074.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0075.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0076.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0077.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0078.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0079.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0080.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0081.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0082.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0083.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0084.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0085.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0086.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0087.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0088.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0089.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0090.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0091.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0092.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0093.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0094.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0095.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0096.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0097.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0098.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0099.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0100.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0101.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0102.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0103.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0104.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0105.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0106.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0107.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0108.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0109.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0110.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0111.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0112.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0113.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0114.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0115.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0116.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0117.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0118.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0119.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0120.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0121.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0122.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0123.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0124.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0125.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0126.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0127.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0128.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0129.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0130.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0131.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0132.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0133.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0134.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0135.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0136.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0137.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0138.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0139.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0140.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0141.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0142.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0143.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0144.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0145.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0146.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0147.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0148.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0149.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0150.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0151.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0152.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0153.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0154.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0155.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0156.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0157.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0158.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0159.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0160.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0161.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0162.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0163.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0164.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0165.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0166.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0167.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0168.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0169.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0170.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0171.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0172.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0173.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0174.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0175.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0176.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0177.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0178.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0179.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0180.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0181.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0182.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0183.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0184.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0185.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0186.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0187.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0188.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0189.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0190.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0191.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0192.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0193.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0194.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0195.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0196.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0197.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0198.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0199.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0200.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0201.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0202.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0203.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0204.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0205.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0206.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0207.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0208.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0209.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0210.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0211.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0212.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0213.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0214.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0215.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0216.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0217.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0218.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0219.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0220.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0221.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0222.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0223.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0224.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0225.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0226.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0227.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0228.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0229.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0230.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0231.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0232.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0233.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0234.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0235.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0236.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0237.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0238.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0239.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0240.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0241.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0242.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0243.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0244.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0245.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0246.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0247.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0248.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0249.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0250.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0251.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0252.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0253.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0254.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0255.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0256.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0257.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0258.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0259.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0260.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0261.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0262.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0263.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0264.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0265.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0266.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0267.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0268.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0269.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0270.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0271.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0272.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0273.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0274.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0275.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0276.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0277.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0278.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0279.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0280.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0281.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0282.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0283.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0284.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0285.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0286.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0287.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0288.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0289.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0290.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0291.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0292.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0293.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0294.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0295.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0296.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0297.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0298.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0299.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0300.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0301.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0302.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0303.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0304.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0305.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0306.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0307.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0308.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0309.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0310.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0311.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0312.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0313.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0314.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0315.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0316.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0317.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0318.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0319.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0320.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0321.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0322.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0323.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0324.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0325.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0326.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0327.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0328.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0329.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0330.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0331.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0332.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0333.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0334.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0335.dat c:\program files (x86)\Elex-tech\YAC\tws\defs\gen0336.dat c:\program files (x86)\Elex-tech\YAC\tws\emlib.dll c:\program files (x86)\Elex-tech\YAC\tws\falgorit.dll c:\program files (x86)\Elex-tech\YAC\tws\fddsdb.dat c:\program files (x86)\Elex-tech\YAC\tws\fddslog.txt c:\program files (x86)\Elex-tech\YAC\tws\fgui.dll c:\program files (x86)\Elex-tech\YAC\tws\filau.dll c:\program files (x86)\Elex-tech\YAC\tws\filcmn.dll c:\program files (x86)\Elex-tech\YAC\tws\filcpt.dll c:\program files (x86)\Elex-tech\YAC\tws\filppi.dll c:\program files (x86)\Elex-tech\YAC\tws\filpps.ini c:\program files (x86)\Elex-tech\YAC\tws\filup.dat c:\program files (x86)\Elex-tech\YAC\tws\filup.ini c:\program files (x86)\Elex-tech\YAC\tws\filuplog.txt c:\program files (x86)\Elex-tech\YAC\tws\filvss.dll c:\program files (x86)\Elex-tech\YAC\tws\filvss.ini c:\program files (x86)\Elex-tech\YAC\tws\filwls\figs000.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fils000.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fols000.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwgs000.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls000.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls001.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls002.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls003.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls004.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls005.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls006.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls007.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls008.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls009.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls010.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls011.dat c:\program files (x86)\Elex-tech\YAC\tws\filwls\fwls012.dat c:\program files (x86)\Elex-tech\YAC\tws\fsrexc.dat c:\program files (x86)\Elex-tech\YAC\tws\fupd.dll c:\program files (x86)\Elex-tech\YAC\tws\iSafeSvc2.exe c:\program files (x86)\Elex-tech\YAC\tws\leave.dat c:\program files (x86)\Elex-tech\YAC\tws\lsf.dll c:\program files (x86)\Elex-tech\YAC\tws\mca.dll c:\program files (x86)\Elex-tech\YAC\tws\message.dll c:\program files (x86)\Elex-tech\YAC\tws\plugins\filavutd.dll c:\program files (x86)\Elex-tech\YAC\tws\plugins\virut.tpl c:\program files (x86)\Elex-tech\YAC\tws\plugmgr.dll c:\program files (x86)\Elex-tech\YAC\tws\psmgr.dll c:\program files (x86)\Elex-tech\YAC\tws\quarantine.dll c:\program files (x86)\Elex-tech\YAC\tws\tsc.dll c:\program files (x86)\Elex-tech\YAC\tws\twsdk.dll c:\program files (x86)\Elex-tech\YAC\tws\twsupd.dll c:\program files (x86)\Elex-tech\YAC\tws\twsupd.ini c:\program files (x86)\Elex-tech\YAC\tws\unacev2.dll c:\program files (x86)\Elex-tech\YAC\tws\unchm.dll c:\program files (x86)\Elex-tech\YAC\tws\unemb.dll c:\program files (x86)\Elex-tech\YAC\tws\unmisc.dll c:\program files (x86)\Elex-tech\YAC\tws\unrar.dll c:\program files (x86)\Elex-tech\YAC\tws\unsevzip.dll c:\program files (x86)\Elex-tech\YAC\tws\unzip32.dll c:\program files (x86)\Elex-tech\YAC\tws\vfst.dll c:\program files (x86)\Elex-tech\YAC\tws\w32tools.dll c:\program files (x86)\Elex-tech\YAC\tws\x64\psmgr.dll c:\program files (x86)\Elex-tech\YAC\tws\zipexp.dll c:\program files (x86)\Elex-tech\YAC\tws\zlib1.dll c:\program files (x86)\Elex-tech\YAC\uninstall.exe c:\program files (x86)\Elex-tech\YAC\uninstall.inst c:\program files (x86)\Elex-tech\YAC\update\Engine0\dlcfg.ini c:\program files (x86)\Elex-tech\YAC\update\Engine0\upcfg.ini c:\program files (x86)\Elex-tech\YAC\update\Engine1\bs.dat.dlinfo c:\program files (x86)\Elex-tech\YAC\update\Engine1\bs.dat.tmp c:\program files (x86)\Elex-tech\YAC\update\Engine1\sr.dat.dlinfo c:\program files (x86)\Elex-tech\YAC\update\Engine1\sr.dat.tmp c:\program files (x86)\Elex-tech\YAC\update\Engine1\vn.dat.dlinfo c:\program files (x86)\Elex-tech\YAC\update\Engine1\vn.dat.tmp c:\program files (x86)\Elex-tech\YAC\update\Engine1\ws.dat.dlinfo c:\program files (x86)\Elex-tech\YAC\update\Engine1\ws.dat.tmp c:\program files (x86)\Elex-tech\YAC\update\temp\dlcfg.ini c:\program files (x86)\Elex-tech\YAC\update\temp\upcfg.ini c:\program files (x86)\Elex-tech\YAC\user\brset.ini c:\program files (x86)\Elex-tech\YAC\user\cbss.dat c:\program files (x86)\Elex-tech\YAC\user\co.dat c:\program files (x86)\Elex-tech\YAC\user\sie.dat c:\program files (x86)\Elex-tech\YAC\user\softcache2.dat c:\program files (x86)\Elex-tech\YAC\user\svc2.dat c:\program files (x86)\Elex-tech\YAC\user\svc2_com.dat c:\program files (x86)\Elex-tech\YAC\YACcleaner.exe c:\program files (x86)\Elex-tech\YAC\zlib1.dll c:\program files (x86)\Guntony c:\program files (x86)\Guntony\Guntony\50.14.2661.78.manifest c:\program files (x86)\Guntony\Guntony\bin\Guntony_browser.dll c:\program files (x86)\Guntony\Guntony\bin\Guntony_server.exe c:\program files (x86)\Guntony\Guntony\bin\Guntony_update.dll c:\program files (x86)\Guntony\Guntony\chrome.dll c:\program files (x86)\Guntony\Guntony\chrome.exe c:\program files (x86)\Guntony\Guntony\chrome_100_percent.pak c:\program files (x86)\Guntony\Guntony\chrome_200_percent.pak c:\program files (x86)\Guntony\Guntony\chrome_child.dll c:\program files (x86)\Guntony\Guntony\chrome_elf.dll c:\program files (x86)\Guntony\Guntony\chrome_watcher.dll c:\program files (x86)\Guntony\Guntony\d3dcompiler_47.dll c:\program files (x86)\Guntony\Guntony\delegate_execute.exe c:\program files (x86)\Guntony\Guntony\Extensions c:\program files (x86)\Guntony\Guntony\icudtl.dat c:\program files (x86)\Guntony\Guntony\libegl.dll c:\program files (x86)\Guntony\Guntony\libexif.dll c:\program files (x86)\Guntony\Guntony\libglesv2.dll c:\program files (x86)\Guntony\Guntony\locales\am.pak c:\program files (x86)\Guntony\Guntony\locales\ar.pak c:\program files (x86)\Guntony\Guntony\locales\bg.pak c:\program files (x86)\Guntony\Guntony\locales\bn.pak c:\program files (x86)\Guntony\Guntony\locales\ca.pak c:\program files (x86)\Guntony\Guntony\locales\cs.pak c:\program files (x86)\Guntony\Guntony\locales\da.pak c:\program files (x86)\Guntony\Guntony\locales\de.pak c:\program files (x86)\Guntony\Guntony\locales\el.pak c:\program files (x86)\Guntony\Guntony\locales\en-GB.pak c:\program files (x86)\Guntony\Guntony\locales\en-US.pak c:\program files (x86)\Guntony\Guntony\locales\es-419.pak c:\program files (x86)\Guntony\Guntony\locales\es.pak c:\program files (x86)\Guntony\Guntony\locales\et.pak c:\program files (x86)\Guntony\Guntony\locales\fa.pak c:\program files (x86)\Guntony\Guntony\locales\fi.pak c:\program files (x86)\Guntony\Guntony\locales\fil.pak c:\program files (x86)\Guntony\Guntony\locales\fr.pak c:\program files (x86)\Guntony\Guntony\locales\gu.pak c:\program files (x86)\Guntony\Guntony\locales\he.pak c:\program files (x86)\Guntony\Guntony\locales\hi.pak c:\program files (x86)\Guntony\Guntony\locales\hr.pak c:\program files (x86)\Guntony\Guntony\locales\hu.pak c:\program files (x86)\Guntony\Guntony\locales\id.pak c:\program files (x86)\Guntony\Guntony\locales\it.pak c:\program files (x86)\Guntony\Guntony\locales\ja.pak c:\program files (x86)\Guntony\Guntony\locales\kn.pak c:\program files (x86)\Guntony\Guntony\locales\ko.pak c:\program files (x86)\Guntony\Guntony\locales\lt.pak c:\program files (x86)\Guntony\Guntony\locales\lv.pak c:\program files (x86)\Guntony\Guntony\locales\ml.pak c:\program files (x86)\Guntony\Guntony\locales\mr.pak c:\program files (x86)\Guntony\Guntony\locales\ms.pak c:\program files (x86)\Guntony\Guntony\locales\nb.pak c:\program files (x86)\Guntony\Guntony\locales\nl.pak c:\program files (x86)\Guntony\Guntony\locales\pl.pak c:\program files (x86)\Guntony\Guntony\locales\pt-BR.pak c:\program files (x86)\Guntony\Guntony\locales\pt-PT.pak c:\program files (x86)\Guntony\Guntony\locales\ro.pak c:\program files (x86)\Guntony\Guntony\locales\ru.pak c:\program files (x86)\Guntony\Guntony\locales\sk.pak c:\program files (x86)\Guntony\Guntony\locales\sl.pak c:\program files (x86)\Guntony\Guntony\locales\sr.pak c:\program files (x86)\Guntony\Guntony\locales\sv.pak c:\program files (x86)\Guntony\Guntony\locales\sw.pak c:\program files (x86)\Guntony\Guntony\locales\ta.pak c:\program files (x86)\Guntony\Guntony\locales\te.pak c:\program files (x86)\Guntony\Guntony\locales\th.pak c:\program files (x86)\Guntony\Guntony\locales\tr.pak c:\program files (x86)\Guntony\Guntony\locales\uk.pak c:\program files (x86)\Guntony\Guntony\locales\vi.pak c:\program files (x86)\Guntony\Guntony\locales\zh-CN.pak c:\program files (x86)\Guntony\Guntony\locales\zh-TW.pak c:\program files (x86)\Guntony\Guntony\natives_blob.bin c:\program files (x86)\Guntony\Guntony\PepperFlash\manifest.json c:\program files (x86)\Guntony\Guntony\PepperFlash\pepflashplayer.dll c:\program files (x86)\Guntony\Guntony\resources.pak c:\program files (x86)\Guntony\Guntony\secondarytile.png c:\program files (x86)\Guntony\Guntony\snapshot_blob.bin c:\program files (x86)\Guntony\Guntony\VisualElements\logo.png c:\program files (x86)\Guntony\Guntony\VisualElements\smalllogo.png c:\program files (x86)\Guntony\Guntony\wow_helper.exe c:\program files (x86)\Guntony\report.dat c:\programdata\Guntony c:\programdata\Guntony\protect\protect.exe c:\users\user\AppData\Local\Guntony c:\users\user\AppData\Local\Guntony\User Data\Certificate Revocation Lists c:\users\user\AppData\Local\Guntony\User Data\chrome_shutdown_ms.txt c:\users\user\AppData\Local\Guntony\User Data\Crashpad\metadata c:\users\user\AppData\Local\Guntony\User Data\Crashpad\settings.dat c:\users\user\AppData\Local\Guntony\User Data\de-DE-3-0.bdic c:\users\user\AppData\Local\Guntony\User Data\Default\Bookmarks c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\data_0 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\data_1 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\data_2 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\data_3 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000001 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000003 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000004 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000005 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000006 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000007 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000008 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000009 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00000a c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00000b c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00000c c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00000d c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00000e c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00000f c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000010 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000011 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000012 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000014 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000015 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000016 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000017 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000018 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000019 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00001a c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00001b c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00001c c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00001d c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00001e c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_00001f c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000020 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000021 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000022 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000023 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\f_000024 c:\users\user\AppData\Local\Guntony\User Data\Default\Cache\index c:\users\user\AppData\Local\Guntony\User Data\Default\ChromeDWriteFontCache c:\users\user\AppData\Local\Guntony\User Data\Default\Cookies-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Cookies c:\users\user\AppData\Local\Guntony\User Data\Default\Current Session c:\users\user\AppData\Local\Guntony\User Data\Default\Current Tabs c:\users\user\AppData\Local\Guntony\User Data\Default\data_reduction_proxy_leveldb\000003.log c:\users\user\AppData\Local\Guntony\User Data\Default\data_reduction_proxy_leveldb\CURRENT c:\users\user\AppData\Local\Guntony\User Data\Default\data_reduction_proxy_leveldb\LOCK c:\users\user\AppData\Local\Guntony\User Data\Default\data_reduction_proxy_leveldb\LOG c:\users\user\AppData\Local\Guntony\User Data\Default\data_reduction_proxy_leveldb\LOG.old c:\users\user\AppData\Local\Guntony\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001 c:\users\user\AppData\Local\Guntony\User Data\Default\databases\Databases.db-journal c:\users\user\AppData\Local\Guntony\User Data\Default\databases\Databases.db c:\users\user\AppData\Local\Guntony\User Data\Default\Extension Cookies-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Extension Cookies c:\users\user\AppData\Local\Guntony\User Data\Default\Extension State\000003.log c:\users\user\AppData\Local\Guntony\User Data\Default\Extension State\CURRENT c:\users\user\AppData\Local\Guntony\User Data\Default\Extension State\LOCK c:\users\user\AppData\Local\Guntony\User Data\Default\Extension State\LOG c:\users\user\AppData\Local\Guntony\User Data\Default\Extension State\MANIFEST-000001 c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ar\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\bg\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ca\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\cs\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\da\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\de\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\el\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_GB\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\en_US\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\es_419\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\et\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fil\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\fr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\he\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\hu\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\id\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\it\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ja\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ko\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lt\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\lv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ms\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\nl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\no\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\computed_hashes.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata\verified_contents.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_128.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\icon_16.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.html c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\main.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\manifest.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ar\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\bg\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ca\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\cs\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\da\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\de\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\el\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_GB\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\en_US\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\et\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\eu\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fil\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\fr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\he\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\hu\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\id\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\it\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ja\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ko\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lt\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\lv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ms\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\nl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\no\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_BR\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\pt_PT\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ro\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\ru\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\sv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\th\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\tr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\uk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\vi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_CN\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\zh_TW\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_metadata\verified_contents.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ar\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\bg\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ca\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\cs\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\da\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\de\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\el\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\en\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\es\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\he\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\hu\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\id\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\it\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ja\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ko\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lt\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\lv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\nl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\no\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_BR\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\pt_PT\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ro\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\ru\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\th\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\tr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\uk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\vi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_CN\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\zh_TW\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_metadata\verified_contents.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\manifest.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ar\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\bg\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ca\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\cs\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\da\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\de\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\el\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\en_GB\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\en_US\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\es\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\es_419\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\et\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fil\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\fr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\he\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\hi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\hu\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\id\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\it\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ja\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ko\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\lt\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\lv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ms\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\nl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\no\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pt_BR\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\pt_PT\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ro\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\ru\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\sv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\th\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\tr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\uk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\vi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\zh_CN\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_locales\zh_TW\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_metadata\computed_hashes.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\_metadata\verified_contents.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_128.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\icon_16.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\main.html c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\main.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\manifest.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\af\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\am\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ar\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\az\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\bg\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\bn\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ca\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\cs\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\da\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\de\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\el\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\en_GB\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\en_US\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\es\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\es_419\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\et\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\eu\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fa\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fil\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fr_CA\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\gl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\gu\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\hi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\hr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\hu\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\hy\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\id\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\is\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\it\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\iw\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ja\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ka\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\km\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\kn\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ko\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\lo\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\lt\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\lv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ml\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\mn\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\mr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ms\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ne\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\nl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\no\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\pl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\pt_BR\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\pt_PT\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ro\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ru\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\si\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\sk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\sl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\sr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\sv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\sw\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ta\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\te\messages.json c:\users\user\AppData\Local\Guntony\User Geändert von Tori22 (27.05.2016 um 08:59 Uhr) |
27.05.2016, 08:53 | #11 |
| Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden CombiFix_Teil3: Code:
ATTFilter Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\th\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\tr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\uk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\ur\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\vi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\zh_CN\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\zh_HK\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\zh_TW\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\zu\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_metadata\computed_hashes.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_metadata\verified_contents.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\128.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\contentscript_bin_prod.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\dasherSettingSchema.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\eventpage_bin_prod.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\manifest.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\page_embed_script.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\am\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ar\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\bg\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\bn\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ca\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\cs\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\da\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\de\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\el\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\en\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\en_GB\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\en_US\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\es\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\es_419\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\et\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\fa\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\fi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\fil\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\fr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\gu\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\he\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\hi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\hr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\hu\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\id\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\it\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ja\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\kn\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ko\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\lt\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\lv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ml\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\mr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ms\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\nl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\no\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\pl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\pt_BR\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\pt_PT\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ro\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ru\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\sk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\sl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\sr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\sv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\sw\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\ta\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\te\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\th\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\tr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\uk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\vi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\zh_CN\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\_locales\zh_TW\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\background\bg.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\background\fa.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\background\ut.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\front\fadb.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\front\irc.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\images\icon128.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\images\icon16.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\images\icon48.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\manifest.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\uninstall\background.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn\1.0.2_0\uninstall\content_scripts.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil\1.0.15_0\background.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil\1.0.15_0\content_scripts.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil\1.0.15_0\irc.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil\1.0.15_0\manifest.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil\1.0.15_0\upalytics_ch.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\bg\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ca\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\cs\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\da\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\de\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\el\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\en_GB\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\es_419\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\et\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fil\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\fr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\hu\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\id\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\it\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ja\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ko\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lt\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\lv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nb\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\nl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_BR\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\pt_PT\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ro\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\ru\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\sv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\th\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\tr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\uk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\vi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_CN\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_locales\zh_TW\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\_metadata\verified_contents.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\craw_background.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\craw_window.js c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\css\craw_window.css c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\html\craw_window.html c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\flapper.gif c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\icon_128.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\icon_16.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_close.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_hover.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_maximize.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\topbar_floating_button_pressed.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\manifest.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ar\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\bg\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ca\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\cs\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\da\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\de\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\el\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\en\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\es\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fil\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\fr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\hu\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\id\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\it\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ja\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ko\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lt\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\lv\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\nl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\no\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_BR\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\pt_PT\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ro\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\ru\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\se\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sl\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\sr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\th\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\tr\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\uk\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\vi\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_CN\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_locales\zh_TW\messages.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\_metadata\verified_contents.json c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\128.png c:\users\user\AppData\Local\Guntony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\manifest.json c:\users\user\AppData\Local\Guntony\User Data\Default\Favicons-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Favicons c:\users\user\AppData\Local\Guntony\User Data\Default\Google Profile.ico c:\users\user\AppData\Local\Guntony\User Data\Default\GPUCache\data_0 c:\users\user\AppData\Local\Guntony\User Data\Default\GPUCache\data_1 c:\users\user\AppData\Local\Guntony\User Data\Default\GPUCache\data_2 c:\users\user\AppData\Local\Guntony\User Data\Default\GPUCache\data_3 c:\users\user\AppData\Local\Guntony\User Data\Default\GPUCache\index c:\users\user\AppData\Local\Guntony\User Data\Default\History-journal c:\users\user\AppData\Local\Guntony\User Data\Default\History Provider Cache c:\users\user\AppData\Local\Guntony\User Data\Default\History c:\users\user\AppData\Local\Guntony\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\000003.log c:\users\user\AppData\Local\Guntony\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\CURRENT c:\users\user\AppData\Local\Guntony\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOCK c:\users\user\AppData\Local\Guntony\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG c:\users\user\AppData\Local\Guntony\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG.old c:\users\user\AppData\Local\Guntony\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\MANIFEST-000001 c:\users\user\AppData\Local\Guntony\User Data\Default\JumpListIcons\11A8.tmp c:\users\user\AppData\Local\Guntony\User Data\Default\JumpListIcons\1207.tmp c:\users\user\AppData\Local\Guntony\User Data\Default\JumpListIcons\1246.tmp c:\users\user\AppData\Local\Guntony\User Data\Default\JumpListIcons\1247.tmp c:\users\user\AppData\Local\Guntony\User Data\Default\JumpListIconsOld\ED69.tmp c:\users\user\AppData\Local\Guntony\User Data\Default\JumpListIconsOld\ED6A.tmp c:\users\user\AppData\Local\Guntony\User Data\Default\JumpListIconsOld\ED6B.tmp c:\users\user\AppData\Local\Guntony\User Data\Default\Last Session c:\users\user\AppData\Local\Guntony\User Data\Default\Last Tabs c:\users\user\AppData\Local\Guntony\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log c:\users\user\AppData\Local\Guntony\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT c:\users\user\AppData\Local\Guntony\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOCK c:\users\user\AppData\Local\Guntony\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOG c:\users\user\AppData\Local\Guntony\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001 c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\__0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\__0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\chrome-extension_kfkbcinhkmlddafdkffeahafeecnghpn_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\chrome-extension_kfkbcinhkmlddafdkffeahafeecnghpn_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\chrome-extension_knbdkcpkcpmiakimkhhmlgkjmchgahil_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\chrome-extension_knbdkcpkcpmiakimkhhmlgkjmchgahil_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_archiv.raid-rush.ws_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_archiv.raid-rush.ws_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_gft2.de_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_gft2.de_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_s7.addthis.com_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_s7.addthis.com_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_shop.mein-schoener-garten.de_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_shop.mein-schoener-garten.de_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_www.bewerbung-forum.de_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_www.bewerbung-forum.de_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_www.gutefrage.net_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_www.gutefrage.net_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_www.kaufda.de_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\http_www.kaufda.de_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_de.wikipedia.org_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_de.wikipedia.org_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_stream.1tv.ru_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_stream.1tv.ru_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.1tv.ru_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.1tv.ru_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.google.com_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.google.com_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.google.de_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.google.de_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.youtube.com_0.localstorage-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Local Storage\https_www.youtube.com_0.localstorage c:\users\user\AppData\Local\Guntony\User Data\Default\Login Data-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Login Data c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\data_0 c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\data_1 c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\data_2 c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\data_3 c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\f_000001 c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\f_000002 c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\f_000003 c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\f_000004 c:\users\user\AppData\Local\Guntony\User Data\Default\Media Cache\index c:\users\user\AppData\Local\Guntony\User Data\Default\Network Action Predictor-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Network Action Predictor c:\users\user\AppData\Local\Guntony\User Data\Default\Network Persistent State c:\users\user\AppData\Local\Guntony\User Data\Default\Origin Bound Certs-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Origin Bound Certs c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\CertStore.dat c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\CertStore.dat.lkg c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\GlobalStateStore.gs c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\GlobalStateStore.gs.lkg c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\MiscGlobalDataStore.mgd c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\MiscGlobalDataStore.mgd.lkg c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\V7ZJUJVE\macromedia.com\support\flashplayer\sys\#www.stroetmann.de\settings.sol c:\users\user\AppData\Local\Guntony\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\V7ZJUJVE\macromedia.com\support\flashplayer\sys\settings.sol c:\users\user\AppData\Local\Guntony\User Data\Default\Preferences c:\users\user\AppData\Local\Guntony\User Data\Default\QuotaManager-journal c:\users\user\AppData\Local\Guntony\User Data\Default\QuotaManager c:\users\user\AppData\Local\Guntony\User Data\Default\README c:\users\user\AppData\Local\Guntony\User Data\Default\Secure Preferences c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\36018833-9839-4318-9F04-890A01E0E4C2\608d13fb70947f94_0 c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\36018833-9839-4318-9F04-890A01E0E4C2\da0d561649f423b0_0 c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\36018833-9839-4318-9F04-890A01E0E4C2\e599dc5e24eb76d7_0 c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\36018833-9839-4318-9F04-890A01E0E4C2\fdf2cfeb8ad0eeac_0 c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\36018833-9839-4318-9F04-890A01E0E4C2\index-dir\the-real-index c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\36018833-9839-4318-9F04-890A01E0E4C2\index c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\Database\000003.log c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\Database\CURRENT c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\Database\LOCK c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\Database\LOG c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\Database\LOG.old c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\Database\MANIFEST-000001 c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\ScriptCache\6c038e3570d6abf1_0 c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\ScriptCache\6c038e3570d6abf1_1 c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\ScriptCache\d0757ff92c7cde0a_0 c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\ScriptCache\d0757ff92c7cde0a_1 c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index c:\users\user\AppData\Local\Guntony\User Data\Default\Service Worker\ScriptCache\index c:\users\user\AppData\Local\Guntony\User Data\Default\Session Storage\000003.log c:\users\user\AppData\Local\Guntony\User Data\Default\Session Storage\CURRENT c:\users\user\AppData\Local\Guntony\User Data\Default\Session Storage\LOCK c:\users\user\AppData\Local\Guntony\User Data\Default\Session Storage\LOG c:\users\user\AppData\Local\Guntony\User Data\Default\Session Storage\LOG.old c:\users\user\AppData\Local\Guntony\User Data\Default\Session Storage\MANIFEST-000001 c:\users\user\AppData\Local\Guntony\User Data\Default\Shortcuts-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Shortcuts c:\users\user\AppData\Local\Guntony\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_0 c:\users\user\AppData\Local\Guntony\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_1 c:\users\user\AppData\Local\Guntony\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_2 c:\users\user\AppData\Local\Guntony\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_3 c:\users\user\AppData\Local\Guntony\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\index c:\users\user\AppData\Local\Guntony\User Data\Default\Top Sites-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Top Sites c:\users\user\AppData\Local\Guntony\User Data\Default\TransportSecurity c:\users\user\AppData\Local\Guntony\User Data\Default\Visited Links c:\users\user\AppData\Local\Guntony\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico c:\users\user\AppData\Local\Guntony\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico.md5 c:\users\user\AppData\Local\Guntony\User Data\Default\Web Data-journal c:\users\user\AppData\Local\Guntony\User Data\Default\Web Data c:\users\user\AppData\Local\Guntony\User Data\EVWhitelist\7\_metadata\verified_contents.json c:\users\user\AppData\Local\Guntony\User Data\EVWhitelist\7\_platform_specific\all\ev_hashes_whitelist.bin c:\users\user\AppData\Local\Guntony\User Data\EVWhitelist\7\manifest.fingerprint c:\users\user\AppData\Local\Guntony\User Data\EVWhitelist\7\manifest.json c:\users\user\AppData\Local\Guntony\User Data\First Run c:\users\user\AppData\Local\Guntony\User Data\Local State c:\users\user\AppData\Local\Guntony\User Data\PepperFlash\21.0.0.216\manifest.fingerprint c:\users\user\AppData\Local\Guntony\User Data\PepperFlash\21.0.0.216\manifest.json c:\users\user\AppData\Local\Guntony\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_metadata\verified_contents.json c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_pnacl_json c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\manifest.fingerprint c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.46.0.4\manifest.json c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_metadata\verified_contents.json c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_pnacl_json c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\manifest.fingerprint c:\users\user\AppData\Local\Guntony\User Data\pnacl\0.52.38.9180\manifest.json c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Bloom Prefix Set c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Bloom c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Bloom_new c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Cookies-journal c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Cookies c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Csd Whitelist c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Csd Whitelist_new c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Download Whitelist c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Download Whitelist_new c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Download c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Download_new c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Extension Blacklist c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Extension Blacklist_new c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Inclusion Whitelist c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Inclusion Whitelist_new c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing IP Blacklist c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing IP Blacklist_new c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Module Whitelist c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Module Whitelist_new c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Resource Blacklist c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing Resource Blacklist_new c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing UwS List Prefix Set c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing UwS List c:\users\user\AppData\Local\Guntony\User Data\Safe Browsing UwS List_new c:\users\user\AppData\Local\Guntony\User Data\ShaderCache\GPUCache\data_0 c:\users\user\AppData\Local\Guntony\User Data\ShaderCache\GPUCache\data_1 c:\users\user\AppData\Local\Guntony\User Data\ShaderCache\GPUCache\data_2 c:\users\user\AppData\Local\Guntony\User Data\ShaderCache\GPUCache\data_3 c:\users\user\AppData\Local\Guntony\User Data\ShaderCache\GPUCache\index c:\users\user\AppData\Local\Guntony\User Data\SwReporter\6.48.6\_metadata\verified_contents.json c:\users\user\AppData\Local\Guntony\User Data\SwReporter\6.48.6\manifest.fingerprint c:\users\user\AppData\Local\Guntony\User Data\SwReporter\6.48.6\manifest.json c:\users\user\AppData\Local\Guntony\User Data\SwReporter\6.48.6\software_reporter_tool.exe c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.866\_metadata\verified_contents.json c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\CdmAdapterVersion c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdm.dll c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.866\imgs\icon-128x128.png c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.866\manifest.fingerprint c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.866\manifest.json c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.885\_metadata\verified_contents.json c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\CdmAdapterVersion c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdm.dll c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.885\imgs\icon-128x128.png c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.885\manifest.fingerprint c:\users\user\AppData\Local\Guntony\User Data\WidevineCDM\1.4.8.885\manifest.json c:\users\user\AppData\Roaming\Elex-tech c:\users\user\AppData\Roaming\Elex-tech\YAC\iDesk\desk.ini c:\users\user\AppData\Roaming\Elex-tech\YAC\log\iSafeTray.log c:\users\user\AppData\Roaming\Elex-tech\YAC\preference.ini c:\users\user\AppData\Roaming\Elex-tech\YAC\proxyUpdate.ini c:\windows\system32\drivers\iSafeNetFilter.sys . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ISAFEKRNL -------\Legacy_ISAFEKRNLKIT -------\Legacy_ISAFEKRNLMON -------\Legacy_ISAFEKRNLR3 -------\Legacy_ISAFENETFILTER -------\Service_Guntony_protect -------\Service_Guntony_update -------\Service_iSafeKrnl -------\Service_iSafeKrnlBoot -------\Service_iSafeKrnlKit -------\Service_iSafeKrnlMon -------\Service_iSafeKrnlR3 -------\Service_iSafeNetFilter -------\Service_iSafeService . . ((((((((((((((((((((((( Dateien erstellt von 2016-04-26 bis 2016-05-26 )))))))))))))))))))))))))))))) . . 2016-05-26 21:35 . 2016-05-26 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-05-26 20:13 . 2016-05-26 20:13 20160 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys 2016-05-26 20:12 . 2016-05-26 20:13 -------- d-----w- c:\program files (x86)\Glary Utilities 5 2016-05-26 20:11 . 2016-05-26 20:11 -------- d-----w- c:\program files (x86)\Glarysoft 2016-05-26 09:46 . 2016-05-26 20:02 -------- d-----w- c:\program files (x86)\VS Revo Group 2016-05-24 14:53 . 2016-05-24 14:53 -------- d-----w- c:\program files (x86)\ESET 2016-05-24 14:42 . 2016-05-24 14:42 -------- d-----w- c:\programdata\Emsisoft 2016-05-24 13:52 . 2016-05-26 13:30 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2016-05-23 18:56 . 2016-05-23 21:02 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2016-05-23 18:53 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys 2016-05-23 18:53 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2016-05-23 18:53 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys 2016-05-23 18:52 . 2016-05-23 18:53 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware 2016-05-20 21:13 . 2016-05-25 21:42 -------- d-----w- C:\FRST 2016-05-20 12:11 . 2016-05-26 13:47 -------- d-----w- C:\AdwCleaner 2016-05-16 13:38 . 2016-05-26 10:00 -------- d-----w- c:\program files (x86)\Avira 2016-05-16 13:38 . 2016-05-26 10:00 -------- d-----w- c:\programdata\Avira 2016-05-16 08:25 . 2016-05-20 12:17 -------- d-----w- c:\windows\system32\log 2016-05-13 07:28 . 2016-04-20 01:13 11695896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EB13FC2-B82C-4826-8A57-832A82DB03B6}\mpengine.dll 2016-05-13 05:37 . 2016-05-13 05:43 -------- d-----w- c:\users\user\AppData\Roaming\Swiss Academic Software 2016-05-13 05:36 . 2016-05-03 09:42 713256 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.dll 2016-05-13 05:36 . 2016-05-03 09:42 103920 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\x64\IEPickerBroker.exe 2016-05-13 05:36 . 2015-08-13 13:08 126976 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\x64\Interop.SHDocVw.dll 2016-05-13 05:36 . 2012-07-26 18:08 8022976 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\x64\Microsoft.mshtml.dll 2016-05-13 05:36 . 2016-05-03 09:42 713256 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.dll 2016-05-13 05:36 . 2012-07-26 18:08 8022976 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\Microsoft.mshtml.dll 2016-05-13 05:36 . 2016-05-03 09:42 103920 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\IEPickerBroker.exe 2016-05-13 05:36 . 2015-08-13 13:08 126976 ----a-w- c:\program files (x86)\Internet Explorer\Citavi Picker\Interop.SHDocVw.dll 2016-05-13 05:36 . 2016-05-13 05:36 -------- d-----w- c:\program files (x86)\Citavi 5 2016-05-11 17:04 . 2016-04-09 05:49 3217408 ----a-w- c:\windows\system32\win32k.sys 2016-05-11 17:04 . 2016-04-09 06:58 2048 ----a-w- c:\windows\system32\tzres.dll 2016-05-11 17:04 . 2016-04-09 06:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2016-05-11 17:03 . 2016-04-09 07:01 986344 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2016-05-11 17:03 . 2016-04-09 07:01 264936 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2016-05-11 17:03 . 2016-04-09 06:57 144384 ----a-w- c:\windows\system32\cdd.dll 2016-05-11 16:58 . 2016-04-09 07:01 5546216 ----a-w- c:\windows\system32\ntoskrnl.exe 2016-05-11 16:57 . 2016-04-09 03:52 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll 2016-05-11 16:57 . 2016-04-09 04:20 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2016-05-02 18:24 . 2016-05-13 05:37 -------- d-----w- c:\programdata\Swiss Academic Software . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2016-05-12 19:54 . 2015-03-15 12:28 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2016-05-12 19:54 . 2015-03-15 12:28 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2016-05-11 21:19 . 2013-10-30 10:16 139319312 ----a-w- c:\windows\system32\MRT.exe 2016-04-21 13:05 . 2013-10-30 09:21 453288 ------w- c:\windows\system32\MpSigStub.exe 2016-04-09 06:54 . 2016-05-11 16:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2016-04-04 18:14 . 2016-04-18 21:43 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe 2016-04-04 18:02 . 2016-04-18 21:43 1169408 ----a-w- c:\windows\system32\aeinv.dll 2016-04-02 13:08 . 2016-04-18 21:43 1386496 ----a-w- c:\windows\system32\appraiser.dll 2016-03-23 14:02 . 2016-04-18 21:43 215040 ----a-w- c:\windows\system32\aepic.dll 2016-03-17 22:56 . 2016-04-19 18:40 2084864 ----a-w- c:\windows\system32\ole32.dll 2016-03-17 22:28 . 2016-04-19 18:40 1414144 ----a-w- c:\windows\SysWow64\ole32.dll 2016-03-17 18:04 . 2016-04-18 21:43 698368 ----a-w- c:\windows\system32\generaltel.dll 2016-03-17 18:04 . 2016-04-18 21:43 499200 ----a-w- c:\windows\system32\devinv.dll 2016-03-17 18:04 . 2016-04-18 21:43 279040 ----a-w- c:\windows\system32\invagent.dll 2016-03-17 18:04 . 2016-04-18 21:43 76800 ----a-w- c:\windows\system32\acmigration.dll 2016-03-16 18:50 . 2016-04-18 21:46 156672 ----a-w- c:\windows\system32\mtxoci.dll 2016-03-16 18:28 . 2016-04-18 21:46 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll 2016-03-16 18:28 . 2016-04-18 21:46 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll 2016-03-16 00:16 . 2016-04-18 21:43 760320 ----a-w- c:\windows\system32\samsrv.dll 2016-03-16 00:16 . 2016-04-18 21:43 106496 ----a-w- c:\windows\system32\samlib.dll 2016-03-15 23:53 . 2016-04-18 21:43 60416 ----a-w- c:\windows\SysWow64\samlib.dll 2016-03-06 18:53 . 2016-04-18 21:44 2048 ----a-w- c:\windows\system32\msxml3r.dll 2016-03-06 18:53 . 2016-04-18 21:44 1885696 ----a-w- c:\windows\system32\msxml3.dll 2016-03-06 18:38 . 2016-04-18 21:44 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2016-03-06 18:38 . 2016-04-18 21:44 1240576 ----a-w- c:\windows\SysWow64\msxml3.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-02-12 8641240] "GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2016-05-16 43984] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368] "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984] "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192] "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896] "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2015-12-23 1027472] "Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-05-04 67840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk * . R1 epp;epp;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] R3 eapihdrv;eapihdrv;c:\users\user\AppData\Local\Temp\ehdrv.sys;c:\users\user\AppData\Local\Temp\ehdrv.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x] S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x] S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2016-05-13 04:53 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2016-05-03 14:41 287416 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll . Inhalt des "geplante Tasks" Ordners . 2016-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-15 19:54] . 2016-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06 16:39] . 2016-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06 16:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = www.google.com mDefault_Page_URL = www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = www.google.com mDefault_Search_URL = www.google.com IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\67oeasuk.default-1391777765229\ FF - prefs.js: browser.startup.homepage - hxxp://www.nicesearches.com?type=hp&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-iSafe - c:\program files (x86)\Elex-tech\YAC\uninstall.exe AddRemove-WinZip - c:\program files (x86)\WinZipper\wzUninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.21" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe . ************************************************************************** . Zeit der Fertigstellung: 2016-05-27 00:04:45 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2016-05-26 22:04 ComboFix2.txt 2016-05-26 11:16 . Vor Suchlauf: 22 Verzeichnis(se), 170.863.243.264 Bytes frei Nach Suchlauf: 23 Verzeichnis(se), 169.996.513.280 Bytes frei . - - End Of File - - E48ADF7756D16A851BBBC37ED58FB5E0 A36C5E4F47E84449FF07ED3517B43A31 |
27.05.2016, 19:39 | #12 |
/// TB-Ausbilder | Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden Servus, Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
27.05.2016, 21:35 | #13 |
| Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden Hallo Matthias, der AdwCleaner hat nichts gefunden, somit kam kein Löschen und keine Logdatei zustande. Anti-Malware hat auch keine Bedrohungen mehr gefunden. Hier die Logdateien von Anti-Malware, JRT und FRST. MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 27.05.2016 Suchlaufzeit: 21:19 Protokolldatei: mbat.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.05.27.02 Rootkit-Datenbank: v2016.05.20.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: user Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 306827 Abgelaufene Zeit: 35 Min., 28 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.6 (04.25.2016) Operating System: Windows 7 Home Premium x64 Ran by user (Administrator) on 27.05.2016 at 21:02:31,70 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 25 Failed to delete: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35E7MRAZ (Temporary Internet Files Folder) Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14KLM8BM (Temporary Internet Files Folder) Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27FHQ56Y (Temporary Internet Files Folder) Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55WVK17Z (Temporary Internet Files Folder) Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7QPP8YM (Temporary Internet Files Folder) Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LA01TQVK (Temporary Internet Files Folder) Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIERIU5U (Temporary Internet Files Folder) Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5VMPOYZ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14KLM8BM (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27FHQ56Y (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35E7MRAZ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55WVK17Z (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7QPP8YM (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LA01TQVK (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIERIU5U (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X5VMPOYZ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\SysWOW64\RENAEB5.tmp (File) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 27.05.2016 at 21:12:39,97 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01 durchgeführt von user (Administrator) auf USER-PC (27-05-2016 22:03:45) Gestartet von C:\Users\user\Desktop\forum Geladene Profile: user (Verfügbare Profile: user) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_242_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1027472 2015-12-23] (Cisco Systems, Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd) HKU\S-1-5-21-1718339690-3013972182-446857107-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-05-16] (Glarysoft Ltd) BootExecute: autocheck autochk * ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{36398523-7615-4AF2-A2A6-A18130B35576}: [DhcpNameServer] 192.168.3.2 Tcpip\..\Interfaces\{9D540E77-56BB-4FAB-9711-18067F181277}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1718339690-3013972182-446857107-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1718339690-3013972182-446857107-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-27] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] () FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2016-05-13] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1463387536&from=87640516&uid=fujitsuxmhz2320bhxg2_k66at8b255c6t8b255c6x&z=9c02b837ce0dfcce3043f54g9zfq1c0ccb8m0wec9q&q={searchTerms} CHR DefaultSearchKeyword: Default -> nice CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-06] CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-06] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-06] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-06] CHR Extension: (Kaspersky Protection) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-04-06] CHR Extension: (Google Tabellen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-06] CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-06] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06] CHR Extension: (Citavi Picker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-05-02] CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-06] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert] R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Datei ist nicht signiert] R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-05-26] (Glarysoft Ltd) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-04-20] (Cisco Systems, Inc.) R2 zntport; C:\Windows\system32\drivers\zntport.sys [13880 2007-12-22] (Zeal SoftStudio) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 eapihdrv; \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys [X] S1 epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-27 21:56 - 2016-05-27 21:56 - 00001209 _____ C:\Users\user\Desktop\mbat.txt 2016-05-27 21:12 - 2016-05-27 21:12 - 00004537 _____ C:\Users\user\Desktop\JRT.txt 2016-05-27 21:01 - 2016-05-27 21:01 - 01610816 _____ (Malwarebytes) C:\Users\user\Desktop\JRT.exe 2016-05-27 00:04 - 2016-05-27 00:04 - 00248372 _____ C:\ComboFix.txt 2016-05-26 22:24 - 2016-05-26 22:24 - 05659526 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe 2016-05-26 22:13 - 2016-05-27 01:34 - 00001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2016-05-26 22:13 - 2016-05-27 01:33 - 00001074 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk 2016-05-26 22:13 - 2016-05-26 22:13 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys 2016-05-26 22:13 - 2016-05-26 22:13 - 00003310 _____ C:\Windows\System32\Tasks\GlaryInitialize 5 2016-05-26 22:13 - 2016-05-26 22:13 - 00002968 _____ C:\Windows\System32\Tasks\GU5SkipUAC 2016-05-26 22:13 - 2016-05-26 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5 2016-05-26 22:12 - 2016-05-27 20:51 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5 2016-05-26 22:11 - 2016-05-27 01:34 - 00001258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk 2016-05-26 22:11 - 2016-05-26 22:12 - 00001562 _____ C:\GUDownLoaddebug.txt 2016-05-26 22:11 - 2016-05-26 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft 2016-05-26 22:11 - 2016-05-26 22:11 - 00000000 ____D C:\Program Files (x86)\Glarysoft 2016-05-26 17:55 - 2016-05-26 17:55 - 00000230 _____ C:\Users\user\Desktop\Master Rechtspsychologie am Institut für Psychologie, Universität Bonn.url 2016-05-26 12:33 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2016-05-26 12:33 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2016-05-26 12:33 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2016-05-26 12:33 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2016-05-26 12:33 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2016-05-26 12:33 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2016-05-26 12:33 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2016-05-26 12:33 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2016-05-26 12:20 - 2016-05-27 00:04 - 00000000 ____D C:\Qoobox 2016-05-26 12:09 - 2016-05-26 23:36 - 00000000 ____D C:\Windows\erdnt 2016-05-26 11:46 - 2016-05-26 22:02 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2016-05-26 09:05 - 2016-05-26 09:08 - 00206986 _____ C:\TDSSKiller.3.1.0.9_26.05.2016_09.05.21_log.txt 2016-05-25 23:52 - 2016-05-26 00:40 - 00611252 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_23.52.37_log.txt 2016-05-25 23:46 - 2016-05-25 23:48 - 00206206 _____ C:\TDSSKiller.3.1.0.9_25.05.2016_23.46.34_log.txt 2016-05-24 16:53 - 2016-05-24 16:53 - 00000000 ____D C:\Program Files (x86)\ESET 2016-05-24 16:42 - 2016-05-24 16:42 - 00000000 ____D C:\ProgramData\Emsisoft 2016-05-24 15:52 - 2016-05-27 20:49 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware 2016-05-23 23:30 - 2016-05-27 18:17 - 00000000 ____D C:\Users\user\Desktop\forum 2016-05-23 20:56 - 2016-05-27 21:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-23 20:53 - 2016-05-23 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-05-23 20:53 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-05-23 20:53 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-05-23 20:53 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-05-23 20:52 - 2016-05-23 20:53 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-05-20 23:29 - 2016-05-20 23:29 - 00000239 _____ C:\Users\user\Desktop\Für alle Hilfesuchenden!.url 2016-05-20 23:13 - 2016-05-27 22:03 - 00000000 ____D C:\FRST 2016-05-20 22:17 - 2016-05-20 22:17 - 00000124 _____ C:\Users\user\Desktop\NEU.DE.url 2016-05-20 14:11 - 2016-05-27 18:35 - 00000000 ____D C:\AdwCleaner 2016-05-17 16:12 - 2016-05-17 16:12 - 00000201 _____ C:\Users\user\Desktop\Startseite.url 2016-05-16 15:39 - 2016-05-27 01:33 - 00001178 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2016-05-16 15:39 - 2016-05-26 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\ProgramData\Avira 2016-05-16 15:38 - 2016-05-16 15:44 - 00000000 ____D C:\Program Files (x86)\Avira 2016-05-16 10:25 - 2016-05-20 14:17 - 00000000 ____D C:\Windows\system32\log 2016-05-16 10:23 - 2016-05-27 01:33 - 00002102 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-16 10:23 - 2016-05-16 10:23 - 00000000 ____D C:\Users\Public\Documents\Guntony 2016-05-15 22:41 - 2016-05-15 23:09 - 00000000 ____D C:\Users\user\Desktop\15.05.16 2016-05-15 20:17 - 2016-05-23 15:10 - 00000000 ____D C:\Users\user\Desktop\Theorie_MA 2016-05-14 17:41 - 2016-05-14 17:43 - 00000000 ____D C:\Users\user\Desktop\SPSS_16 2016-05-13 07:37 - 2016-05-15 18:36 - 00000000 ____D C:\Users\user\Documents\Citavi 5 2016-05-13 07:37 - 2016-05-13 07:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Swiss Academic Software 2016-05-13 07:36 - 2016-05-27 01:33 - 00001955 _____ C:\Users\Public\Desktop\Citavi 5.lnk 2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5 2016-05-13 07:36 - 2016-05-13 07:36 - 00000000 ____D C:\Program Files (x86)\Citavi 5 2016-05-11 19:07 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-05-11 19:07 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-05-11 19:07 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-05-11 19:07 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-05-11 19:07 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-05-11 19:07 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-05-11 19:07 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-05-11 19:07 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-05-11 19:07 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-05-11 19:07 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-05-11 19:07 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-05-11 19:07 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-05-11 19:07 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-05-11 19:07 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-05-11 19:07 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-05-11 19:07 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-05-11 19:07 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-05-11 19:07 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-05-11 19:07 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-05-11 19:07 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-05-11 19:07 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-05-11 19:07 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-05-11 19:07 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-05-11 19:07 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-05-11 19:07 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-05-11 19:07 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-05-11 19:07 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-05-11 19:07 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-05-11 19:07 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-05-11 19:07 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-05-11 19:07 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-05-11 19:07 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-05-11 19:07 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-05-11 19:07 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-05-11 19:07 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-05-11 19:07 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-05-11 19:07 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-05-11 19:06 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-05-11 19:06 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-05-11 19:06 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-05-11 19:06 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-05-11 19:06 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-05-11 19:06 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-05-11 19:06 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-05-11 19:06 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-05-11 19:06 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-05-11 19:06 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-05-11 19:06 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-05-11 19:06 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-05-11 19:06 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-05-11 19:06 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-05-11 19:06 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-05-11 19:06 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-05-11 19:06 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-05-11 19:06 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-05-11 19:06 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-05-11 19:06 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-05-11 19:06 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-05-11 19:06 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-05-11 19:06 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-05-11 19:06 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-05-11 19:06 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-05-11 19:06 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-05-11 19:06 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-05-11 19:06 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-05-11 19:06 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-05-11 19:04 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-05-11 19:04 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-05-11 19:04 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-05-11 19:03 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-05-11 19:03 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-05-11 19:03 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-05-11 19:02 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-05-11 19:02 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-05-11 19:02 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-05-11 19:02 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-05-11 19:02 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-05-11 19:02 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-05-11 19:02 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-05-11 18:58 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-05-11 18:58 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-05-11 18:58 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-05-11 18:58 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-05-11 18:58 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-05-11 18:58 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-05-11 18:58 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-05-11 18:58 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-05-11 18:58 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-05-11 18:58 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-05-11 18:58 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-05-11 18:58 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-05-11 18:58 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-05-11 18:58 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-05-11 18:58 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-05-11 18:58 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-05-11 18:58 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-05-11 18:58 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-05-11 18:58 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-05-11 18:58 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-05-11 18:58 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-05-11 18:58 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-05-11 18:58 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-05-11 18:58 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-05-11 18:58 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 18:58 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-05-11 18:57 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-05-11 18:57 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-05-04 21:59 - 2016-05-17 19:30 - 00000000 ____D C:\Users\user\Desktop\MA schreiben 2016-05-03 17:40 - 2016-05-26 11:08 - 00000000 ____D C:\Users\user\Desktop\Fachschaft 2016-05-02 20:24 - 2016-05-13 07:37 - 00000000 ____D C:\ProgramData\Swiss Academic Software 2016-05-01 18:44 - 2016-05-17 13:50 - 00000000 ____D C:\Users\user\Desktop\Notizen ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-27 21:54 - 2015-03-15 14:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-27 21:52 - 2016-04-06 18:39 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-27 20:58 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-27 20:58 - 2009-07-14 06:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-27 20:49 - 2016-04-06 18:39 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-27 20:49 - 2013-10-31 18:13 - 00000000 ____D C:\Program Files\WinRAR 2016-05-27 20:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-27 10:29 - 2016-02-22 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2016-05-27 09:03 - 2013-10-31 18:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-05-27 09:03 - 2013-10-31 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-05-27 01:34 - 2016-04-06 18:40 - 00002042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-27 01:34 - 2016-04-06 17:30 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-27 01:34 - 2014-06-25 21:46 - 00001446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2016-05-27 01:34 - 2014-01-25 21:05 - 00001596 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaLab.exe.lnk 2016-05-27 01:34 - 2013-10-31 18:05 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-05-27 01:34 - 2013-10-30 10:44 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2016-05-27 01:34 - 2013-10-30 10:44 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2016-05-27 01:34 - 2009-07-14 06:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-05-27 01:34 - 2009-07-14 06:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2016-05-27 01:34 - 2009-07-14 06:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2016-05-27 01:34 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2016-05-27 01:34 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2016-05-27 01:33 - 2014-07-17 21:40 - 00001866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk 2016-05-27 01:33 - 2014-04-19 12:47 - 00002633 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Neues Microsoft Office-Dokument.lnk 2016-05-27 01:33 - 2014-04-19 12:47 - 00002633 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Microsoft Office-Dokument öffnen.lnk 2016-05-27 01:33 - 2013-10-31 18:14 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk 2016-05-27 01:33 - 2009-07-14 07:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2016-05-27 01:33 - 2009-07-14 06:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2016-05-27 01:32 - 2015-03-25 12:17 - 00001446 _____ C:\Users\user\Desktop\Windows Live Mail.lnk 2016-05-27 01:32 - 2014-04-19 20:36 - 00000355 _____ C:\Users\user\Desktop\Computer -.lnk 2016-05-27 01:32 - 2014-04-19 12:47 - 00002679 _____ C:\Users\user\Desktop\Microsoft Office Word 2007.lnk 2016-05-27 01:32 - 2013-12-21 19:36 - 00002216 _____ C:\Users\user\Desktop\IBM SPSS Statistics 21.lnk 2016-05-26 23:56 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2016-05-26 23:37 - 2009-07-14 04:34 - 94896128 _____ C:\Windows\system32\config\software.bak 2016-05-26 23:37 - 2009-07-14 04:34 - 17301504 _____ C:\Windows\system32\config\system.bak 2016-05-26 23:37 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\default.bak 2016-05-26 23:37 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak 2016-05-26 23:37 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak 2016-05-26 23:36 - 2009-07-14 04:34 - 60030976 _____ C:\Windows\system32\config\components.bak 2016-05-26 22:13 - 2015-04-24 11:54 - 00000000 ____D C:\Users\user\AppData\Roaming\GlarySoft 2016-05-26 20:55 - 2009-07-27 11:10 - 00699342 _____ C:\Windows\system32\perfh007.dat 2016-05-26 20:55 - 2009-07-27 11:10 - 00149450 _____ C:\Windows\system32\perfc007.dat 2016-05-26 20:55 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-26 20:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-05-26 15:59 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-05-26 15:59 - 2015-04-04 20:15 - 00000000 ___SD C:\Windows\system32\GWX 2016-05-26 13:02 - 2014-04-10 10:57 - 00000000 ____D C:\Users\user\AppData\Local\Adobe 2016-05-25 07:57 - 2014-07-17 21:44 - 00000000 ____D C:\Program Files (x86)\ControlCenter4 2016-05-23 23:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2016-05-20 14:01 - 2015-03-27 09:03 - 00000000 ____D C:\Users\user\Desktop\fotos 2016-05-20 11:47 - 2015-03-19 15:25 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner 2016-05-20 07:01 - 2015-03-18 11:48 - 00000000 ____D C:\Users\user\Desktop\Eigene Dateien 2016-05-16 15:37 - 2016-01-14 00:17 - 00000000 ____D C:\ProgramData\Package Cache 2016-05-16 09:50 - 2016-04-24 21:35 - 00000000 ____D C:\Users\user\Desktop\cad 2016-05-15 20:09 - 2016-04-24 14:36 - 00000000 ____D C:\Users\user\Desktop\SRP 2016-05-14 16:27 - 2015-07-13 18:01 - 00000000 ____D C:\Users\user\Desktop\Prüfung 2016-05-13 20:54 - 2015-05-24 19:54 - 00000000 ____D C:\Users\user\Desktop\Uni_2015 2016-05-13 07:32 - 2014-01-25 21:04 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations 2016-05-13 07:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2016-05-12 21:55 - 2015-03-15 14:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-05-12 21:54 - 2015-03-15 14:28 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-12 21:54 - 2015-03-15 14:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-12 17:16 - 2015-03-15 20:06 - 00000000 ____D C:\Windows\system32\appraiser 2016-05-12 08:08 - 2009-07-14 06:45 - 00414280 _____ C:\Windows\system32\FNTCACHE.DAT 2016-05-12 08:04 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-11 23:56 - 2013-10-30 12:16 - 00000000 ____D C:\Windows\system32\MRT 2016-05-11 23:19 - 2013-10-30 12:16 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-05-11 18:10 - 2015-10-14 11:11 - 00000000 ____D C:\Users\user\Desktop\masterarbeit 2016-05-11 07:47 - 2016-04-06 18:39 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-11 07:46 - 2016-04-06 18:39 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-10 22:22 - 2016-04-06 17:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-05-08 14:10 - 2016-01-15 22:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Millisecond Software 2016-05-04 23:24 - 2014-07-06 12:11 - 00000000 ____D C:\Users\user\Desktop\Uni ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-05-18 08:54 ==================== Ende von FRST.txt ============================ Code:
ATTFilter CODE]Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-05-2016 01 durchgeführt von user (2016-05-27 22:05:28) Gestartet von C:\Users\user\Desktop\forum Windows 7 Home Premium Service Pack 1 (X64) (2013-10-30 09:00:08) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1718339690-3013972182-446857107-500 - Administrator - Disabled) Gast (S-1-5-21-1718339690-3013972182-446857107-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1718339690-3013972182-446857107-1002 - Limited - Enabled) user (S-1-5-21-1718339690-3013972182-446857107-1000 - Administrator - Enabled) => C:\Users\user ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Absolute Uninstaller 5.3.1.21 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.21 - Glarysoft Ltd) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) Avira Launcher (HKLM-x32\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden Brother MFL-Pro Suite DCP-7055W (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.2.01035 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 4.2.01035 - Cisco Systems, Inc.) Hidden Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.3.1.0 - Swiss Academic Software) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Deutsche Grammatik (HKLM-x32\...\Deutsche Grammatik_is1) (Version: - Magnamedia) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Glary Utilities 5.51 (HKLM-x32\...\Glary Utilities 5) (Version: 5.51.0.71 - Glarysoft Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp) Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.18.07 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MediaLab Research Software v2012 (HKLM-x32\...\{67350CFB-529E-4173-91DC-0AE79DEE1ACC}) (Version: 20.12.4.131 - Empirisoft Corporation) Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nuance PaperPort 12 (HKLM-x32\...\{DA715959-CFF1-48A2-B3BB-98B9E569C6AC}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.) Scansoft PDF Professional (x32 Version: - ) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) WinZip (HKLM-x32\...\WinZip) (Version: 2.0.39 - Winzipper Pvt Ltd.) <==== ACHTUNG ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {02913145-BEBF-4240-AC37-A7F08F3F748E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated) Task: {07FB5B5B-8A2D-4A9E-AD85-EB5FD6AF1789} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.) Task: {2A348BC6-66EA-43AD-8F71-0470B11747E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.) Task: {7E1A5E0C-D3B1-45BF-BB0C-28E1632744FC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd) Task: {97157EED-5525-4662-9121-314373D31ED1} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-05-16] (Glarysoft Ltd) Task: {BD77D142-0DB2-42E3-B606-03C3771D3D92} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {E02B5983-D93F-49E9-9E57-034AE913F0FD} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-05-16] (Glarysoft Ltd) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2016-02-12 23:13 - 2016-02-12 23:13 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-12-23 15:33 - 2015-12-23 15:33 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2014-07-17 21:44 - 2009-02-27 14:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2016-05-26 23:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1718339690-3013972182-446857107-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{7F0883AE-4217-472B-A0B7-A84CCF3D9383}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{13CEAE4F-40BC-4D7C-9082-D40ECF266D03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3366C49C-020F-42E9-AF6C-01213720ECA0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{27C60F1F-7E7F-4B3C-B713-06D3263CB87D}] => (Allow) C:\ProgramData\Guntony\protect\protect.exe FirewallRules: [{EC1D2487-8B36-4655-97A5-1FD40416AA30}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\chrome.exe FirewallRules: [{952C26F6-922A-405D-8899-D5E858F4EE28}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe ==================== Wiederherstellungspunkte ========================= 23-05-2016 14:17:37 Geplanter Prüfpunkt 26-05-2016 11:48:56 Revo Uninstaller's restore point - Avira Antivirus 26-05-2016 15:20:18 Windows Update 26-05-2016 15:59:14 Windows Update 26-05-2016 21:57:20 Revo Uninstaller's restore point - Revo Uninstaller 1.95 27-05-2016 21:00:45 JRT Pre-Junkware Removal 27-05-2016 21:02:32 JRT Pre-Junkware Removal ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (05/27/2016 03:29:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x7180000a ID des fehlerhaften Prozesses: 0xac4 Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Error: (05/27/2016 02:33:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x7189000a ID des fehlerhaften Prozesses: 0x%9 Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Error: (05/26/2016 07:59:44 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (05/25/2016 08:16:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x7189000a ID des fehlerhaften Prozesses: 0x%9 Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Error: (05/25/2016 07:07:07 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (05/25/2016 06:54:06 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (05/25/2016 06:54:02 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (05/25/2016 06:02:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x717a000a ID des fehlerhaften Prozesses: 0x12d8 Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Error: (05/25/2016 05:37:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x717a000a ID des fehlerhaften Prozesses: 0xc14 Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Error: (05/25/2016 04:45:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: wlmail.exe, Version: 16.4.3528.331, Zeitstempel: 0x533a3fce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x717c000a ID des fehlerhaften Prozesses: 0xcfc Startzeit der fehlerhaften Anwendung: 0xwlmail.exe0 Pfad der fehlerhaften Anwendung: wlmail.exe1 Pfad des fehlerhaften Moduls: wlmail.exe2 Berichtskennung: wlmail.exe3 Systemfehler: ============= Error: (05/27/2016 08:50:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/27/2016 08:50:27 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (05/27/2016 08:50:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error: (05/27/2016 08:49:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: epp Error: (05/27/2016 08:24:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: epp Error: (05/27/2016 01:31:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: epp Error: (05/27/2016 01:30:54 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT) Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402. Error: (05/27/2016 12:16:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: epp Error: (05/27/2016 12:16:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/27/2016 12:15:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Live ID Sign-in Assistant erreicht. CodeIntegrity: =================================== Date: 2016-05-26 23:02:54.483 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2016-05-26 23:02:53.765 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2016-05-26 23:02:53.063 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2016-05-26 23:02:52.346 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2016-05-26 13:02:33.031 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2016-05-26 13:02:32.360 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz Prozentuale Nutzung des RAM: 35% Installierter physikalischer RAM: 4056.56 MB Verfügbarer physikalischer RAM: 2605.66 MB Summe virtueller Speicher: 8111.3 MB Verfügbarer virtueller Speicher: 6643.63 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:297.99 GB) (Free:156.96 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D6776FFD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
27.05.2016, 22:13 | #14 |
/// TB-Ausbilder | Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden Servus, wir spüren noch evtl. vorhandene Reste auf. Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
|
27.05.2016, 22:42 | #15 |
| Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden Hallo Matthias, hier das Ergebnis der Untersuchung von SystemLook: Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 23:30 on 27/05/2016 by user Administrator - Elevation successful ========== regfind ========== Searching for "nicesearches" No data found. Searching for "Elex-tech" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\iSafeKrnlBoot] "ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\iSafeKrnlBoot] "ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot] "ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC" Searching for "iSafe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\iSafeKrnlBoot] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\iSafeKrnlBoot] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot] Searching for "YAC" [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover] "yahoo.co.th"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YACB7D~1.XML" [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover] "yahoo.com.sg"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YAC50A~1.XML" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\ProgID] @="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID] @="X509Enrollment.CX509EnrollmentPolicyActiveDirectory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Components\4F33FB1578E100649B629029A307DFB1] "capsules.inf"="vUpAVX!!!!!!!!!MKKSkThemesTypicalFiles>YaCS-X8nF9@iZshLxJpa[^16]" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2FE9F084-1511-3052-BE7C-9010B522C10E}] @="_QueryAccessibilityHelpEventArgs" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7197B56B-5FA1-31EF-B38B-62FEE737277F}] @="IContextPropertyActivator" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BA99AE52-D539-362F-B78C-4E84C14158BF}\2.0.0.0] "Class"="System.Security.Permissions.SecurityAction" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BA99AE52-D539-362F-B78C-4E84C14158BF}\4.0.0.0] "Class"="System.Security.Permissions.SecurityAction" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\ProgID] @="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID] @="X509Enrollment.CX509EnrollmentPolicyActiveDirectory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0006302D-0000-0000-C000-000000000046}] @="_PropertyAccessor" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2FE9F084-1511-3052-BE7C-9010B522C10E}] @="_QueryAccessibilityHelpEventArgs" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{30642042-9221-4388-9C31-3DA8E1E33C33}] @="IGrooveWebNotificationEntryActionData" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7197B56B-5FA1-31EF-B38B-62FEE737277F}] @="IContextPropertyActivator" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B848D512-62C5-42FB-89B3-126098FCD11B}] @="IGrooveTransportSecurityAccountDiagnosticsEntryEnum" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E2DF7E6A-4D7F-4FF8-A30A-F01481A33268}] @="IGrooveTransportSecurityAccountDiagnosticsEntry" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CX509EnrollmentPolicyActiveDirectory] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CX509EnrollmentPolicyActiveDirectory\CurVer] @="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A7A66456F4FEBDF43B3908A64A8BB31B] "00002109440070400000000000F01FEC"="C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\VBSnippets\1031\WindowsForms\Clipboard\CopyAClassInstanceToTheClipboard.snippet" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Features] "ThemesTypicalFiles"="bxw0=a+]F9mnkkP2Hm6$]MEU0l_RU@lnYR^6&3Ljc4[z+7M&ZAG+&hLw)33'&+kfoK]aH?%U!`PLGSF^{8o3@W9Oi@$ql,oq+EIgBW20SUnI,?oX,EeU2.h((Iws_6.mI=f.[hpJWu}.YaCS-X8nF9@iZshLxJpaHs01q3&g49DaROul[Q5^xh1~t9O*)?=X@H^fSzUTfLP)[R}~]=`*HC-s%t^r6RS$V.Ce&@JaZ^@+r&s@opc-xSfWu84%R=c)en=Q.^MBg*Ujq@dA3^P1'3IvvF[Q`*npm9P5'*9GtuIN]npHtm}T@A~^zPaK{(Ty?G{KwcoYv?eX&O^m'$`V4+dVX?lv&9HIrsgtrew[WesOi[4Ui9z$-?GSSLRa}71lgD~78@yEl@^=2s+lZD%mxVxx'=P@42z~arqWOjZ^h[tNn?aVDY.MC?84!K%7keYDM98F25q@h!Kl=i7-p.(_m8?3'RF?-KDtAaFWtOi[ZAQ3x@@G%I-FSpqPp}&S+=Uo(Mjl!bLzcI0!b-C'z?=8J{ySPY6k$yoeA0Akq@gh00',kc-mydMd%fu1*ATPGxK1_9%XKe)cVIzUt=Z=N.bf]DF?iIq$wIPU7@B+$5Vt-I$*wpW2sgBCp@xCdG6j(`sFTHEMESFiles" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1735F6DB1CAD0F03D9EDAC6C97E1823C\Features] "F_compilers_core_amd64"="`yFM`V.(j?5]i'AKuKOKJQ-fL.MGAAWWvkZC2t!Y(91'3NpGO@ya,]$={]vm(~u-_m8U!AL*w{j!wgZZ-mu'YIdC'AnZb-nwxX'gK?QEZcsQX9?=Z!pPD],5lM4p.ricy@JuL~@&9rDLpn@yjcvcW9{`5Gu3.3))c6N1LYaC!9DW`G*oh(@NNetFx_Full_amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\Registration\{90120000-0030-0000-0000-0000000FF1CE}] "Current"="TQBJAEMAUgBPAFMATwBGAFQALQBTAE8ARgBUAFcAQQBSAEUAIABMAEkAWgBFAE4AWgBCAEUAUwBUAEkATQBNAFUATgBHAEUATgANAAoAMgAwADAANwAgAE0ASQBDAFIATwBTAE8ARgBUACAATwBGAEYASQBDAEUAIABTAFkAUwBUAEUATQAtAEQARQBTAEsAVABPAFAALQBBAE4AVwBFAE4ARABVAE4ARwBTAFMATwBGAFQAVwBBAFIARQANAAoATgBhAGMAaABmAG8AbABnAGUAbgBkACAAZgBpAG4AZABlAG4AIABTAGkAZQAgAGQAcgBlAGkAIABzAGUAcABhAHIAYQB0AGUAIABUAGUAaQBsAGUAIABtAGkAdAAgAEwAaQB6AGUAbgB6AGIAZQBkAGkAbgBnAHUAbgBnAGUAbgAuACAATgB1AHIAIABlAGkAbgAgAFQAZQBpAGwAIABnAGkAbAB0ACAAZgD8AHIAIABTAGkAZQAuACAAVQBtACAAegB1ACAAYgBlAHMAdABpAG0AbQBlAG4ALAAgAHcAZQBsAGMAaABlACAATABpAHoAZQBuAHoAYgBlAGQAaQBuAGcAdQBuAGcAZQBuACAAZgD8AHIAIABTAGkAZQAgAGcAZQBsAHQAZQBuACwAIAD8AGIAZQByAHAAcgD8AGYAZQBuACAAUwBpAGUAIABkAGkAZQAgAEwAaQB6AGUAbgB6AGIAZQB6AGUAaQBjAGgAbgB1AG4AZwAsACAAZABpAGUAIABlAG4AdAB3AGUAZABlAHIAIABhAHUAZgAgAEkAaAByAGUAbQAgAFAAcgBvAGQAdQBjAHQAIABLAGUAeQAsACAAaQBuACAAZABlAHIAIABOAOQAaABlACAAZABlAHMA [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover] "yahoo.com.sg"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YAC50A~1.XML" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover] "yahoo.co.th"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YACB7D~1.XML" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\ProgID] @="X509Enrollment.CX509EnrollmentPolicyActiveDirectory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{91f39027-217f-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID] @="X509Enrollment.CX509EnrollmentPolicyActiveDirectory" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{0006302D-0000-0000-C000-000000000046}] @="_PropertyAccessor" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2FE9F084-1511-3052-BE7C-9010B522C10E}] @="_QueryAccessibilityHelpEventArgs" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{30642042-9221-4388-9C31-3DA8E1E33C33}] @="IGrooveWebNotificationEntryActionData" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7197B56B-5FA1-31EF-B38B-62FEE737277F}] @="IContextPropertyActivator" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{B848D512-62C5-42FB-89B3-126098FCD11B}] @="IGrooveTransportSecurityAccountDiagnosticsEntryEnum" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{E2DF7E6A-4D7F-4FF8-A30A-F01481A33268}] @="IGrooveTransportSecurityAccountDiagnosticsEntry" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\iSafeKrnlBoot] "ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\iSafeKrnlBoot] "ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot] "ProgramPath"="C:\Program Files (x86)\Elex-tech\YAC" [HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\0186KSEBY5amu_a85OiPeBQA] "Response Wednesday, June 25, 2014 21:45:52"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+YsHHWPl3EeBLwVEU/RAXgQAAAACAAAAAAAQZgAAAAEAACAAAAC043qA45cl+5AaqdoD4Y5xs1fbhgQ5ihunZbFUmp95IgAAAAAOgAAAAAIAACAAAADHdNYm+jY4ROVB2Ks+9DdHF6qwINTSSCVb1RhIXZuYfjAFAAAZix5t9B+lGutiENhzL6qx6eYq05Y67t2uuovkzhAANgYcir+Wv6rNt7tXgAEHK962CP2YbLuFtUM73ArhBXFpV9d+CU3CxnwWoOuUXBN1cyMXiHih0TIRaxJIvi+g6pl6VbN+V1sYi/wUwP7eOamVNimYkpy1xAz7GSywFP6WNM389fzN1SGf8nPhVcyEFu7pYeCCSi0R8i5T2TgmzKqO/giADVyUZl37MxXV5+ZbzZeSxVXb5QkuZkaQ7ydzJjXjr0sRQ/YaCZGgOWgUHjNtjx4H+pY10ZUl4jYt0iFK4RvNvwVu93UGR+j7MD1TSPXICy2IZU9tGvnSpAIh7JBHg1LWoi+1vSvRm9nP7bpGqOyaMn/djFoWhA4UdYk2pEg0mFBsvKn5euuQcHloyLWRXpOwoCvfrnddcF0PVAVDoh2mucotVwmpZnoHGtdA59Dak0AvEkcpfkgiInZLyjMLNH8ynftRSJSMWjccgbf8Hh9vL61NK4bFQ+7DGxcDhTJoY4e8qBZt/IDYKGiTqaXs/BqNa4znIJB1Z7uQ2obx+gIQUi9psd0JfqmEeXSUk/+eYiGLtF5UXshcwdG/PZx8Qy1re1owZJ+VIQXWBcekUj3JaAfhyPtD454rUkttLJX+5KNAM6vMAVmUDTIBNWK5Ip+QBpV2O+ [HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-1718339690-3013972182-446857107-1000\02lzqnfanptv] "DeviceId"="<Data><User username="02LZQNFANPTV"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+YsHHWPl3EeBLwVEU/RAXgQAAAACAAAAAAAQZgAAAAEAACAAAADzyk8ckg+Z/fkcz6L5WEEUZzV/OEIT33FcbexAq4OUIgAAAAAOgAAAAAIAACAAAAByJLWSdSQwSESFJpT0iq5k/8/BNimZ2rza35zY9YkOzTAAAADSBfHgxuqO0zuY92uuZu2hr+kJBHlqmlUi+29UM9jom6+gkBCXl14CjYL5xwxotoRAAAAAoYnMi9ZzU/bzhoJLBvO7BkH2upHxjhA4/ZpzVcqWWjh93nPDkKZ7seGbDuj5TVgTo1/DxAu0jCUKHu9ERleixg==</Pwd><Certificate targetname="WindowsLive:(cert):name=02lzqnfanptv;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAdwBaAFoAbwBXAFQAZABYAGwARQBtAEUAdQBBADgAcQA4AEwATQB3AFMAdwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEIASAB0ADQAcwBqAGUAUwBwADIARQA4AFkAZwB0AEsAO [HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover] "yahoo.co.th"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YACB7D~1.XML" [HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover] "yahoo.com.sg"="C:\PROGRA~2\MICROS~2\Office12\OUTLOO~1\YAC50A~1.XML" [HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\0186KSEBY5amu_a85OiPeBQA] "Response Wednesday, June 25, 2014 21:45:52"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+YsHHWPl3EeBLwVEU/RAXgQAAAACAAAAAAAQZgAAAAEAACAAAAC043qA45cl+5AaqdoD4Y5xs1fbhgQ5ihunZbFUmp95IgAAAAAOgAAAAAIAACAAAADHdNYm+jY4ROVB2Ks+9DdHF6qwINTSSCVb1RhIXZuYfjAFAAAZix5t9B+lGutiENhzL6qx6eYq05Y67t2uuovkzhAANgYcir+Wv6rNt7tXgAEHK962CP2YbLuFtUM73ArhBXFpV9d+CU3CxnwWoOuUXBN1cyMXiHih0TIRaxJIvi+g6pl6VbN+V1sYi/wUwP7eOamVNimYkpy1xAz7GSywFP6WNM389fzN1SGf8nPhVcyEFu7pYeCCSi0R8i5T2TgmzKqO/giADVyUZl37MxXV5+ZbzZeSxVXb5QkuZkaQ7ydzJjXjr0sRQ/YaCZGgOWgUHjNtjx4H+pY10ZUl4jYt0iFK4RvNvwVu93UGR+j7MD1TSPXICy2IZU9tGvnSpAIh7JBHg1LWoi+1vSvRm9nP7bpGqOyaMn/djFoWhA4UdYk2pEg0mFBsvKn5euuQcHloyLWRXpOwoCvfrnddcF0PVAVDoh2mucotVwmpZnoHGtdA59Dak0AvEkcpfkgiInZLyjMLNH8ynftRSJSMWjccgbf8Hh9vL61NK4bFQ+7DGxcDhTJoY4e8qBZt/IDYKGiTqaXs/BqNa4znIJB1Z7uQ2obx+gIQUi9psd0JfqmEeXSUk/+eYiGLtF5UXshcwdG/PZx8Qy1re1owZJ+VIQXWBcekUj3JaAfhyPtD454rUkttLJX+5KNAM6vMAVmUDTIBNWK5Ip+QBpV2O+ [HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-1718339690-3013972182-446857107-1000\02lzqnfanptv] "DeviceId"="<Data><User username="02LZQNFANPTV"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+YsHHWPl3EeBLwVEU/RAXgQAAAACAAAAAAAQZgAAAAEAACAAAADzyk8ckg+Z/fkcz6L5WEEUZzV/OEIT33FcbexAq4OUIgAAAAAOgAAAAAIAACAAAAByJLWSdSQwSESFJpT0iq5k/8/BNimZ2rza35zY9YkOzTAAAADSBfHgxuqO0zuY92uuZu2hr+kJBHlqmlUi+29UM9jom6+gkBCXl14CjYL5xwxotoRAAAAAoYnMi9ZzU/bzhoJLBvO7BkH2upHxjhA4/ZpzVcqWWjh93nPDkKZ7seGbDuj5TVgTo1/DxAu0jCUKHu9ERleixg==</Pwd><Certificate targetname="WindowsLive:(cert):name=02lzqnfanptv;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAdwBaAFoAbwBXAFQAZABYAGwARQBtAEUAdQBBADgAcQA4AEwATQB3AFMAdwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEIASAB0ADQAcwBqAGUAUwBwADIARQA4AFkAZwB0AEsAO Searching for "Guntony" [HKEY_CURRENT_USER\Software\Guntony] [HKEY_CURRENT_USER\Software\Classes\ChromeHTML\DefaultIcon] @="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0" [HKEY_CURRENT_USER\Software\Classes\ChromeHTML\shell\open\command] @=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities] "ApplicationIcon"="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\DefaultIcon] @="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-ReinstallCommand"" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo] "HideIconsCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-HideIconsCommand"" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ShowIconsCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-ShowIconsCommand"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Guntony] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Guntony] "path"="C:\Program Files (x86)\Guntony\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Guntony] "publicdirectroy"="C:\Users\Public\Documents\Guntony\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Guntony] "publicdirectroy_log"="C:\Users\Public\Documents\Guntony\log\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Guntony] "publicdirectroy_dump"="C:\Users\Public\Documents\Guntony\log\dump\" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities] "ApplicationIcon"="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\DefaultIcon] @="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-ReinstallCommand"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "HideIconsCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-HideIconsCommand"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ShowIconsCommand"=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "-ShowIconsCommand"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{27C60F1F-7E7F-4B3C-B713-06D3263CB87D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\Guntony\protect\protect.exe|Name=Protect Service|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{EC1D2487-8B36-4655-97A5-1FD40416AA30}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\chrome.exe|Name=Chrome Browser|Desc=Chrome Browser|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{952C26F6-922A-405D-8899-D5E858F4EE28}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe|Name=Chrome Server|Desc=Chrome Server|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{27C60F1F-7E7F-4B3C-B713-06D3263CB87D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\Guntony\protect\protect.exe|Name=Protect Service|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{EC1D2487-8B36-4655-97A5-1FD40416AA30}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\chrome.exe|Name=Chrome Browser|Desc=Chrome Browser|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{952C26F6-922A-405D-8899-D5E858F4EE28}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe|Name=Chrome Server|Desc=Chrome Server|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{27C60F1F-7E7F-4B3C-B713-06D3263CB87D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\Guntony\protect\protect.exe|Name=Protect Service|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{EC1D2487-8B36-4655-97A5-1FD40416AA30}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\chrome.exe|Name=Chrome Browser|Desc=Chrome Browser|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{952C26F6-922A-405D-8899-D5E858F4EE28}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe|Name=Chrome Server|Desc=Chrome Server|" [HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Guntony] [HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Classes\ChromeHTML\DefaultIcon] @="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0" [HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000\Software\Classes\ChromeHTML\shell\open\command] @=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "%1"" [HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000_Classes\ChromeHTML\DefaultIcon] @="C:\Program Files (x86)\Guntony\Guntony\chrome.exe,0" [HKEY_USERS\S-1-5-21-1718339690-3013972182-446857107-1000_Classes\ChromeHTML\shell\open\command] @=""C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "%1"" -= EOF =- |
Themen zu Rootkit.Sirefef.Spy und Trojaner Virus in system32 NT Kernel gefunden |
antivirus, askbar, avira, computer, dnsapi.dll, downloader, einstellungen, elex-tech, excel, failed, flash player, helper, home, homepage, install.exe, kaspersky, mozilla, programm, prozesse, registry, scan, services.exe, software, svchost.exe, system, teredo, trojaner, trojaner virus, viren, virus |