| |
| |||||||
Log-Analyse und Auswertung: Accountsperrung wegen Betrugsversuch - Systemüberprüfung und -reinigungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.10.2016, 05:11
| #1 |
 |  Accountsperrung wegen Betrugsversuch - Systemüberprüfung und -reinigung Hallo Zusammen, ich habe vor ein paar Tagen plötzlich keinen Zugang mehr zu meinem Ebay Kleinanzeigen-Account gehabt. Auf Nachfrage habe ich eine Mail erhalten, dass von diesem Account aus "eine fremde Person darüber Betrugsartikel inserierte, bzw. betrügerische Mails versendet hat." Nun will ich natürlich auf Nummer sicher gehen und meine Systeme überprüfen, statt nur die Passwörter zu ändern. Ich habe dann gestern auf Anraten eines Freundes das Programm Spybot S&D genutzt. Leider kümmert der sich (zumindest bei Immunisierung) aber nicht um Google Chrome (ich nutze eigentlich nur diesen Browser). Außerdem habe ich 2 Windows-Rechner (PC und Laptop) und ein Android-Handy und weiß nicht, wie ich alles zusammen sauber bekomme. Zum PC: Hier ist die Logdatei von Spybot, ich habe anschließend auf "Auswahl beheben" geklickt und da waren dann überall grüne Häkchen. Ich habe in der Logdatei die Accountnamen des PCs halb anonymisiert (Hauptnutzung über S*******, eigentlich nie Nutzung über M*****) Code:
ATTFilter Search results from Spybot - Search & Destroy
05.10.2016 04:47:14
Scan took 01:34:34.
137 items found.
Ad.Lollipop: [SBI $0B8F3783] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Applications\lollipop.exe
Category=Adware
ThreatLevel=3
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Ad.Lollipop: [SBI $0B8F3783] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Applications\lollipop.exe
Category=Adware
ThreatLevel=3
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Ad.Lollipop: [SBI $F48FA615] Settings (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\lollipop\lpid
Category=Adware
ThreatLevel=3
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Ad.Lollipop: [SBI $669FC399] Settings (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\lollipop\user_tracker
Category=Adware
ThreatLevel=3
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Ad.Lollipop: [SBI $6762405D] Settings (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\lollipop
Category=Adware
ThreatLevel=3
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Somoto.BetterInstaller: [SBI $B8A7F4F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp
Category=Malware
ThreatLevel=10
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Somoto.BetterInstaller: [SBI $B8A7F4F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp
Category=Malware
ThreatLevel=10
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Ask.MyGlobalSearch: [SBI $8E19DA0B] Program directory (Directory, nothing done)
C:\Users\S*******\AppData\Local\Temp\AskSearch\
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/showthread.php?40366
DownloadSponsor: [SBI $CC437C6B] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\OCS\lastPID
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DownloadSponsor: [SBI $980DE8E4] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\OCS\PID
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Facebook.Messenger: [SBI $63375265] User settings (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Facebook.Messenger: [SBI $9191B288] User settings (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Facebook.Messenger: [SBI $6D1029B1] User settings (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Classes\FacebookUpdate.OnDemandCOMClassUser
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Facebook.Messenger: [SBI $7F45EA00] User settings (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Classes\FacebookUpdate.OnDemandCOMClassUser.1.0
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Facebook.Messenger: [SBI $59117437] User settings (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Facebook
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Facebook.Messenger: [SBI $62F77180] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Facebook.Messenger: [SBI $9051916D] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Facebook.Messenger: [SBI $573FFD1B] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{132885F2-8DE9-40F2-BEAE-1B31FDBAB159}
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Facebook.Messenger: [SBI $BAA66334] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3B692A7D-330E-4388-A955-724500AC0BC5}
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Facebook.Messenger: [SBI $C061D222] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{649D9E01-9847-4EE9-9145-2CB4BC8298D0}
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Facebook.Messenger: [SBI $6B188C64] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{71692661-DCBA-484A-BD41-A39404532B52}
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Facebook.Messenger: [SBI $D849531E] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B72C7377-0AA5-4F52-BDA2-85C4D1DB930E}
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Facebook.Messenger: [SBI $06D47759] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D0843545-5E7C-4C6D-B4E2-05948F759440}
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Facebook.Messenger: [SBI $917BFFAB] Program directory (Directory, nothing done)
C:\Users\S*******\AppData\Local\Facebook\
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.log
Directory.subfile.size=1848
Directory.subfile.md5=B2366AA550379CF0D6D225322C33F386
Directory.subfile.filedate=1362835873
Directory.subfile.filedatetext=2013-03-09 13:31:12
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.settings
Directory.subfile.size=3865
Directory.subfile.md5=1A844260D2043914D04973EE787BD5BF
Directory.subfile.filedate=1362839105
Directory.subfile.filedatetext=2013-03-09 14:25:04
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\Cookies
Directory.subfile.size=12288
Directory.subfile.md5=5FB25928844B95C841C1904381CEDEDB
Directory.subfile.filedate=1362843580
Directory.subfile.filedatetext=2013-03-09 15:39:39
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\Cookies-journal
Directory.subfile.size=8768
Directory.subfile.md5=7DC75E7F0C230180EC4F6835AEF34777
Directory.subfile.filedate=1362843580
Directory.subfile.filedatetext=2013-03-09 15:39:39
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\data_0
Directory.subfile.size=45056
Directory.subfile.md5=C278A021032BAF870B20A53145A13C29
Directory.subfile.filedate=1340533534
Directory.subfile.filedatetext=2012-06-24 10:25:33
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\data_1
Directory.subfile.size=270336
Directory.subfile.md5=78641D067CC6BA6A54CE643D20609855
Directory.subfile.filedate=1340533534
Directory.subfile.filedatetext=2012-06-24 10:25:33
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\data_2
Directory.subfile.size=3153920
Directory.subfile.md5=BA8578835B6F3C226F45F2C6C8ED2480
Directory.subfile.filedate=1340533534
Directory.subfile.filedatetext=2012-06-24 10:25:33
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\data_3
Directory.subfile.size=4202496
Directory.subfile.md5=5778F8C5A606F25E8EFB844E59E02900
Directory.subfile.filedate=1340533534
Directory.subfile.filedatetext=2012-06-24 10:25:33
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000001
Directory.subfile.size=17073
Directory.subfile.md5=57F56736E4DD1CEE8FEF35B4298163EB
Directory.subfile.filedate=1337344004
Directory.subfile.filedatetext=2012-05-18 12:26:43
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000002
Directory.subfile.size=46699
Directory.subfile.md5=9C5B9B1A15C609C232CF6AD5107C6A81
Directory.subfile.filedate=1337344004
Directory.subfile.filedatetext=2012-05-18 12:26:43
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000003
Directory.subfile.size=30625
Directory.subfile.md5=1A628CC9F48CDB32A121FE5FB323765A
Directory.subfile.filedate=1337344004
Directory.subfile.filedatetext=2012-05-18 12:26:44
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000004
Directory.subfile.size=130558
Directory.subfile.md5=82DDB78A12C18FA2B8D26DEF8E8BE04C
Directory.subfile.filedate=1337344004
Directory.subfile.filedatetext=2012-05-18 12:26:44
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000005
Directory.subfile.size=18863
Directory.subfile.md5=0B52207D6F2E5DD283488783CEE62F23
Directory.subfile.filedate=1337344006
Directory.subfile.filedatetext=2012-05-18 12:26:45
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000007
Directory.subfile.size=33138
Directory.subfile.md5=45C30A85E732BB5C447833C66B5C5708
Directory.subfile.filedate=1337344006
Directory.subfile.filedatetext=2012-05-18 12:26:46
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000008
Directory.subfile.size=141709
Directory.subfile.md5=2B89EEC6A7A68FA2E0B1206161156E4A
Directory.subfile.filedate=1337344007
Directory.subfile.filedatetext=2012-05-18 12:26:46
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00000a
Directory.subfile.size=141707
Directory.subfile.md5=B8BB2448CA3892CF1A427C0BBC06AE95
Directory.subfile.filedate=1337540325
Directory.subfile.filedatetext=2012-05-20 18:58:45
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00000f
Directory.subfile.size=18626
Directory.subfile.md5=7BE6208182ACE71FA9AD5EBADB0D0BA4
Directory.subfile.filedate=1337764608
Directory.subfile.filedatetext=2012-05-23 09:16:47
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000010
Directory.subfile.size=46332
Directory.subfile.md5=236B82BFEB2F4A87CB09A51813383FFC
Directory.subfile.filedate=1337764608
Directory.subfile.filedatetext=2012-05-23 09:16:48
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000011
Directory.subfile.size=22280
Directory.subfile.md5=B8A55EB1B8F2048B4C80988E11C77141
Directory.subfile.filedate=1337764614
Directory.subfile.filedatetext=2012-05-23 09:16:53
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000012
Directory.subfile.size=144681
Directory.subfile.md5=EE032D885CD72FD89B3D0C94B8FB0477
Directory.subfile.filedate=1337764614
Directory.subfile.filedatetext=2012-05-23 09:16:53
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000013
Directory.subfile.size=26168
Directory.subfile.md5=1E85EC550FC7A3BCD0DD03771B18F193
Directory.subfile.filedate=1337764614
Directory.subfile.filedatetext=2012-05-23 09:16:54
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000014
Directory.subfile.size=58156
Directory.subfile.md5=3141A2F4F9024DC7BF145ACA50329759
Directory.subfile.filedate=1337764614
Directory.subfile.filedatetext=2012-05-23 09:16:54
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000018
Directory.subfile.size=46336
Directory.subfile.md5=F0B74545231D2256A57E6D8562E097A6
Directory.subfile.filedate=1337855358
Directory.subfile.filedatetext=2012-05-24 10:29:18
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000019
Directory.subfile.size=144691
Directory.subfile.md5=60000D7D8E0AE84BF00C81D0C4A11A75
Directory.subfile.filedate=1337855364
Directory.subfile.filedatetext=2012-05-24 10:29:24
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00001a
Directory.subfile.size=58140
Directory.subfile.md5=5A9BA7EE48F23B8C085CC6B56CBD67ED
Directory.subfile.filedate=1337855366
Directory.subfile.filedatetext=2012-05-24 10:29:25
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00001e
Directory.subfile.size=18645
Directory.subfile.md5=93756ED2E868638A8B8B380A6606C123
Directory.subfile.filedate=1338204427
Directory.subfile.filedatetext=2012-05-28 11:27:06
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00001f
Directory.subfile.size=46392
Directory.subfile.md5=C15E50E2DB25AC38494A17C4377AD2ED
Directory.subfile.filedate=1338204427
Directory.subfile.filedatetext=2012-05-28 11:27:06
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000020
Directory.subfile.size=58114
Directory.subfile.md5=AA6C50461438794E7DB035DDC96B4030
Directory.subfile.filedate=1338204431
Directory.subfile.filedatetext=2012-05-28 11:27:10
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000021
Directory.subfile.size=144761
Directory.subfile.md5=D2D5C4C91AC1588D26864684C55F1B70
Directory.subfile.filedate=1338204431
Directory.subfile.filedatetext=2012-05-28 11:27:10
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000024
Directory.subfile.size=35071
Directory.subfile.md5=C8AD5FA0B22DD054A8C3EFBF4017ECF5
Directory.subfile.filedate=1338319325
Directory.subfile.filedatetext=2012-05-29 19:22:04
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000025
Directory.subfile.size=46423
Directory.subfile.md5=B95D0D24E33893D2F9B6D6CB4CAD0416
Directory.subfile.filedate=1338390482
Directory.subfile.filedatetext=2012-05-30 15:08:02
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000027
Directory.subfile.size=18639
Directory.subfile.md5=2285E6A24AE0B375099191854B5A531E
Directory.subfile.filedate=1338407298
Directory.subfile.filedatetext=2012-05-30 19:48:18
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000028
Directory.subfile.size=18639
Directory.subfile.md5=5604EB2A646BB7B40CFBEA737DCDB61D
Directory.subfile.filedate=1338494004
Directory.subfile.filedatetext=2012-05-31 19:53:23
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000029
Directory.subfile.size=45880
Directory.subfile.md5=6BE28E29867DA6A061B2EB482A7267A5
Directory.subfile.filedate=1338494004
Directory.subfile.filedatetext=2012-05-31 19:53:23
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00002a
Directory.subfile.size=26885
Directory.subfile.md5=6203334E43801847A08E7166486DC5D1
Directory.subfile.filedate=1338494008
Directory.subfile.filedatetext=2012-05-31 19:53:27
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00002b
Directory.subfile.size=35433
Directory.subfile.md5=4E30762154A20A7328CF19324ABB5FE3
Directory.subfile.filedate=1338494008
Directory.subfile.filedatetext=2012-05-31 19:53:27
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00002c
Directory.subfile.size=147024
Directory.subfile.md5=3E5E4E7552EA4664C7CEBC415295D1EA
Directory.subfile.filedate=1338494008
Directory.subfile.filedatetext=2012-05-31 19:53:27
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00002f
Directory.subfile.size=18638
Directory.subfile.md5=D8C30A336813AD99FDA1BFD7D14D9E06
Directory.subfile.filedate=1338809721
Directory.subfile.filedatetext=2012-06-04 11:35:20
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000030
Directory.subfile.size=35580
Directory.subfile.md5=79574B4082520F30CB8D5734C484AE0F
Directory.subfile.filedate=1338809725
Directory.subfile.filedatetext=2012-06-04 11:35:24
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000031
Directory.subfile.size=147152
Directory.subfile.md5=E0D52CC6ED91B7A92EFF6A20BA955C13
Directory.subfile.filedate=1338809725
Directory.subfile.filedatetext=2012-06-04 11:35:24
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000035
Directory.subfile.size=18754
Directory.subfile.md5=DA8A1E1DDEA90F7EE04E20332283B1D9
Directory.subfile.filedate=1339070924
Directory.subfile.filedatetext=2012-06-07 12:08:44
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000036
Directory.subfile.size=40097
Directory.subfile.md5=D27017C6FCC68FF080D6B5C835BCA139
Directory.subfile.filedate=1339070924
Directory.subfile.filedatetext=2012-06-07 12:08:44
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000037
Directory.subfile.size=17646
Directory.subfile.md5=5A0BE7FCD11052FE9321CFEA16BAD52B
Directory.subfile.filedate=1339070927
Directory.subfile.filedatetext=2012-06-07 12:08:47
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000038
Directory.subfile.size=38253
Directory.subfile.md5=489F4C17D680CE6E526B59600B00C583
Directory.subfile.filedate=1339070927
Directory.subfile.filedatetext=2012-06-07 12:08:47
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000039
Directory.subfile.size=148322
Directory.subfile.md5=014BEB6B72BF205123238C80A0481240
Directory.subfile.filedate=1339070928
Directory.subfile.filedatetext=2012-06-07 12:08:47
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00003c
Directory.subfile.size=40097
Directory.subfile.md5=EF9355DF133533A4BA9EB6ACAC1F0AC2
Directory.subfile.filedate=1339165405
Directory.subfile.filedatetext=2012-06-08 14:23:25
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00003d
Directory.subfile.size=38511
Directory.subfile.md5=BBBE4E89D684C65AD38993CF5087A270
Directory.subfile.filedate=1339165408
Directory.subfile.filedatetext=2012-06-08 14:23:27
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000041
Directory.subfile.size=18757
Directory.subfile.md5=9E787E6071F58C604A779AD3EA94FEC2
Directory.subfile.filedate=1339257341
Directory.subfile.filedatetext=2012-06-09 15:55:41
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000042
Directory.subfile.size=40098
Directory.subfile.md5=8E2965038797FFFE145DC8FFE915F130
Directory.subfile.filedate=1339257341
Directory.subfile.filedatetext=2012-06-09 15:55:41
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000043
Directory.subfile.size=38555
Directory.subfile.md5=01DA4D49371A5E0F7EBABE9FF6501239
Directory.subfile.filedate=1339257342
Directory.subfile.filedatetext=2012-06-09 15:55:41
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000044
Directory.subfile.size=148316
Directory.subfile.md5=1B763B4B5A4DCF7B523F51D62319E25E
Directory.subfile.filedate=1339257342
Directory.subfile.filedatetext=2012-06-09 15:55:41
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00004c
Directory.subfile.size=18888
Directory.subfile.md5=AF82B2907049731FC7E742B83C0A807C
Directory.subfile.filedate=1339581845
Directory.subfile.filedatetext=2012-06-13 10:04:05
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00004d
Directory.subfile.size=41085
Directory.subfile.md5=E7DD184A862067E8D27C736C03C1FF16
Directory.subfile.filedate=1339581845
Directory.subfile.filedatetext=2012-06-13 10:04:05
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00004e
Directory.subfile.size=17729
Directory.subfile.md5=8719AEA9F0E6B51848552883BB616702
Directory.subfile.filedate=1339581847
Directory.subfile.filedatetext=2012-06-13 10:04:07
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00004f
Directory.subfile.size=36888
Directory.subfile.md5=8800B5C23FA5DC8FE6495577E9071469
Directory.subfile.filedate=1339581847
Directory.subfile.filedatetext=2012-06-13 10:04:07
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000050
Directory.subfile.size=147801
Directory.subfile.md5=6D167F87562C55F4A84E34A78EEAA441
Directory.subfile.filedate=1339581847
Directory.subfile.filedatetext=2012-06-13 10:04:07
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000051
Directory.subfile.size=16556
Directory.subfile.md5=F071343D32584FD69952C4C5CFADAF9E
Directory.subfile.filedate=1339581848
Directory.subfile.filedatetext=2012-06-13 10:04:07
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000054
Directory.subfile.size=147789
Directory.subfile.md5=AEDCD9807B3B3E89451A7A43775CE1A2
Directory.subfile.filedate=1339760857
Directory.subfile.filedatetext=2012-06-15 11:47:36
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000057
Directory.subfile.size=36048
Directory.subfile.md5=574AF0F1F03299C42D1C08A32C0C2B84
Directory.subfile.filedate=1339779358
Directory.subfile.filedatetext=2012-06-15 16:55:58
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000059
Directory.subfile.size=18889
Directory.subfile.md5=26CCCD92C980190ED3FEF26F5BB9A79A
Directory.subfile.filedate=1340018232
Directory.subfile.filedatetext=2012-06-18 11:17:11
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00005a
Directory.subfile.size=41096
Directory.subfile.md5=603FA09CEA47F63EAE8FD3EC09E5B0D5
Directory.subfile.filedate=1340018232
Directory.subfile.filedatetext=2012-06-18 11:17:11
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00005b
Directory.subfile.size=147932
Directory.subfile.md5=8F5BA7762E7A23B25A7DDC9A67BC0389
Directory.subfile.filedate=1340018235
Directory.subfile.filedatetext=2012-06-18 11:17:15
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00005f
Directory.subfile.size=18850
Directory.subfile.md5=0D97E0F7410F3CE3CE68E0DEFD662FD2
Directory.subfile.filedate=1340135107
Directory.subfile.filedatetext=2012-06-19 19:45:07
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000060
Directory.subfile.size=40176
Directory.subfile.md5=D6D11EA6BCBA4FEAA621F0BC39DE466A
Directory.subfile.filedate=1340135107
Directory.subfile.filedatetext=2012-06-19 19:45:07
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000061
Directory.subfile.size=25663
Directory.subfile.md5=A82BB05C86FE5F23B9229DDE151A73BB
Directory.subfile.filedate=1340135108
Directory.subfile.filedatetext=2012-06-19 19:45:08
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000062
Directory.subfile.size=40075
Directory.subfile.md5=39B6747C841DF9A9895D11C605F1029C
Directory.subfile.filedate=1340135108
Directory.subfile.filedatetext=2012-06-19 19:45:08
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000063
Directory.subfile.size=174751
Directory.subfile.md5=31978A157C3E1D60A2CCDB8C27A92787
Directory.subfile.filedate=1340135108
Directory.subfile.filedatetext=2012-06-19 19:45:08
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000065
Directory.subfile.size=40180
Directory.subfile.md5=0B3A70669A919310CC5B77F1F70DA26F
Directory.subfile.filedate=1340187055
Directory.subfile.filedatetext=2012-06-20 10:10:55
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000066
Directory.subfile.size=25765
Directory.subfile.md5=99EF16063325F9A7320AB9C054FA6AD7
Directory.subfile.filedate=1340187058
Directory.subfile.filedatetext=2012-06-20 10:10:58
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000067
Directory.subfile.size=174758
Directory.subfile.md5=9478A7A1C65DD7848FDCEA4AAD3C3D42
Directory.subfile.filedate=1340187058
Directory.subfile.filedatetext=2012-06-20 10:10:58
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000068
Directory.subfile.size=40082
Directory.subfile.md5=335151604D29AC5BCE00193BBE2F1AD3
Directory.subfile.filedate=1340187059
Directory.subfile.filedatetext=2012-06-20 10:10:58
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000069
Directory.subfile.size=30727
Directory.subfile.md5=873A9421DB11A5B5D247211C2FAB5A24
Directory.subfile.filedate=1340187061
Directory.subfile.filedatetext=2012-06-20 10:11:00
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00006b
Directory.subfile.size=35856
Directory.subfile.md5=7F0D511768F2C34CFD13FC11AA0D3047
Directory.subfile.filedate=1340187074
Directory.subfile.filedatetext=2012-06-20 10:11:14
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00006e
Directory.subfile.size=175002
Directory.subfile.md5=CC9D54A067FC64F5A1A4C5B715532EBC
Directory.subfile.filedate=1340274006
Directory.subfile.filedatetext=2012-06-21 10:20:06
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000071
Directory.subfile.size=35146
Directory.subfile.md5=E92D6966651D677FCB18514F86512AE7
Directory.subfile.filedate=1340367676
Directory.subfile.filedatetext=2012-06-22 12:21:16
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000072
Directory.subfile.size=17490
Directory.subfile.md5=289D976F51C6DF949A8888E7D7FD8D7A
Directory.subfile.filedate=1340367678
Directory.subfile.filedatetext=2012-06-22 12:21:17
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000073
Directory.subfile.size=36335
Directory.subfile.md5=A7A003713B1A7029C130CE84318EB29D
Directory.subfile.filedate=1340367678
Directory.subfile.filedatetext=2012-06-22 12:21:17
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000074
Directory.subfile.size=172877
Directory.subfile.md5=4B10C6B7B0E50F7DB28A45D317157CED
Directory.subfile.filedate=1340367678
Directory.subfile.filedatetext=2012-06-22 12:21:18
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000076
Directory.subfile.size=35158
Directory.subfile.md5=DBD9EC8C22E0EF5997F63737FAD57F21
Directory.subfile.filedate=1340456531
Directory.subfile.filedatetext=2012-06-23 13:02:11
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000077
Directory.subfile.size=173068
Directory.subfile.md5=6FBB30F4FBBB0219AA2C1AB3F21F04A8
Directory.subfile.filedate=1340456534
Directory.subfile.filedatetext=2012-06-23 13:02:13
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000078
Directory.subfile.size=17487
Directory.subfile.md5=F10734C577C66B7B916E05728C02C080
Directory.subfile.filedate=1340456536
Directory.subfile.filedatetext=2012-06-23 13:02:15
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00007b
Directory.subfile.size=19301
Directory.subfile.md5=699EC23C7AB2C4885259358D58B483F0
Directory.subfile.filedate=1340529878
Directory.subfile.filedatetext=2012-06-24 09:24:38
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\index
Directory.subfile.size=524656
Directory.subfile.md5=E9AC0648C95D7D702A9BAC0795BC4EFA
Directory.subfile.filedate=1337343990
Directory.subfile.filedatetext=2012-05-18 12:26:30
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Video\Common\FacebookVideoCalling
Directory.subfile.size=309
Directory.subfile.md5=1D1845126264CB219DC710331BB8AF4C
Directory.subfile.filedate=1318551118
Directory.subfile.filedatetext=2011-10-14 00:11:58
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Video\Common\shared.lck
Directory.subfile.size=0
Directory.subfile.md5=D41D8CD98F00B204E9800998ECF8427E
Directory.subfile.filedate=1317443947
Directory.subfile.filedatetext=2011-10-01 04:39:06
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Video\Common\shared.xml
Directory.subfile.size=55146
Directory.subfile.md5=D1223C47EDFF4441E1725BB76E423412
Directory.subfile.filedate=1318551118
Directory.subfile.filedatetext=2011-10-14 00:11:58
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\Local Storage\https_www.facebook.com_0.localstorage
Directory.subfile.size=3072
Directory.subfile.md5=59CC57EA58492703F71E46F72702FFD0
Directory.subfile.filedate=1356466656
Directory.subfile.filedatetext=2012-12-25 20:17:36
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\Local Storage\https_www.facebook.com_0.localstorage-journal
Directory.subfile.size=3608
Directory.subfile.md5=1C5A6E6878A3375F58C5CB1C5A7807AC
Directory.subfile.filedate=1356466656
Directory.subfile.filedatetext=2012-12-25 20:17:36
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Video\Common\fb#3aac6fw02cohzldw3lafv2eczjblqyjbirlyycyzi_p3slof8ydv52aqrr_6l_nsx7f8o\call256.dbb
Directory.subfile.size=143
Directory.subfile.md5=B47E89596915BE551B2AD6B3B23D7888
Directory.subfile.filedate=1317445533
Directory.subfile.filedatetext=2011-10-01 05:05:32
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Video\Common\fb#3aac6fw02cohzldw3lafv2eczjblqyjbirlyycyzi_p3slof8ydv52aqrr_6l_nsx7f8o\callmember512.dbb
Directory.subfile.size=313
Directory.subfile.md5=B6112DEDD6A07F99ADD846756CF9CF7A
Directory.subfile.filedate=1317445533
Directory.subfile.filedatetext=2011-10-01 05:05:32
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Video\Common\fb#3aac6fw02cohzldw3lafv2eczjblqyjbirlyycyzi_p3slof8ydv52aqrr_6l_nsx7f8o\config.lck
Directory.subfile.size=0
Directory.subfile.md5=D41D8CD98F00B204E9800998ECF8427E
Directory.subfile.filedate=1317443949
Directory.subfile.filedatetext=2011-10-01 04:39:08
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Video\Common\fb#3aac6fw02cohzldw3lafv2eczjblqyjbirlyycyzi_p3slof8ydv52aqrr_6l_nsx7f8o\config.xml
Directory.subfile.size=2118
Directory.subfile.md5=29F41B5E30CA3368875B8A2BB7D53815
Directory.subfile.filedate=1318551098
Directory.subfile.filedatetext=2011-10-14 00:11:38
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Video\Common\fb#3aac6fw02cohzldw3lafv2eczjblqyjbirlyycyzi_p3slof8ydv52aqrr_6l_nsx7f8o\contactgroup256.dbb
Directory.subfile.size=2925
Directory.subfile.md5=0B6B64C96743CC20957071B9F11828D7
Directory.subfile.filedate=1317443955
Directory.subfile.filedatetext=2011-10-01 04:39:15
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Video\Common\fb#3aac6fw02cohzldw3lafv2eczjblqyjbirlyycyzi_p3slof8ydv52aqrr_6l_nsx7f8o\index2.dat
Directory.subfile.size=256
Directory.subfile.md5=C9404F3F4D656D4C421EF15E9573C06D
Directory.subfile.filedate=1317443973
Directory.subfile.filedatetext=2011-10-01 04:39:33
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Video\Common\fb#3aac6fw02cohzldw3lafv2eczjblqyjbirlyycyzi_p3slof8ydv52aqrr_6l_nsx7f8o\main.lock
Directory.subfile.size=0
Directory.subfile.md5=D41D8CD98F00B204E9800998ECF8427E
Directory.subfile.filedate=1317443949
Directory.subfile.filedatetext=2011-10-01 04:39:08
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Video\Common\fb#3aac6fw02cohzldw3lafv2eczjblqyjbirlyycyzi_p3slof8ydv52aqrr_6l_nsx7f8o\profile256.dbb
Directory.subfile.size=98
Directory.subfile.md5=83C6E0B99D0078F07C78B099CFBD1C72
Directory.subfile.filedate=1318551096
Directory.subfile.filedatetext=2011-10-14 00:11:36
Facebook.Messenger: [SBI $21F6393C] Program directory (Directory, nothing done)
C:\Users\S*******\AppData\Local\Facebook\CrashReports\
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Facebook.Messenger: [SBI $33FCC3BA] Program directory (Directory, nothing done)
C:\Users\S*******\AppData\Local\Facebook\Messenger\
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.log
Directory.subfile.size=1848
Directory.subfile.md5=B2366AA550379CF0D6D225322C33F386
Directory.subfile.filedate=1362835873
Directory.subfile.filedatetext=2013-03-09 13:31:12
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.settings
Directory.subfile.size=3865
Directory.subfile.md5=1A844260D2043914D04973EE787BD5BF
Directory.subfile.filedate=1362839105
Directory.subfile.filedatetext=2013-03-09 14:25:04
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\Cookies
Directory.subfile.size=12288
Directory.subfile.md5=5FB25928844B95C841C1904381CEDEDB
Directory.subfile.filedate=1362843580
Directory.subfile.filedatetext=2013-03-09 15:39:39
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\Cookies-journal
Directory.subfile.size=8768
Directory.subfile.md5=7DC75E7F0C230180EC4F6835AEF34777
Directory.subfile.filedate=1362843580
Directory.subfile.filedatetext=2013-03-09 15:39:39
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\data_0
Directory.subfile.size=45056
Directory.subfile.md5=C278A021032BAF870B20A53145A13C29
Directory.subfile.filedate=1340533534
Directory.subfile.filedatetext=2012-06-24 10:25:33
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\data_1
Directory.subfile.size=270336
Directory.subfile.md5=78641D067CC6BA6A54CE643D20609855
Directory.subfile.filedate=1340533534
Directory.subfile.filedatetext=2012-06-24 10:25:33
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\data_2
Directory.subfile.size=3153920
Directory.subfile.md5=BA8578835B6F3C226F45F2C6C8ED2480
Directory.subfile.filedate=1340533534
Directory.subfile.filedatetext=2012-06-24 10:25:33
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\data_3
Directory.subfile.size=4202496
Directory.subfile.md5=5778F8C5A606F25E8EFB844E59E02900
Directory.subfile.filedate=1340533534
Directory.subfile.filedatetext=2012-06-24 10:25:33
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000001
Directory.subfile.size=17073
Directory.subfile.md5=57F56736E4DD1CEE8FEF35B4298163EB
Directory.subfile.filedate=1337344004
Directory.subfile.filedatetext=2012-05-18 12:26:43
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000002
Directory.subfile.size=46699
Directory.subfile.md5=9C5B9B1A15C609C232CF6AD5107C6A81
Directory.subfile.filedate=1337344004
Directory.subfile.filedatetext=2012-05-18 12:26:43
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000003
Directory.subfile.size=30625
Directory.subfile.md5=1A628CC9F48CDB32A121FE5FB323765A
Directory.subfile.filedate=1337344004
Directory.subfile.filedatetext=2012-05-18 12:26:44
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000004
Directory.subfile.size=130558
Directory.subfile.md5=82DDB78A12C18FA2B8D26DEF8E8BE04C
Directory.subfile.filedate=1337344004
Directory.subfile.filedatetext=2012-05-18 12:26:44
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000005
Directory.subfile.size=18863
Directory.subfile.md5=0B52207D6F2E5DD283488783CEE62F23
Directory.subfile.filedate=1337344006
Directory.subfile.filedatetext=2012-05-18 12:26:45
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000007
Directory.subfile.size=33138
Directory.subfile.md5=45C30A85E732BB5C447833C66B5C5708
Directory.subfile.filedate=1337344006
Directory.subfile.filedatetext=2012-05-18 12:26:46
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000008
Directory.subfile.size=141709
Directory.subfile.md5=2B89EEC6A7A68FA2E0B1206161156E4A
Directory.subfile.filedate=1337344007
Directory.subfile.filedatetext=2012-05-18 12:26:46
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00000a
Directory.subfile.size=141707
Directory.subfile.md5=B8BB2448CA3892CF1A427C0BBC06AE95
Directory.subfile.filedate=1337540325
Directory.subfile.filedatetext=2012-05-20 18:58:45
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00000f
Directory.subfile.size=18626
Directory.subfile.md5=7BE6208182ACE71FA9AD5EBADB0D0BA4
Directory.subfile.filedate=1337764608
Directory.subfile.filedatetext=2012-05-23 09:16:47
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000010
Directory.subfile.size=46332
Directory.subfile.md5=236B82BFEB2F4A87CB09A51813383FFC
Directory.subfile.filedate=1337764608
Directory.subfile.filedatetext=2012-05-23 09:16:48
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000011
Directory.subfile.size=22280
Directory.subfile.md5=B8A55EB1B8F2048B4C80988E11C77141
Directory.subfile.filedate=1337764614
Directory.subfile.filedatetext=2012-05-23 09:16:53
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000012
Directory.subfile.size=144681
Directory.subfile.md5=EE032D885CD72FD89B3D0C94B8FB0477
Directory.subfile.filedate=1337764614
Directory.subfile.filedatetext=2012-05-23 09:16:53
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000013
Directory.subfile.size=26168
Directory.subfile.md5=1E85EC550FC7A3BCD0DD03771B18F193
Directory.subfile.filedate=1337764614
Directory.subfile.filedatetext=2012-05-23 09:16:54
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000014
Directory.subfile.size=58156
Directory.subfile.md5=3141A2F4F9024DC7BF145ACA50329759
Directory.subfile.filedate=1337764614
Directory.subfile.filedatetext=2012-05-23 09:16:54
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000018
Directory.subfile.size=46336
Directory.subfile.md5=F0B74545231D2256A57E6D8562E097A6
Directory.subfile.filedate=1337855358
Directory.subfile.filedatetext=2012-05-24 10:29:18
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000019
Directory.subfile.size=144691
Directory.subfile.md5=60000D7D8E0AE84BF00C81D0C4A11A75
Directory.subfile.filedate=1337855364
Directory.subfile.filedatetext=2012-05-24 10:29:24
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00001a
Directory.subfile.size=58140
Directory.subfile.md5=5A9BA7EE48F23B8C085CC6B56CBD67ED
Directory.subfile.filedate=1337855366
Directory.subfile.filedatetext=2012-05-24 10:29:25
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00001e
Directory.subfile.size=18645
Directory.subfile.md5=93756ED2E868638A8B8B380A6606C123
Directory.subfile.filedate=1338204427
Directory.subfile.filedatetext=2012-05-28 11:27:06
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00001f
Directory.subfile.size=46392
Directory.subfile.md5=C15E50E2DB25AC38494A17C4377AD2ED
Directory.subfile.filedate=1338204427
Directory.subfile.filedatetext=2012-05-28 11:27:06
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000020
Directory.subfile.size=58114
Directory.subfile.md5=AA6C50461438794E7DB035DDC96B4030
Directory.subfile.filedate=1338204431
Directory.subfile.filedatetext=2012-05-28 11:27:10
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000021
Directory.subfile.size=144761
Directory.subfile.md5=D2D5C4C91AC1588D26864684C55F1B70
Directory.subfile.filedate=1338204431
Directory.subfile.filedatetext=2012-05-28 11:27:10
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000024
Directory.subfile.size=35071
Directory.subfile.md5=C8AD5FA0B22DD054A8C3EFBF4017ECF5
Directory.subfile.filedate=1338319325
Directory.subfile.filedatetext=2012-05-29 19:22:04
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000025
Directory.subfile.size=46423
Directory.subfile.md5=B95D0D24E33893D2F9B6D6CB4CAD0416
Directory.subfile.filedate=1338390482
Directory.subfile.filedatetext=2012-05-30 15:08:02
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000027
Directory.subfile.size=18639
Directory.subfile.md5=2285E6A24AE0B375099191854B5A531E
Directory.subfile.filedate=1338407298
Directory.subfile.filedatetext=2012-05-30 19:48:18
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000028
Directory.subfile.size=18639
Directory.subfile.md5=5604EB2A646BB7B40CFBEA737DCDB61D
Directory.subfile.filedate=1338494004
Directory.subfile.filedatetext=2012-05-31 19:53:23
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000029
Directory.subfile.size=45880
Directory.subfile.md5=6BE28E29867DA6A061B2EB482A7267A5
Directory.subfile.filedate=1338494004
Directory.subfile.filedatetext=2012-05-31 19:53:23
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00002a
Directory.subfile.size=26885
Directory.subfile.md5=6203334E43801847A08E7166486DC5D1
Directory.subfile.filedate=1338494008
Directory.subfile.filedatetext=2012-05-31 19:53:27
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00002b
Directory.subfile.size=35433
Directory.subfile.md5=4E30762154A20A7328CF19324ABB5FE3
Directory.subfile.filedate=1338494008
Directory.subfile.filedatetext=2012-05-31 19:53:27
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00002c
Directory.subfile.size=147024
Directory.subfile.md5=3E5E4E7552EA4664C7CEBC415295D1EA
Directory.subfile.filedate=1338494008
Directory.subfile.filedatetext=2012-05-31 19:53:27
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00002f
Directory.subfile.size=18638
Directory.subfile.md5=D8C30A336813AD99FDA1BFD7D14D9E06
Directory.subfile.filedate=1338809721
Directory.subfile.filedatetext=2012-06-04 11:35:20
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000030
Directory.subfile.size=35580
Directory.subfile.md5=79574B4082520F30CB8D5734C484AE0F
Directory.subfile.filedate=1338809725
Directory.subfile.filedatetext=2012-06-04 11:35:24
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000031
Directory.subfile.size=147152
Directory.subfile.md5=E0D52CC6ED91B7A92EFF6A20BA955C13
Directory.subfile.filedate=1338809725
Directory.subfile.filedatetext=2012-06-04 11:35:24
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000035
Directory.subfile.size=18754
Directory.subfile.md5=DA8A1E1DDEA90F7EE04E20332283B1D9
Directory.subfile.filedate=1339070924
Directory.subfile.filedatetext=2012-06-07 12:08:44
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000036
Directory.subfile.size=40097
Directory.subfile.md5=D27017C6FCC68FF080D6B5C835BCA139
Directory.subfile.filedate=1339070924
Directory.subfile.filedatetext=2012-06-07 12:08:44
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000037
Directory.subfile.size=17646
Directory.subfile.md5=5A0BE7FCD11052FE9321CFEA16BAD52B
Directory.subfile.filedate=1339070927
Directory.subfile.filedatetext=2012-06-07 12:08:47
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000038
Directory.subfile.size=38253
Directory.subfile.md5=489F4C17D680CE6E526B59600B00C583
Directory.subfile.filedate=1339070927
Directory.subfile.filedatetext=2012-06-07 12:08:47
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000039
Directory.subfile.size=148322
Directory.subfile.md5=014BEB6B72BF205123238C80A0481240
Directory.subfile.filedate=1339070928
Directory.subfile.filedatetext=2012-06-07 12:08:47
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00003c
Directory.subfile.size=40097
Directory.subfile.md5=EF9355DF133533A4BA9EB6ACAC1F0AC2
Directory.subfile.filedate=1339165405
Directory.subfile.filedatetext=2012-06-08 14:23:25
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00003d
Directory.subfile.size=38511
Directory.subfile.md5=BBBE4E89D684C65AD38993CF5087A270
Directory.subfile.filedate=1339165408
Directory.subfile.filedatetext=2012-06-08 14:23:27
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000041
Directory.subfile.size=18757
Directory.subfile.md5=9E787E6071F58C604A779AD3EA94FEC2
Directory.subfile.filedate=1339257341
Directory.subfile.filedatetext=2012-06-09 15:55:41
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000042
Directory.subfile.size=40098
Directory.subfile.md5=8E2965038797FFFE145DC8FFE915F130
Directory.subfile.filedate=1339257341
Directory.subfile.filedatetext=2012-06-09 15:55:41
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000043
Directory.subfile.size=38555
Directory.subfile.md5=01DA4D49371A5E0F7EBABE9FF6501239
Directory.subfile.filedate=1339257342
Directory.subfile.filedatetext=2012-06-09 15:55:41
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000044
Directory.subfile.size=148316
Directory.subfile.md5=1B763B4B5A4DCF7B523F51D62319E25E
Directory.subfile.filedate=1339257342
Directory.subfile.filedatetext=2012-06-09 15:55:41
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00004c
Directory.subfile.size=18888
Directory.subfile.md5=AF82B2907049731FC7E742B83C0A807C
Directory.subfile.filedate=1339581845
Directory.subfile.filedatetext=2012-06-13 10:04:05
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00004d
Directory.subfile.size=41085
Directory.subfile.md5=E7DD184A862067E8D27C736C03C1FF16
Directory.subfile.filedate=1339581845
Directory.subfile.filedatetext=2012-06-13 10:04:05
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00004e
Directory.subfile.size=17729
Directory.subfile.md5=8719AEA9F0E6B51848552883BB616702
Directory.subfile.filedate=1339581847
Directory.subfile.filedatetext=2012-06-13 10:04:07
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00004f
Directory.subfile.size=36888
Directory.subfile.md5=8800B5C23FA5DC8FE6495577E9071469
Directory.subfile.filedate=1339581847
Directory.subfile.filedatetext=2012-06-13 10:04:07
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000050
Directory.subfile.size=147801
Directory.subfile.md5=6D167F87562C55F4A84E34A78EEAA441
Directory.subfile.filedate=1339581847
Directory.subfile.filedatetext=2012-06-13 10:04:07
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000051
Directory.subfile.size=16556
Directory.subfile.md5=F071343D32584FD69952C4C5CFADAF9E
Directory.subfile.filedate=1339581848
Directory.subfile.filedatetext=2012-06-13 10:04:07
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000054
Directory.subfile.size=147789
Directory.subfile.md5=AEDCD9807B3B3E89451A7A43775CE1A2
Directory.subfile.filedate=1339760857
Directory.subfile.filedatetext=2012-06-15 11:47:36
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000057
Directory.subfile.size=36048
Directory.subfile.md5=574AF0F1F03299C42D1C08A32C0C2B84
Directory.subfile.filedate=1339779358
Directory.subfile.filedatetext=2012-06-15 16:55:58
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000059
Directory.subfile.size=18889
Directory.subfile.md5=26CCCD92C980190ED3FEF26F5BB9A79A
Directory.subfile.filedate=1340018232
Directory.subfile.filedatetext=2012-06-18 11:17:11
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00005a
Directory.subfile.size=41096
Directory.subfile.md5=603FA09CEA47F63EAE8FD3EC09E5B0D5
Directory.subfile.filedate=1340018232
Directory.subfile.filedatetext=2012-06-18 11:17:11
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00005b
Directory.subfile.size=147932
Directory.subfile.md5=8F5BA7762E7A23B25A7DDC9A67BC0389
Directory.subfile.filedate=1340018235
Directory.subfile.filedatetext=2012-06-18 11:17:15
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00005f
Directory.subfile.size=18850
Directory.subfile.md5=0D97E0F7410F3CE3CE68E0DEFD662FD2
Directory.subfile.filedate=1340135107
Directory.subfile.filedatetext=2012-06-19 19:45:07
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000060
Directory.subfile.size=40176
Directory.subfile.md5=D6D11EA6BCBA4FEAA621F0BC39DE466A
Directory.subfile.filedate=1340135107
Directory.subfile.filedatetext=2012-06-19 19:45:07
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000061
Directory.subfile.size=25663
Directory.subfile.md5=A82BB05C86FE5F23B9229DDE151A73BB
Directory.subfile.filedate=1340135108
Directory.subfile.filedatetext=2012-06-19 19:45:08
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000062
Directory.subfile.size=40075
Directory.subfile.md5=39B6747C841DF9A9895D11C605F1029C
Directory.subfile.filedate=1340135108
Directory.subfile.filedatetext=2012-06-19 19:45:08
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000063
Directory.subfile.size=174751
Directory.subfile.md5=31978A157C3E1D60A2CCDB8C27A92787
Directory.subfile.filedate=1340135108
Directory.subfile.filedatetext=2012-06-19 19:45:08
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000065
Directory.subfile.size=40180
Directory.subfile.md5=0B3A70669A919310CC5B77F1F70DA26F
Directory.subfile.filedate=1340187055
Directory.subfile.filedatetext=2012-06-20 10:10:55
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000066
Directory.subfile.size=25765
Directory.subfile.md5=99EF16063325F9A7320AB9C054FA6AD7
Directory.subfile.filedate=1340187058
Directory.subfile.filedatetext=2012-06-20 10:10:58
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000067
Directory.subfile.size=174758
Directory.subfile.md5=9478A7A1C65DD7848FDCEA4AAD3C3D42
Directory.subfile.filedate=1340187058
Directory.subfile.filedatetext=2012-06-20 10:10:58
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000068
Directory.subfile.size=40082
Directory.subfile.md5=335151604D29AC5BCE00193BBE2F1AD3
Directory.subfile.filedate=1340187059
Directory.subfile.filedatetext=2012-06-20 10:10:58
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000069
Directory.subfile.size=30727
Directory.subfile.md5=873A9421DB11A5B5D247211C2FAB5A24
Directory.subfile.filedate=1340187061
Directory.subfile.filedatetext=2012-06-20 10:11:00
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00006b
Directory.subfile.size=35856
Directory.subfile.md5=7F0D511768F2C34CFD13FC11AA0D3047
Directory.subfile.filedate=1340187074
Directory.subfile.filedatetext=2012-06-20 10:11:14
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00006e
Directory.subfile.size=175002
Directory.subfile.md5=CC9D54A067FC64F5A1A4C5B715532EBC
Directory.subfile.filedate=1340274006
Directory.subfile.filedatetext=2012-06-21 10:20:06
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000071
Directory.subfile.size=35146
Directory.subfile.md5=E92D6966651D677FCB18514F86512AE7
Directory.subfile.filedate=1340367676
Directory.subfile.filedatetext=2012-06-22 12:21:16
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000072
Directory.subfile.size=17490
Directory.subfile.md5=289D976F51C6DF949A8888E7D7FD8D7A
Directory.subfile.filedate=1340367678
Directory.subfile.filedatetext=2012-06-22 12:21:17
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000073
Directory.subfile.size=36335
Directory.subfile.md5=A7A003713B1A7029C130CE84318EB29D
Directory.subfile.filedate=1340367678
Directory.subfile.filedatetext=2012-06-22 12:21:17
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000074
Directory.subfile.size=172877
Directory.subfile.md5=4B10C6B7B0E50F7DB28A45D317157CED
Directory.subfile.filedate=1340367678
Directory.subfile.filedatetext=2012-06-22 12:21:18
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000076
Directory.subfile.size=35158
Directory.subfile.md5=DBD9EC8C22E0EF5997F63737FAD57F21
Directory.subfile.filedate=1340456531
Directory.subfile.filedatetext=2012-06-23 13:02:11
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000077
Directory.subfile.size=173068
Directory.subfile.md5=6FBB30F4FBBB0219AA2C1AB3F21F04A8
Directory.subfile.filedate=1340456534
Directory.subfile.filedatetext=2012-06-23 13:02:13
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000078
Directory.subfile.size=17487
Directory.subfile.md5=F10734C577C66B7B916E05728C02C080
Directory.subfile.filedate=1340456536
Directory.subfile.filedatetext=2012-06-23 13:02:15
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00007b
Directory.subfile.size=19301
Directory.subfile.md5=699EC23C7AB2C4885259358D58B483F0
Directory.subfile.filedate=1340529878
Directory.subfile.filedatetext=2012-06-24 09:24:38
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\index
Directory.subfile.size=524656
Directory.subfile.md5=E9AC0648C95D7D702A9BAC0795BC4EFA
Directory.subfile.filedate=1337343990
Directory.subfile.filedatetext=2012-05-18 12:26:30
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\Local Storage\https_www.facebook.com_0.localstorage
Directory.subfile.size=3072
Directory.subfile.md5=59CC57EA58492703F71E46F72702FFD0
Directory.subfile.filedate=1356466656
Directory.subfile.filedatetext=2012-12-25 20:17:36
Directory.subfile=C:\Users\S*******\AppData\Local\Facebook\Messenger\fbmessenger.cache\Local Storage\https_www.facebook.com_0.localstorage-journal
Directory.subfile.size=3608
Directory.subfile.md5=1C5A6E6878A3375F58C5CB1C5A7807AC
Directory.subfile.filedate=1356466656
Directory.subfile.filedatetext=2012-12-25 20:17:36
OpenCandy: [SBI $5EE9E67B] Program directory (Directory, nothing done)
C:\Users\S*******\AppData\Roaming\OpenCandy\
Category=PUPS
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Directory.subfile=C:\Users\S*******\AppData\Roaming\OpenCandy\09B75D40344541AAB9D186AA2CF4C754\TuneUpUtilities2012_de-DE-p2v0.exe
Directory.subfile.size=4341324
Directory.subfile.md5=71C418792D4800B46ED83CAA0995587D
Directory.subfile.filedate=1341615024
Directory.subfile.filedatetext=2012-07-06 22:50:24
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\M***** Arbeit\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TEE27665\cdn.flashtalking.com\ftLocalComms.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=61
Properties.md5=DEB168CBF71E13562EC9A0D7CE266359
Properties.filedate=1352201245
Properties.filedatetext=2012-11-06 11:27:24
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\M***** Arbeit\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TEE27665\s-static.ak.fbcdn.net\play.spotify.com.sol
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Properties.size=87
Properties.md5=A87B5080ADC55F816C32ABC18A5E1956
Properties.filedate=1344782058
Properties.filedatetext=2012-08-12 14:34:17
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (Benutzer): S*******) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WebTrends live: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Adviva: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: S******* (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: M***** Arbeit (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: M***** Arbeit (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: M***** Arbeit (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: M***** Arbeit (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: M***** Arbeit (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WebTrends live: [SBI $4E2AF2AC] Tracking cookie (Firefox: M***** Arbeit (default)) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Internet Explorer\TypedURLs
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1004\Software\Microsoft\Internet Explorer\TypedURLs
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $FF589D0C] Download directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Internet Explorer\Download Directory
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Microsoft Management Console\Recent File List
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Media Player: [SBI $3EE69CC3] Save as Directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\MediaPlayer\Player\Settings\SaveAsDir
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Media Player: [SBI $656F1808] Search terms history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1004\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1004\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Office 12.0: [SBI $31A61065] Internet history (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Office\12.0\Common\Internet\UseRWHlinkNavigation
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Office\12.0\Excel\File MRU
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Office 12.0 (PowerPoint): [SBI $242E8728] Recent Slideshow List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Office\12.0\PowerPoint\File MRU
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Office\12.0\Word\File MRU
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1004\Software\Microsoft\Office\12.0\Word\File MRU
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $16E309E0] Open with list - .ASF extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1004\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1004\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1004\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\WinRAR\ArcHistory
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1004\Software\WinRAR\ArcHistory
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $A59A1C0A] Recent exe file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\WinRAR\DialogEditHistory\ArcName
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\WinRAR\General\LastFolder
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1004\Software\WinRAR\General\LastFolder
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\WinRAR\DialogEditHistory\ExtrPath
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1004\Software\WinRAR\DialogEditHistory\ExtrPath
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $49804B54] Browser: Cookie (15) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cache: [SBI $49804B54] Browser: Cache (851) (Browser: Cache, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Verlauf: [SBI $49804B54] Browser: History (3) (Browser: History, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $49804B54] Browser: Cookie (3209) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $49804B54] Browser: Cookie (3) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $49804B54] Browser: Cookie (176) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
--- Spybot - Search & Destroy version: 2.6.44.134 DLL (build: 20160321) ---
2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2016-03-21 SDCleaner.exe (2.6.44.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2016-03-21 SDImmunize.exe (2.6.44.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2016-03-21 SDScan.exe (2.6.44.181)
2014-06-24 SDScript.exe (2.4.40.54)
2016-03-21 SDSettings.exe (2.6.44.141)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2016-09-21 SDUpdSvc.exe (2.5.44.79)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2016-05-02 spybotsd2-install-iefreezefix.exe (2.4.40.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2016-09-21 spybotsd2-updater-update.exe (2.6.52.0)
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2016-10-04 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2016-03-21 DelZip192.dll (1.9.2.132)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2014-04-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2016-03-21 SDScanLibrary.dll (2.6.44.134)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2015-04-22 Includes\Adware-000.sbi (*)
2015-08-05 Includes\Adware-001.sbi (*)
2016-09-28 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2015-07-29 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2016-07-06 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2015-12-23 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2016-08-31 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2016-06-14 Includes\Malware-002.sbi (*)
2015-11-19 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2016-09-28 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2016-09-28 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2015-12-02 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2016-08-10 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2016-09-28 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
|
|
05.10.2016, 05:12
| #2 |
| | FRST Logs des PCs Dann habe ich dieses Forum gefunden (wegen Somoto) und hier die FRST Logs:
__________________Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
durchgeführt von S******* (Administrator) auf S*******-PC (05-10-2016 05:11:38)
Gestartet von C:\Users\S*******\Desktop
Geladene Profile: S******* & M***** Arbeit (Verfügbare Profile: S******* & M***** Arbeit)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Windows\SysWOW64\WinService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Spotify Ltd) C:\Users\S*******\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\S*******\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(Google Inc.) C:\Users\S*******\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\S*******\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Gaming Mouse\Gaming Mouse.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Google Inc.) C:\Users\S*******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\S*******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\S*******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\S*******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\S*******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\S*******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\S*******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\S*******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\S*******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\S*******\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Six Engine] => C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [830064 2016-09-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Gaming Mouse] => C:\Gaming Mouse\Gaming Mouse.exe [1306624 2009-09-30] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1009632 2016-08-29] (DivX, LLC)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-04-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2014-03-27] (AVM Berlin)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\Run: [Dropbox Update] => C:\Users\S*******\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-10] (Dropbox, Inc.)
HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\Run: [Spotify Web Helper] => C:\Users\S*******\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-28] (Spotify Ltd)
HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\Run: [Google Update] => C:\Users\S*******\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc.)
HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\MountPoints2: {80c0811a-c237-11df-ae99-485b39cadc8b} - G:\Startme.exe
HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)
Startup: C:\Users\S*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\S*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\S*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk [2014-10-30]
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
Startup: C:\Users\S*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012-12-02]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts-x32: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{19788EF5-A1F6-438D-9E1F-84AFDC831A13}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{54FA2367-1321-4D35-B2AD-A0EE3952BA63}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5F67C636-D9C4-42B6-9FC8-FA0046ACC77B}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F036811B-F24E-4DF4-AF62-19B9965DC941}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000 - (Kein Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - Keine Datei
URLSearchHook: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000 - (Kein Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Keine Datei
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3321902&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP75D5A2C0-1232-4AF2-8B6C-33F682632E34&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000 -> {0E146517-62AD-4F94-B2CA-2C1966489A58} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000 -> {7A5B088D-B1B2-47A0-8236-154E4B23CDAB} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&q={searchTerms}&gu=2f92fc4cedb54bca865a0e336386c80d&tu=10GXz009Y1B0CO0&sku=&tstsId=&ver=&&r=859
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-23] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-23] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000 -> Kein Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - Keine Datei
Toolbar: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000 -> Kein Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - Keine Datei
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Keine Datei
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\S*******\AppData\Roaming\Mozilla\Firefox\Profiles\r59s22ry.default [2016-10-05]
FF user.js: detected! => C:\Users\S*******\AppData\Roaming\Mozilla\Firefox\Profiles\r59s22ry.default\user.js [2013-12-31]
FF Homepage: Mozilla\Firefox\Profiles\r59s22ry.default -> hxxps://www.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
FF Extension: (Avira Browser Safety) - C:\Users\S*******\AppData\Roaming\Mozilla\Firefox\Profiles\r59s22ry.default\Extensions\abs@avira.com [2015-10-23] [ist nicht signiert]
FF SearchPlugin: C:\Users\S*******\AppData\Roaming\Mozilla\Firefox\Profiles\r59s22ry.default\searchplugins\yahoo-web.xml [2016-01-08]
FF Extension: (Neuer Tab von Yahoo) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-11-24] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (DVDVideoSoft YouTube MP3 and Video Download) - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2012-12-08] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-01-21] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [Keine Datei]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-09-06] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.91 -> C:\Program Files (x86)\NOS\bin\np_gp.dll [2010-09-01] (NOS Microsystems Ltd.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-09] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1935282697-2757325891-1977791356-1000: @phonostar.de/phonostar -> C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-1935282697-2757325891-1977791356-1000: @tools.google.com/Google Update;version=3 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1935282697-2757325891-1977791356-1000: @tools.google.com/Google Update;version=9 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1935282697-2757325891-1977791356-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\S*******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-07-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1935282697-2757325891-1977791356-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll [2012-09-15] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-1935282697-2757325891-1977791356-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-09] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/","about:blank","hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=DE&gu=2f92fc4cedb54bca865a0e336386c80d&tu=10GXy00FD1D13P0&sku=&tstsId=&ver=&"
CHR DefaultSearchURL: Profile 1 -> hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Profile 1 -> Yahoo
CHR DefaultSuggestURL: Profile 1 -> hxxps://de.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Default [2016-10-05]
CHR Profile: C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-10-05]
CHR Extension: (Google Präsentationen) - C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-24]
CHR Extension: (Google Docs) - C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-25]
CHR Extension: (Google Drive) - C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-25]
CHR Extension: (YouTube) - C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-25]
CHR Extension: (Google Cast) - C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-04-30]
CHR Extension: (Adblock Plus) - C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-23]
CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2016-05-31]
CHR Extension: (Yahoo Web) - C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eedgghdcpmmmilkmfpnklknlenbiolec [2016-04-24]
CHR Extension: (Google Tabellen) - C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-24]
CHR Extension: (Avira Browserschutz) - C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-20]
CHR Extension: (Google Docs Offline) - C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-25]
CHR Extension: (Google Notizen – Notizen & Listen) - C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-10-05]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-24]
CHR Extension: (Google Mail) - C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-25]
CHR Extension: (Chrome Media Router) - C:\Users\S*******\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-20]
CHR HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-08]
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <kein Path/update_url>
StartMenuInternet: Google Chrome - C:\Users\S*******\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [989696 2016-09-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [470600 2016-09-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [470600 2016-09-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1454720 2016-09-09] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [391656 2016-07-22] (Digital Wave Ltd.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2012-09-07] (Freemake) [Datei ist nicht signiert]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-09-01] (NOS Microsystems Ltd.)
R2 SCM_Service; C:\Windows\SysWOW64\WinService.exe [180224 2007-07-17] () [Datei ist nicht signiert]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-02-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [171752 2016-07-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145984 2016-07-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2014-03-27] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-16] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 fwlanusb6; C:\Windows\System32\DRIVERS\fwlanusb6.sys [1327744 2014-03-27] (AVM GmbH)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-11-15] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-02-21] (Kaspersky Lab)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-02-16] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [340992 2007-12-26] (NETGEAR Inc.)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va003; \??\C:\Users\S*******\AppData\Local\Temp\003C9C4.tmp [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-10-05 05:11 - 2016-10-05 05:12 - 00030554 _____ C:\Users\S*******\Desktop\FRST.txt
2016-10-05 05:11 - 2016-10-05 05:11 - 00000000 ____D C:\FRST
2016-10-05 05:10 - 2016-10-05 05:10 - 02405376 _____ (Farbar) C:\Users\S*******\Desktop\FRST64.exe
2016-10-05 04:47 - 2016-10-05 04:47 - 00093856 _____ C:\Users\S*******\Desktop\Scan Results.161005-0447.txt
2016-10-04 23:57 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20161004-235738.backup
2016-10-04 22:54 - 2016-10-04 22:54 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-04 22:54 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-10-04 22:22 - 2016-10-05 04:48 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-10-04 22:22 - 2016-10-04 22:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-10-04 22:22 - 2016-10-04 22:22 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-10-04 22:22 - 2016-10-04 22:22 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-10-04 22:22 - 2016-10-04 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-10-04 22:22 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-10-01 13:23 - 2016-10-01 13:23 - 00000000 ____D C:\Users\S*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-28 10:02 - 2016-09-28 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
2016-09-28 10:02 - 2016-09-28 10:02 - 00000000 ____D C:\Program Files\Bulk Rename Utility
2016-09-28 09:54 - 2016-09-28 09:54 - 00000000 ____D C:\Users\S*******\AppData\Roaming\EFSoftware
2016-09-28 09:51 - 2016-09-28 09:51 - 00000000 ____D C:\Users\S*******\AppData\Local\Tools&More
2016-09-28 09:41 - 2016-09-28 09:48 - 00000000 ____D C:\Users\S*******\AppData\Roaming\XnViewMP
2016-09-28 09:41 - 2016-09-28 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnViewMP
2016-09-28 09:41 - 2016-09-28 09:41 - 00000000 ____D C:\Program Files\XnViewMP
2016-09-06 10:31 - 2016-09-06 10:31 - 00000000 ____D C:\Users\S*******\AppData\Local\Tempdivxdc87
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-10-05 04:56 - 2012-07-03 14:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-05 04:21 - 2011-01-29 00:35 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-05 04:21 - 2011-01-26 11:27 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000UA.job
2016-10-05 04:20 - 2015-06-10 06:09 - 00001236 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000UA.job
2016-10-05 01:20 - 2015-06-10 06:09 - 00001184 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000Core.job
2016-10-04 20:27 - 2011-01-26 11:29 - 00002386 _____ C:\Users\S*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-04 20:24 - 2009-07-14 06:45 - 00023360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-04 20:24 - 2009-07-14 06:45 - 00023360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-04 20:09 - 2011-01-29 00:35 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-04 20:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-01 13:24 - 2015-06-10 06:09 - 00000000 ____D C:\Users\S*******\AppData\Local\Dropbox
2016-10-01 13:23 - 2012-04-03 22:37 - 00000000 ____D C:\Users\S*******\AppData\Roaming\Dropbox
2016-10-01 12:54 - 2012-08-12 13:49 - 00000000 ____D C:\Users\M***** Arbeit
2016-09-30 21:46 - 2016-06-21 21:59 - 00000000 ____D C:\Users\S*******\Desktop\Kram
2016-09-30 21:08 - 2016-07-13 10:45 - 00000000 ____D C:\Users\S*******\Desktop\Ausdrucken
2016-09-30 08:51 - 2014-12-26 13:56 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-29 10:55 - 2009-07-14 19:58 - 00699432 _____ C:\Windows\system32\perfh007.dat
2016-09-29 10:55 - 2009-07-14 19:58 - 00149572 _____ C:\Windows\system32\perfc007.dat
2016-09-29 10:55 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-29 10:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-09-28 13:47 - 2016-01-17 10:03 - 00000000 ____D C:\Users\S*******\AppData\Local\Spotify
2016-09-28 13:06 - 2016-01-17 10:03 - 00000000 ____D C:\Users\S*******\AppData\Roaming\Spotify
2016-09-28 10:00 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-09-28 09:57 - 2010-09-15 16:41 - 00000000 ____D C:\Users\S*******\Desktop\Tools
2016-09-28 09:49 - 2010-09-15 13:19 - 00000000 ____D C:\Windows\Downloaded Installations
2016-09-28 08:21 - 2011-01-26 11:27 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000Core.job
2016-09-27 22:09 - 2016-08-06 01:51 - 00000000 ____D C:\Users\S*******\AppData\Local\The Witcher
2016-09-23 10:59 - 2015-07-31 19:01 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-09-19 13:34 - 2016-02-19 22:42 - 00003640 _____ C:\Windows\System32\Tasks\DivXUpdate
2016-09-19 13:34 - 2014-02-11 00:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2016-09-19 13:34 - 2014-02-10 23:59 - 00000000 ____D C:\Program Files (x86)\DivX
2016-09-19 13:34 - 2014-02-10 23:58 - 00000000 ____D C:\ProgramData\DivX
2016-09-19 13:33 - 2014-02-11 00:01 - 00000000 ____D C:\Users\S*******\AppData\Roaming\DivX
2016-09-19 13:32 - 2014-08-07 10:41 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-19 13:32 - 2012-11-03 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-09-16 09:54 - 2011-11-27 01:14 - 00000000 ____D C:\Users\S*******\AppData\Roaming\DVDVideoSoft
2016-09-14 15:56 - 2012-07-03 14:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-14 15:56 - 2012-03-31 21:36 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-14 15:56 - 2011-11-15 15:50 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-14 15:56 - 2011-05-16 11:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-14 15:56 - 2010-09-15 13:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-05 22:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-10-07 23:15 - 2015-10-07 23:15 - 0003072 _____ () C:\Users\S*******\AppData\Roaming\.spark_db
2015-03-07 01:12 - 2015-03-07 09:39 - 0000000 _____ () C:\Users\S*******\AppData\Roaming\log.txt
2010-10-19 20:29 - 2010-10-19 20:29 - 0000265 _____ () C:\Users\S*******\AppData\Roaming\prefsdb.dat
2010-09-17 16:32 - 2015-05-06 06:22 - 0012288 _____ () C:\Users\S*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-20 19:54 - 2016-06-24 01:57 - 0007605 _____ () C:\Users\S*******\AppData\Local\Resmon.ResmonCfg
2011-04-18 22:20 - 2011-04-18 22:20 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2010-09-17 16:18 - 2010-09-17 16:18 - 0013270 _____ () C:\ProgramData\Sony Ericsson PC Software.ico
Einige Dateien in TEMP:
====================
C:\Users\M***** Arbeit\AppData\Local\Temp\AskSLib.dll
C:\Users\M***** Arbeit\AppData\Local\Temp\avgnt.exe
C:\Users\S*******\AppData\Local\Temp\avgnt.exe
C:\Users\S*******\AppData\Local\Temp\ose00000.exe
C:\Users\S*******\AppData\Local\Temp\uninstall.exe
C:\Users\S*******\AppData\Local\Temp\_is425C.exe
C:\Users\S*******\AppData\Local\Temp\_isEF5D.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-07-07 00:33
==================== Ende von FRST.txt ============================
|
|
05.10.2016, 05:18
| #3 |
| | Logdateien PCCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-10-2016
durchgeführt von S******* (05-10-2016 05:13:20)
Gestartet von C:\Users\S*******\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-09-15 11:08:40)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1935282697-2757325891-1977791356-500 - Administrator - Disabled)
Gast (S-1-5-21-1935282697-2757325891-1977791356-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1935282697-2757325891-1977791356-1006 - Limited - Enabled)
M***** Arbeit (S-1-5-21-1935282697-2757325891-1977791356-1004 - Limited - Enabled) => C:\Users\M***** Arbeit
S******* (S-1-5-21-1935282697-2757325891-1977791356-1000 - Administrator - Enabled) => C:\Users\S*******
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 10.12.0.00302 - ATI Technologies Inc.) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.20.59 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version: - TGRMN Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG3500 series Benutzerregistrierung (HKLM-x32\...\Canon MG3500 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.0 - Canon Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
Compact Wireless-G USB Network Adapter with SpeedBooster Driver - WUSB54GSC (HKLM-x32\...\{89950718-25C5-41A5-95A4-DFCA3DFE491F}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DivX-Setup (HKLM\...\DivX Setup) (Version: 3.0.0.92 - DivX, LLC)
Dropbox (HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\Dropbox) (Version: 11.4.21 - Dropbox, Inc.)
EF Multi File Renamer (HKLM-x32\...\EF Multi File Renamer) (Version: - EFSoftware)
EPU (HKLM-x32\...\{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}) (Version: 1.02.20 - )
Farm Frenzy Inc. (HKLM-x32\...\BFG-Farm Frenzy Inc.) (Version: - )
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Gaming Mouse (HKLM-x32\...\Gaming Mouse 3) (Version: - )
Google Chrome (HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
iTunes (HKLM\...\{77B8B4A5-EE79-4907-A318-2DA86325B8D7}) (Version: 10.1.2.17 - Apple Inc.)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mp3tag v2.50 (HKLM-x32\...\Mp3tag) (Version: v2.50 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
NETGEAR WG111v2 wireless USB 2.0 adapter (HKLM-x32\...\{4102037D-E8E0-48E0-B203-E521D194FB71}) (Version: 1.0.0.133 - NETGEAR)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\{c53aa0ed-a6eb-4213-b1a6-23cac9eb6b2e}) (Version: 2.2.2.55880 - Grinding Gear Games)
Path of Exile (x32 Version: 2.2.2.55880 - Grinding Gear Games) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\Spotify) (Version: 1.0.38.171.g5e1cd7b2 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamSpeak 3 Client (HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.4 (HKLM-x32\...\VLC media player) (Version: 1.1.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
XnViewMP 0.82 (HKLM\...\XnViewMP_is1) (Version: 0.82 - Gougelet Pierre-e)
Xperia Companion (HKLM-x32\...\{8f4f39fa-087f-4e5c-84f3-1433ac7389e9}) (Version: 1.2.8.0 - Sony)
Xperia Companion (x32 Version: 1.2.8.0 - Sony) Hidden
ZoneAlarm Antivirus (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\S*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\S*******\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {07EA1BB8-D730-4687-A505-BDD45C5D2AA5} - System32\Tasks\{C327E247-2B76-43A7-BC03-E8E3378601B2} => pcalua.exe -a D:\Downloads\kaptain-brawe-episode-i_s1_l1_gF6592T1L1_d1130799400.exe -d D:\Downloads
Task: {0A9B533A-293F-4C5D-AB2E-29F4C5AF40D1} - System32\Tasks\{BAD67DAA-3FC9-430D-87A1-ED92AB998676} => pcalua.exe -a D:\Downloads\incredible-express_s2_l2_gF5424T1L2_d1046272154.exe -d C:\Windows
Task: {20812BA3-E1AA-4687-9601-5CDCDEE0A06A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1935282697-2757325891-1977791356-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {24F2D0CC-D252-4045-A3D3-81961C3ADECB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-14] (Adobe Systems Incorporated)
Task: {793D5C85-693B-45B4-84BB-04EE511CA49F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000UA => C:\Users\S*******\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-10] (Dropbox, Inc.)
Task: {9514664A-8E2C-4FCA-9454-D6FA7FE78EAD} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-08-29] (DivX, LLC)
Task: {B684D396-DBDC-4466-A59C-D52B683E268D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {B9726F3A-1BAD-4BB9-B214-7C519FF0817F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000Core => C:\Users\S*******\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {C5DAE9D6-A742-44F9-8853-442F98E31E77} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000Core => C:\Users\S*******\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-10] (Dropbox, Inc.)
Task: {D8504298-ACCA-4A60-8837-AD41292E366B} - System32\Tasks\{784A4B6D-12EA-41B2-B42F-CFC7BA441822} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {E2FC7A97-DB81-4633-8F4B-A63104DD4DA3} - System32\Tasks\{B8E5C9A8-7C41-441C-8F1B-45DB67D30EE3} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.59.119/de/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;userlevelpresent
Task: {E9A63391-FF30-40ED-AB0D-C09398FE0422} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {EAE2F9F7-F3CF-49B5-A54C-0991A08A9089} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {F31583D8-6302-44DD-B1DD-A3CDC6F5AD0F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000UA => C:\Users\S*******\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {F716F40C-A487-44D8-A7BD-5968A4329BDD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {FCEBC1D2-4639-4BB3-A096-E031A047D98A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935282697-2757325891-1977791356-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000Core.job => C:\Users\S*******\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000UA.job => C:\Users\S*******\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000Core.job => C:\Users\S*******\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000UA.job => C:\Users\S*******\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\S*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Notizen – Notizen & Listen.lnk -> C:\Users\S*******\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\S*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\67281a6e9b319029\Google Chrome.lnk -> C:\Users\S*******\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2012-08-01 17:40 - 2011-06-21 09:42 - 00034304 _____ () C:\Windows\System32\sst3cl6.dll
2015-07-31 19:35 - 2013-05-14 11:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2010-09-15 13:26 - 2007-07-17 15:48 - 00180224 _____ () C:\Windows\SysWOW64\WinService.exe
2011-02-12 14:18 - 2010-03-15 12:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2007-02-12 21:51 - 2007-02-12 21:51 - 01111552 _____ () C:\Program Files (x86)\FastStone Capture\FSCapture.exe
2009-09-30 03:05 - 2009-09-30 03:05 - 01306624 _____ () C:\Gaming Mouse\Gaming Mouse.exe
2015-08-04 00:25 - 2015-08-04 00:25 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-03 21:53 - 2012-08-03 21:53 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-01-04 17:19 - 2016-07-22 08:26 - 00114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2016-08-03 23:44 - 2016-07-22 08:24 - 00108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2016-08-03 23:44 - 2016-07-22 08:24 - 00024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2016-08-03 23:44 - 2016-07-22 08:24 - 00048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2016-03-20 14:49 - 2016-09-09 02:53 - 00035792 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-10-01 13:23 - 2016-09-09 02:53 - 00145864 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-10-01 13:23 - 2016-09-09 02:54 - 00019408 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-10-01 13:23 - 2016-09-09 02:53 - 00116688 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-03-20 14:49 - 2016-09-09 02:53 - 00100296 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-03-20 14:49 - 2016-09-09 02:53 - 00018888 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\select.pyd
2016-03-20 14:49 - 2016-09-30 19:44 - 00019760 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-03-20 14:49 - 2016-09-09 02:53 - 00694224 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00020816 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-03-20 14:49 - 2016-09-09 02:54 - 00123856 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 01682760 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00020808 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-03-20 14:49 - 2016-09-09 02:55 - 00105928 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-05 21:23 - 2016-09-30 19:44 - 00021312 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00052024 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00038696 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-10-01 13:23 - 2016-09-09 02:53 - 00392144 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-10-01 13:23 - 2016-09-09 02:55 - 00020936 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-03-20 14:49 - 2016-09-09 02:55 - 00024528 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-03-20 14:49 - 2016-09-09 02:55 - 00116176 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-03-20 14:49 - 2016-09-30 19:44 - 00381752 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-03-20 14:49 - 2016-09-09 02:55 - 00124880 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-05 21:23 - 2016-09-30 19:44 - 00025424 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-03-20 14:49 - 2016-09-09 02:55 - 00024016 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-03-20 14:49 - 2016-09-09 02:55 - 00175560 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-03-20 14:49 - 2016-09-09 02:55 - 00030160 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-03-20 14:49 - 2016-09-09 02:55 - 00043472 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-03-20 14:49 - 2016-09-09 02:55 - 00048592 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-03-20 14:49 - 2016-09-09 02:55 - 00057808 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-03-20 14:49 - 2016-09-09 02:55 - 00024016 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00246592 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00026456 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-03-20 14:49 - 2016-09-09 02:55 - 00028616 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-08-05 21:23 - 2016-09-09 02:54 - 00241104 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-03-20 14:49 - 2016-09-30 19:44 - 00023376 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-03-20 14:49 - 2016-09-30 19:44 - 00020800 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-03-20 14:49 - 2016-09-30 19:44 - 00019776 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-03-20 14:49 - 2016-09-30 19:44 - 00020800 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00020280 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-03-20 14:49 - 2016-09-09 02:55 - 00350152 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-03-20 14:49 - 2016-09-30 19:44 - 00022352 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00024392 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-10-01 13:23 - 2016-09-09 02:51 - 00036296 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\librsync.dll
2016-10-01 13:23 - 2016-09-30 19:43 - 00084280 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-10-01 13:23 - 2016-09-30 19:43 - 01826096 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-03-20 14:49 - 2016-09-09 02:54 - 00083912 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\sip.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00531248 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-10-01 13:23 - 2016-09-30 19:44 - 03928880 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 01972528 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00133424 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00224056 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00207672 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-08-05 21:23 - 2016-09-30 19:44 - 00020288 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-10-01 13:23 - 2016-09-09 02:58 - 00017864 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-10-01 13:23 - 2016-09-09 02:58 - 01631184 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-03-20 14:49 - 2016-09-09 02:55 - 00060880 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-05 21:23 - 2016-09-30 19:44 - 00024904 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00546096 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00357680 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00042808 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-10-01 13:23 - 2016-09-30 19:43 - 00168760 _____ () C:\Users\S*******\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2010-09-15 13:38 - 2009-04-22 20:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
2010-09-15 13:38 - 2010-01-08 17:17 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU\pngio.dll
2010-09-15 13:38 - 2010-01-08 17:17 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
2010-09-15 13:38 - 2010-01-08 17:17 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU\AiNap.dll
2010-09-15 13:38 - 2010-01-08 17:17 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU\vvc.dll
2016-10-04 22:22 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-10-04 22:22 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-10-04 22:22 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-10-04 22:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-10-04 22:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-10-04 20:27 - 2016-09-25 05:47 - 01805416 _____ () C:\Users\S*******\AppData\Local\Google\Chrome\Application\53.0.2785.143\libglesv2.dll
2016-10-04 20:27 - 2016-09-25 05:47 - 00093288 _____ () C:\Users\S*******\AppData\Local\Google\Chrome\Application\53.0.2785.143\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:00AA4B31 [260]
AlternateDataStreams: C:\ProgramData\TEMP:00D77978 [123]
AlternateDataStreams: C:\ProgramData\TEMP:0168CC60 [144]
AlternateDataStreams: C:\ProgramData\TEMP:04A18F36 [145]
AlternateDataStreams: C:\ProgramData\TEMP:04ADB7A6 [148]
AlternateDataStreams: C:\ProgramData\TEMP:06CC3FD3 [147]
AlternateDataStreams: C:\ProgramData\TEMP:073139EC [133]
AlternateDataStreams: C:\ProgramData\TEMP:07CBFAD5 [244]
AlternateDataStreams: C:\ProgramData\TEMP:086912D5 [126]
AlternateDataStreams: C:\ProgramData\TEMP:08801FDB [264]
AlternateDataStreams: C:\ProgramData\TEMP:0915A718 [134]
AlternateDataStreams: C:\ProgramData\TEMP:0968E571 [149]
AlternateDataStreams: C:\ProgramData\TEMP:097C4B7D [130]
AlternateDataStreams: C:\ProgramData\TEMP:0ACF1AF5 [129]
AlternateDataStreams: C:\ProgramData\TEMP:0ADF7EEE [124]
AlternateDataStreams: C:\ProgramData\TEMP:0C13C008 [121]
AlternateDataStreams: C:\ProgramData\TEMP:0C2F9CC7 [72]
AlternateDataStreams: C:\ProgramData\TEMP:0E5CFA74 [133]
AlternateDataStreams: C:\ProgramData\TEMP:0FA1EAA7 [131]
AlternateDataStreams: C:\ProgramData\TEMP:109BD730 [126]
AlternateDataStreams: C:\ProgramData\TEMP:10CFA7D4 [145]
AlternateDataStreams: C:\ProgramData\TEMP:11EFE63D [126]
AlternateDataStreams: C:\ProgramData\TEMP:12A012A1 [141]
AlternateDataStreams: C:\ProgramData\TEMP:1349D788 [166]
AlternateDataStreams: C:\ProgramData\TEMP:14362DF8 [240]
AlternateDataStreams: C:\ProgramData\TEMP:149327FE [230]
AlternateDataStreams: C:\ProgramData\TEMP:14B884E8 [112]
AlternateDataStreams: C:\ProgramData\TEMP:159A493A [226]
AlternateDataStreams: C:\ProgramData\TEMP:169E7AC5 [242]
AlternateDataStreams: C:\ProgramData\TEMP:16F4BC64 [141]
AlternateDataStreams: C:\ProgramData\TEMP:18A6D2CC [134]
AlternateDataStreams: C:\ProgramData\TEMP:18E46F07 [127]
AlternateDataStreams: C:\ProgramData\TEMP:193CB03B [276]
AlternateDataStreams: C:\ProgramData\TEMP:19803016 [302]
AlternateDataStreams: C:\ProgramData\TEMP:1A8854EC [147]
AlternateDataStreams: C:\ProgramData\TEMP:1B0EC3D1 [274]
AlternateDataStreams: C:\ProgramData\TEMP:1B3549F2 [260]
AlternateDataStreams: C:\ProgramData\TEMP:1C201DEB [256]
AlternateDataStreams: C:\ProgramData\TEMP:1CD511E5 [146]
AlternateDataStreams: C:\ProgramData\TEMP:1D209D22 [145]
AlternateDataStreams: C:\ProgramData\TEMP:1E86ADD2 [120]
AlternateDataStreams: C:\ProgramData\TEMP:2121613F [128]
AlternateDataStreams: C:\ProgramData\TEMP:2216A431 [246]
AlternateDataStreams: C:\ProgramData\TEMP:24F08129 [130]
AlternateDataStreams: C:\ProgramData\TEMP:2680DDD5 [149]
AlternateDataStreams: C:\ProgramData\TEMP:274516E7 [133]
AlternateDataStreams: C:\ProgramData\TEMP:27C3CD07 [218]
AlternateDataStreams: C:\ProgramData\TEMP:27F44544 [140]
AlternateDataStreams: C:\ProgramData\TEMP:28819F45 [121]
AlternateDataStreams: C:\ProgramData\TEMP:29C0641D [124]
AlternateDataStreams: C:\ProgramData\TEMP:29F0CA7D [137]
AlternateDataStreams: C:\ProgramData\TEMP:2AF04C69 [286]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2CED8825 [278]
AlternateDataStreams: C:\ProgramData\TEMP:2DD32145 [143]
AlternateDataStreams: C:\ProgramData\TEMP:2E928E6E [138]
AlternateDataStreams: C:\ProgramData\TEMP:2EB79F01 [272]
AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6 [123]
AlternateDataStreams: C:\ProgramData\TEMP:309E3827 [125]
AlternateDataStreams: C:\ProgramData\TEMP:3113BD8B [256]
AlternateDataStreams: C:\ProgramData\TEMP:349E5B74 [258]
AlternateDataStreams: C:\ProgramData\TEMP:34FBEA36 [120]
AlternateDataStreams: C:\ProgramData\TEMP:35501BA4 [154]
AlternateDataStreams: C:\ProgramData\TEMP:363E775E [125]
AlternateDataStreams: C:\ProgramData\TEMP:36608448 [146]
AlternateDataStreams: C:\ProgramData\TEMP:37C279BE [118]
AlternateDataStreams: C:\ProgramData\TEMP:384AA0FD [248]
AlternateDataStreams: C:\ProgramData\TEMP:3A4676D7 [292]
AlternateDataStreams: C:\ProgramData\TEMP:3A4C8FE7 [150]
AlternateDataStreams: C:\ProgramData\TEMP:3A7527E8 [146]
AlternateDataStreams: C:\ProgramData\TEMP:3AC0ED43 [264]
AlternateDataStreams: C:\ProgramData\TEMP:3B622E21 [149]
AlternateDataStreams: C:\ProgramData\TEMP:3C0887BF [266]
AlternateDataStreams: C:\ProgramData\TEMP:3CEF7764 [138]
AlternateDataStreams: C:\ProgramData\TEMP:3D507E52 [298]
AlternateDataStreams: C:\ProgramData\TEMP:3FE64CFC [125]
AlternateDataStreams: C:\ProgramData\TEMP:410A2E9A [120]
AlternateDataStreams: C:\ProgramData\TEMP:432EC713 [133]
AlternateDataStreams: C:\ProgramData\TEMP:44E16D4A [262]
AlternateDataStreams: C:\ProgramData\TEMP:45912F61 [190]
AlternateDataStreams: C:\ProgramData\TEMP:45936E12 [123]
AlternateDataStreams: C:\ProgramData\TEMP:46A2F27B [292]
AlternateDataStreams: C:\ProgramData\TEMP:46A32667 [135]
AlternateDataStreams: C:\ProgramData\TEMP:479B1CF9 [135]
AlternateDataStreams: C:\ProgramData\TEMP:49EA4410 [145]
AlternateDataStreams: C:\ProgramData\TEMP:4A01545C [141]
AlternateDataStreams: C:\ProgramData\TEMP:4A966CC2 [141]
AlternateDataStreams: C:\ProgramData\TEMP:4B70A9FA [286]
AlternateDataStreams: C:\ProgramData\TEMP:4C16B46B [128]
AlternateDataStreams: C:\ProgramData\TEMP:4C21784C [140]
AlternateDataStreams: C:\ProgramData\TEMP:4C6F9D77 [113]
AlternateDataStreams: C:\ProgramData\TEMP:4C71A42B [240]
AlternateDataStreams: C:\ProgramData\TEMP:4D28BE4D [134]
AlternateDataStreams: C:\ProgramData\TEMP:4D729D61 [141]
AlternateDataStreams: C:\ProgramData\TEMP:4EC7F009 [122]
AlternateDataStreams: C:\ProgramData\TEMP:4F7FE589 [132]
AlternateDataStreams: C:\ProgramData\TEMP:4FA837B4 [123]
AlternateDataStreams: C:\ProgramData\TEMP:4FC12B9F [296]
AlternateDataStreams: C:\ProgramData\TEMP:518C333F [138]
AlternateDataStreams: C:\ProgramData\TEMP:56C66609 [274]
AlternateDataStreams: C:\ProgramData\TEMP:57176330 [114]
AlternateDataStreams: C:\ProgramData\TEMP:57619D72 [242]
AlternateDataStreams: C:\ProgramData\TEMP:58E38390 [141]
AlternateDataStreams: C:\ProgramData\TEMP:59A6876B [126]
AlternateDataStreams: C:\ProgramData\TEMP:5ACE199E [141]
AlternateDataStreams: C:\ProgramData\TEMP:5B4686D7 [131]
AlternateDataStreams: C:\ProgramData\TEMP:5C02B7AF [126]
AlternateDataStreams: C:\ProgramData\TEMP:5D40B34A [149]
AlternateDataStreams: C:\ProgramData\TEMP:5DABFF83 [119]
AlternateDataStreams: C:\ProgramData\TEMP:5DB4FD98 [136]
AlternateDataStreams: C:\ProgramData\TEMP:60AC3BC3 [124]
AlternateDataStreams: C:\ProgramData\TEMP:60E0AB2A [132]
AlternateDataStreams: C:\ProgramData\TEMP:628C9914 [252]
AlternateDataStreams: C:\ProgramData\TEMP:6301CE40 [146]
AlternateDataStreams: C:\ProgramData\TEMP:6423D635 [130]
AlternateDataStreams: C:\ProgramData\TEMP:65EBB2D9 [252]
AlternateDataStreams: C:\ProgramData\TEMP:66871744 [147]
AlternateDataStreams: C:\ProgramData\TEMP:6757F885 [148]
AlternateDataStreams: C:\ProgramData\TEMP:67842DB7 [127]
AlternateDataStreams: C:\ProgramData\TEMP:67CF910D [138]
AlternateDataStreams: C:\ProgramData\TEMP:69B658DD [140]
AlternateDataStreams: C:\ProgramData\TEMP:69FD6BF0 [94]
AlternateDataStreams: C:\ProgramData\TEMP:6A0A47E7 [246]
AlternateDataStreams: C:\ProgramData\TEMP:6A7417AB [153]
AlternateDataStreams: C:\ProgramData\TEMP:6B7447D4 [143]
AlternateDataStreams: C:\ProgramData\TEMP:6C049F97 [119]
AlternateDataStreams: C:\ProgramData\TEMP:6DDD2723 [124]
AlternateDataStreams: C:\ProgramData\TEMP:6E3C585B [139]
AlternateDataStreams: C:\ProgramData\TEMP:70989864 [126]
AlternateDataStreams: C:\ProgramData\TEMP:716C3D9F [238]
AlternateDataStreams: C:\ProgramData\TEMP:718BC9A6 [147]
AlternateDataStreams: C:\ProgramData\TEMP:71AEFFEB [128]
AlternateDataStreams: C:\ProgramData\TEMP:72449E7D [155]
AlternateDataStreams: C:\ProgramData\TEMP:73B78E79 [129]
AlternateDataStreams: C:\ProgramData\TEMP:7425C891 [137]
AlternateDataStreams: C:\ProgramData\TEMP:751D6870 [280]
AlternateDataStreams: C:\ProgramData\TEMP:77951E04 [123]
AlternateDataStreams: C:\ProgramData\TEMP:7803E9F1 [138]
AlternateDataStreams: C:\ProgramData\TEMP:7804B508 [133]
AlternateDataStreams: C:\ProgramData\TEMP:792BE0F5 [272]
AlternateDataStreams: C:\ProgramData\TEMP:7BB584AA [140]
AlternateDataStreams: C:\ProgramData\TEMP:7C8AA9A6 [288]
AlternateDataStreams: C:\ProgramData\TEMP:7D288858 [310]
AlternateDataStreams: C:\ProgramData\TEMP:7DEE2F6C [133]
AlternateDataStreams: C:\ProgramData\TEMP:7EC01D6D [120]
AlternateDataStreams: C:\ProgramData\TEMP:7F27F87D [121]
AlternateDataStreams: C:\ProgramData\TEMP:81563BC7 [246]
AlternateDataStreams: C:\ProgramData\TEMP:819394CC [146]
AlternateDataStreams: C:\ProgramData\TEMP:81C3FB76 [258]
AlternateDataStreams: C:\ProgramData\TEMP:81CDF454 [266]
AlternateDataStreams: C:\ProgramData\TEMP:86043CD3 [264]
AlternateDataStreams: C:\ProgramData\TEMP:86A2B03C [144]
AlternateDataStreams: C:\ProgramData\TEMP:88C5973F [133]
AlternateDataStreams: C:\ProgramData\TEMP:8967C154 [126]
AlternateDataStreams: C:\ProgramData\TEMP:8AB2162E [103]
AlternateDataStreams: C:\ProgramData\TEMP:8B3C3098 [290]
AlternateDataStreams: C:\ProgramData\TEMP:8B79243A [126]
AlternateDataStreams: C:\ProgramData\TEMP:8C49003C [138]
AlternateDataStreams: C:\ProgramData\TEMP:8DD36B71 [121]
AlternateDataStreams: C:\ProgramData\TEMP:900DF247 [127]
AlternateDataStreams: C:\ProgramData\TEMP:90108DD7 [228]
AlternateDataStreams: C:\ProgramData\TEMP:90595C34 [141]
AlternateDataStreams: C:\ProgramData\TEMP:90FA53E2 [69]
AlternateDataStreams: C:\ProgramData\TEMP:91FE43FF [266]
AlternateDataStreams: C:\ProgramData\TEMP:92DB4653 [128]
AlternateDataStreams: C:\ProgramData\TEMP:95079543 [130]
AlternateDataStreams: C:\ProgramData\TEMP:96646EC1 [270]
AlternateDataStreams: C:\ProgramData\TEMP:97B3B270 [138]
AlternateDataStreams: C:\ProgramData\TEMP:9812B773 [138]
AlternateDataStreams: C:\ProgramData\TEMP:9818E768 [136]
AlternateDataStreams: C:\ProgramData\TEMP:99C301D0 [141]
AlternateDataStreams: C:\ProgramData\TEMP:9A8F071F [270]
AlternateDataStreams: C:\ProgramData\TEMP:9B2BD056 [135]
AlternateDataStreams: C:\ProgramData\TEMP:9CF728A6 [67]
AlternateDataStreams: C:\ProgramData\TEMP:9D03192E [129]
AlternateDataStreams: C:\ProgramData\TEMP:9D2DE4B4 [290]
AlternateDataStreams: C:\ProgramData\TEMP:9EBE8380 [141]
AlternateDataStreams: C:\ProgramData\TEMP:A01F3A87 [252]
AlternateDataStreams: C:\ProgramData\TEMP:A1023D41 [121]
AlternateDataStreams: C:\ProgramData\TEMP:A103830F [132]
AlternateDataStreams: C:\ProgramData\TEMP:A22AF60D [278]
AlternateDataStreams: C:\ProgramData\TEMP:A2B3764A [135]
AlternateDataStreams: C:\ProgramData\TEMP:A2FF62A6 [123]
AlternateDataStreams: C:\ProgramData\TEMP:A4AF8D0D [126]
AlternateDataStreams: C:\ProgramData\TEMP:A5584049 [138]
AlternateDataStreams: C:\ProgramData\TEMP:A5FC8FA1 [124]
AlternateDataStreams: C:\ProgramData\TEMP:A694F56D [280]
AlternateDataStreams: C:\ProgramData\TEMP:A69FAA24 [272]
AlternateDataStreams: C:\ProgramData\TEMP:A6B07419 [258]
AlternateDataStreams: C:\ProgramData\TEMP:A71DCB33 [149]
AlternateDataStreams: C:\ProgramData\TEMP:A76A1B1B [270]
AlternateDataStreams: C:\ProgramData\TEMP:A78B31DD [144]
AlternateDataStreams: C:\ProgramData\TEMP:A851461E [256]
AlternateDataStreams: C:\ProgramData\TEMP:A88BE334 [134]
AlternateDataStreams: C:\ProgramData\TEMP:A8BF0AE2 [294]
AlternateDataStreams: C:\ProgramData\TEMP:A9ABA3FF [128]
AlternateDataStreams: C:\ProgramData\TEMP:AA18FA3A [118]
AlternateDataStreams: C:\ProgramData\TEMP:AAA14AF9 [96]
AlternateDataStreams: C:\ProgramData\TEMP:AC543948 [190]
AlternateDataStreams: C:\ProgramData\TEMP:AC9F291E [282]
AlternateDataStreams: C:\ProgramData\TEMP:AE289451 [145]
AlternateDataStreams: C:\ProgramData\TEMP:AE9351E0 [242]
AlternateDataStreams: C:\ProgramData\TEMP:AEBF3B8E [137]
AlternateDataStreams: C:\ProgramData\TEMP:AFB89C92 [136]
AlternateDataStreams: C:\ProgramData\TEMP:B059B88E [304]
AlternateDataStreams: C:\ProgramData\TEMP:B1381B34 [108]
AlternateDataStreams: C:\ProgramData\TEMP:B190BE3A [288]
AlternateDataStreams: C:\ProgramData\TEMP:B1ADC10E [130]
AlternateDataStreams: C:\ProgramData\TEMP:B2D32F1D [136]
AlternateDataStreams: C:\ProgramData\TEMP:B36361EE [134]
AlternateDataStreams: C:\ProgramData\TEMP:B4530133 [276]
AlternateDataStreams: C:\ProgramData\TEMP:B50D8729 [133]
AlternateDataStreams: C:\ProgramData\TEMP:B7D1FD90 [130]
AlternateDataStreams: C:\ProgramData\TEMP:B8791731 [308]
AlternateDataStreams: C:\ProgramData\TEMP:B96C57D4 [140]
AlternateDataStreams: C:\ProgramData\TEMP:B9A5D589 [276]
AlternateDataStreams: C:\ProgramData\TEMP:BB718C46 [146]
AlternateDataStreams: C:\ProgramData\TEMP:BD8010FE [258]
AlternateDataStreams: C:\ProgramData\TEMP:C3702442 [125]
AlternateDataStreams: C:\ProgramData\TEMP:C3AD9507 [270]
AlternateDataStreams: C:\ProgramData\TEMP:C43C957E [141]
AlternateDataStreams: C:\ProgramData\TEMP:C5340FA1 [148]
AlternateDataStreams: C:\ProgramData\TEMP:C9BC8592 [140]
AlternateDataStreams: C:\ProgramData\TEMP:CB959782 [182]
AlternateDataStreams: C:\ProgramData\TEMP:CBAF0C30 [133]
AlternateDataStreams: C:\ProgramData\TEMP:CC7382F6 [135]
AlternateDataStreams: C:\ProgramData\TEMP:CC8B36B2 [292]
AlternateDataStreams: C:\ProgramData\TEMP:CF82DADF [240]
AlternateDataStreams: C:\ProgramData\TEMP:D01ACC06 [128]
AlternateDataStreams: C:\ProgramData\TEMP:D0AB0B4A [121]
AlternateDataStreams: C:\ProgramData\TEMP:D2C44806 [238]
AlternateDataStreams: C:\ProgramData\TEMP:D2D4B33E [103]
AlternateDataStreams: C:\ProgramData\TEMP:D3181BB4 [131]
AlternateDataStreams: C:\ProgramData\TEMP:D36E068F [135]
AlternateDataStreams: C:\ProgramData\TEMP:D3A89E47 [129]
AlternateDataStreams: C:\ProgramData\TEMP:D576A536 [244]
AlternateDataStreams: C:\ProgramData\TEMP:D882BE37 [296]
AlternateDataStreams: C:\ProgramData\TEMP:D987CB43 [308]
AlternateDataStreams: C:\ProgramData\TEMP:D999FFD5 [130]
AlternateDataStreams: C:\ProgramData\TEMP:DA7655EA [240]
AlternateDataStreams: C:\ProgramData\TEMP:E00A6A60 [286]
AlternateDataStreams: C:\ProgramData\TEMP:E0848D16 [146]
AlternateDataStreams: C:\ProgramData\TEMP:E0A09032 [118]
AlternateDataStreams: C:\ProgramData\TEMP:E11D90D0 [278]
AlternateDataStreams: C:\ProgramData\TEMP:E153075C [274]
AlternateDataStreams: C:\ProgramData\TEMP:E4BC4A41 [134]
AlternateDataStreams: C:\ProgramData\TEMP:E4EE99EF [119]
AlternateDataStreams: C:\ProgramData\TEMP:E5DE9C8F [122]
AlternateDataStreams: C:\ProgramData\TEMP:E5F8E280 [134]
AlternateDataStreams: C:\ProgramData\TEMP:E6708F08 [278]
AlternateDataStreams: C:\ProgramData\TEMP:E9B2C525 [119]
AlternateDataStreams: C:\ProgramData\TEMP:EB2D2CC5 [139]
AlternateDataStreams: C:\ProgramData\TEMP:EB333CFC [126]
AlternateDataStreams: C:\ProgramData\TEMP:EDF12A30 [240]
AlternateDataStreams: C:\ProgramData\TEMP:EE69D7DF [125]
AlternateDataStreams: C:\ProgramData\TEMP:EE7AAC75 [116]
AlternateDataStreams: C:\ProgramData\TEMP:EECF83D1 [119]
AlternateDataStreams: C:\ProgramData\TEMP:EF53A5CA [132]
AlternateDataStreams: C:\ProgramData\TEMP:F1F936DF [238]
AlternateDataStreams: C:\ProgramData\TEMP:F2327E82 [124]
AlternateDataStreams: C:\ProgramData\TEMP:F41FEB14 [133]
AlternateDataStreams: C:\ProgramData\TEMP:F4362715 [124]
AlternateDataStreams: C:\ProgramData\TEMP:F55F0EF6 [123]
AlternateDataStreams: C:\ProgramData\TEMP:F5FC5DCE [138]
AlternateDataStreams: C:\ProgramData\TEMP:F65A2273 [138]
AlternateDataStreams: C:\ProgramData\TEMP:F67947AF [282]
AlternateDataStreams: C:\ProgramData\TEMP:F72306CC [126]
AlternateDataStreams: C:\ProgramData\TEMP:F7370879 [240]
AlternateDataStreams: C:\ProgramData\TEMP:F7581CE6 [147]
AlternateDataStreams: C:\ProgramData\TEMP:F77D6E08 [148]
AlternateDataStreams: C:\ProgramData\TEMP:F8E188F6 [147]
AlternateDataStreams: C:\ProgramData\TEMP:F94BD29B [130]
AlternateDataStreams: C:\ProgramData\TEMP:F98E6C67 [134]
AlternateDataStreams: C:\ProgramData\TEMP:FBA79096 [126]
AlternateDataStreams: C:\ProgramData\TEMP:FC3ECE19 [141]
AlternateDataStreams: C:\ProgramData\TEMP:FC85E75B [140]
AlternateDataStreams: C:\ProgramData\TEMP:FD786DCA [141]
AlternateDataStreams: C:\ProgramData\TEMP:FEE00EB9 [136]
AlternateDataStreams: C:\Users\S*******\Desktop\2015-Q1:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\S*******\Desktop\2015-Q2:com.dropbox.attributes [168]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 7914 mehr Seiten.
IE trusted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\toysrus.de -> hxxps://webvpn.toysrus.de
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\...\123simsen.com -> www.123simsen.com
Da befinden sich 7914 mehr Seiten.
IE trusted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\samsungsetup.com -> hxxp://www.samsungsetup.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\...\123simsen.com -> www.123simsen.com
Da befinden sich 7914 mehr Seiten.
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1935282697-2757325891-1977791356-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\S*******\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1935282697-2757325891-1977791356-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\M***** Arbeit\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk => C:\Windows\pss\NETGEAR WG111v2 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SpotifyController.lnk => C:\Windows\pss\SpotifyController.lnk.CommonStartup
MSCONFIG\startupreg: Amazon Music => "C:\Users\S*******\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: Facebook Update => "C:\Users\S*******\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Ferret Gaming Mouse => "C:\Program Files (x86)\SPEEDLINK Ferret Gaming Mouse\GMouse.exe" /hide
MSCONFIG\startupreg: Google Update => "C:\Users\S*******\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: MsgCenterExe => "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe" -osboot
MSCONFIG\startupreg: phonostar-PlayerTimer => "C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe"
MSCONFIG\startupreg: phonostarTimer => C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\S*******\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: XperiaCompanionAgent => "C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{AF97F237-8A0A-4387-A695-3DB12DEA47CA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{883FA04C-121D-45E8-A7C3-B16EF63E15E5}] => (Allow) LPort=2869
FirewallRules: [{C9B070BA-9637-4151-A4AE-6033BF3781B1}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{5F68FDDB-63D6-46B6-8F92-0457B911D038}C:\program files (x86)\icq7.2\icq.exe] => (Allow) C:\program files (x86)\icq7.2\icq.exe
FirewallRules: [UDP Query User{8897B7B0-A5CC-4A95-919F-02CE50EF85AA}C:\program files (x86)\icq7.2\icq.exe] => (Allow) C:\program files (x86)\icq7.2\icq.exe
FirewallRules: [{39A6B6F8-BF5C-4F34-9007-C9141F26ECA2}] => (Allow) C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{7DE36A43-F0FB-48DA-9CCF-2019DFB947C2}] => (Allow) C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{7461556D-21FE-4F61-985B-32F6C50269EB}] => (Allow) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{A0D628B7-3A73-40CB-AC79-C970E49A8073}] => (Allow) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [TCP Query User{973BEB74-03CE-4872-B914-6F99F5F855DB}C:\program files (x86)\phonostar-player\phonostar.exe] => (Allow) C:\program files (x86)\phonostar-player\phonostar.exe
FirewallRules: [UDP Query User{82458AB8-938C-49E4-A4D6-AA64875301FD}C:\program files (x86)\phonostar-player\phonostar.exe] => (Allow) C:\program files (x86)\phonostar-player\phonostar.exe
FirewallRules: [{E36DA5C7-1417-4E0C-ABB1-7111C184AE0C}] => (Allow) C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
FirewallRules: [{A3A066B9-AF67-4256-9060-05694F7469DD}] => (Allow) C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
FirewallRules: [{F6D7B2D3-D56D-41B4-AC72-6868E60083C2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3084297C-5F0F-41B8-A887-4CBB894342DE}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{DB20CFED-F0C9-440D-BA4C-F2B37D540B19}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FE5593FF-D44F-432A-B8AB-58B83F01AA99}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds.exe
FirewallRules: [{5E182ED9-C136-4093-A283-EF92912FC388}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds.exe
FirewallRules: [{5889A82C-358E-4E75-A49E-24DEA6E40E00}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{4E3651FC-C083-4810-B345-9925BF1B0225}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{04251CB8-12B7-43C4-A56C-318BD3055F06}] => (Allow) C:\Users\S*******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DF900671-3DAD-43DE-A2E2-3FF6B7223B76}] => (Allow) C:\Users\S*******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{4A88525E-D73D-4B15-9937-48E99D8756F3}C:\users\S*******\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\S*******\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{ED9AEA85-FDED-40FB-8D3A-8E34123F6D56}C:\users\S*******\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\S*******\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{9F78C103-B2BF-4F72-8825-C5BED7C42F02}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{A27BD148-1DD5-4314-85CA-80DB5704D8FC}] => (Allow) C:\Users\S*******\AppData\Local\Temp\DSOClient\dlcache\app.n3app
FirewallRules: [{6B67F1D3-F09B-4D8C-972D-64F2174A8347}] => (Allow) C:\Users\S*******\AppData\Local\Temp\DSOClient\dlcache\app.n3app
FirewallRules: [{56345B11-5F36-484C-BCED-DD128F51C22A}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{DA35AA7D-12C0-43E9-B987-7974A0B493DF}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{46F8CEDC-BB0A-42B8-ADDD-23793D6C1323}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{202C5CEF-49E9-43E5-B887-750A75071BEF}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{CF4E4C32-D816-4009-84AE-1A288A508911}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{0DCA381F-96D9-4E87-AF51-E1CCBFEEF92F}] => (Allow) C:\Users\S*******\AppData\Local\Temp\DSOClient\dlcache\app.n3app
FirewallRules: [{EB5444BF-BACA-4310-A5D7-5C342BA44626}] => (Allow) C:\Users\S*******\AppData\Local\Temp\DSOClient\dlcache\app.n3app
FirewallRules: [{894D6A83-E139-4A27-8A44-F1D567A0A312}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{00AFBE9E-FE87-4F4C-8902-829CD7FC683C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{6C7568A3-3C44-4120-90A7-2D5A6C2C8589}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{BB6D9ED4-488E-4CA1-AB32-B4ACB1C48879}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [TCP Query User{584B4753-9022-40FE-B8FA-DA50380267F8}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [UDP Query User{148B78B9-CC55-485B-BCC6-58EFC523CD1D}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [TCP Query User{9EE28DB8-8FEC-4CBD-9297-6DBD9550A371}C:\users\S*******\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\S*******\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3F5CC5B9-38A5-4168-8733-AF88F07671B2}C:\users\S*******\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\S*******\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{58B4F264-9F68-4F03-B498-5AD55820EB1D}D:\spielereien\dragon's prophet\install\launcher.exe] => (Allow) D:\spielereien\dragon's prophet\install\launcher.exe
FirewallRules: [UDP Query User{3E2D2C8A-19F3-4DB8-A0B8-0CE8F2C29FA6}D:\spielereien\dragon's prophet\install\launcher.exe] => (Allow) D:\spielereien\dragon's prophet\install\launcher.exe
FirewallRules: [TCP Query User{697C9737-3734-4362-AB9D-2A6A3D02C3AC}D:\spielereien\dragon's prophet\install\dp_x64.exe] => (Allow) D:\spielereien\dragon's prophet\install\dp_x64.exe
FirewallRules: [UDP Query User{03D27E69-7756-4A6A-90CF-E8C0EA939D5E}D:\spielereien\dragon's prophet\install\dp_x64.exe] => (Allow) D:\spielereien\dragon's prophet\install\dp_x64.exe
FirewallRules: [TCP Query User{376F9EC4-81C5-4EC9-B933-4E26AB29973D}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Block) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [UDP Query User{F1AAD0F2-2AA0-443D-970C-12082E4F2A54}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Block) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [{C58577CD-802D-4BA8-AAFA-9D4FCCCCC8FF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F7FAA1E8-79D2-4BB5-824C-B0100C3072F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D31E72E6-17D7-457D-8328-65FB75B9BD6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1C7BF44F-39E4-416E-A464-84C9FE5A9BA2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{541E520E-B6B6-45D0-9CA7-BBEB14A30E84}C:\users\S*******\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\S*******\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1FD790B0-0920-4F41-AAE9-AB9E4A2EF016}C:\users\S*******\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\S*******\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{314E147C-78E6-41E0-8EA0-EF145D66FB3D}C:\users\S*******\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\S*******\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{65E5E42D-BF13-482E-BFA1-D533AD31F2C5}C:\users\S*******\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\S*******\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{15DF7960-F579-4EB5-BB7F-E3AB7E036E71}C:\users\S*******\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\S*******\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{81557BD7-EDD8-43C8-981C-C14E9B982C2D}C:\users\S*******\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\S*******\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{51737CD6-FB69-45F7-B2BA-7EF2AF2ECE71}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [TCP Query User{02302035-9C62-4B6C-BD80-8EB8AB3CDACC}D:\spielereien\diablo iii\diablo iii.exe] => (Allow) D:\spielereien\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{4EE7CCC6-F752-4A04-B472-2F81461CBB9F}D:\spielereien\diablo iii\diablo iii.exe] => (Allow) D:\spielereien\diablo iii\diablo iii.exe
FirewallRules: [{73D2B55B-21B7-43C2-A591-E4EAE0D29183}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{A0D3BE31-6EDD-490C-BE7F-865309EEC074}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D19899A5-9230-464F-8CF6-0E294C53B6CC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{87E1EAE3-9EAA-48B4-98C6-F325B4BA014E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{9DB451C8-6CFD-49B8-9208-359866639CDE}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{7B98C24D-6F22-4C1F-BB07-8CDF3875FA29}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{FAECD4D4-A95B-4D0F-B730-1E186288FE91}] => (Allow) D:\Spielereien\FFXIV\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{4F7F3008-EB30-4682-A8AC-147D7D770B0F}] => (Allow) D:\Spielereien\FFXIV\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{415C1829-BE0B-44E5-9DA7-95D09653B20D}] => (Allow) D:\Spielereien\FFXIV\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{93CE85A6-1A5B-4359-B9F8-C6268F6243FA}] => (Allow) D:\Spielereien\FFXIV\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
11-09-2016 07:39:59 Windows Update
28-09-2016 09:49:57 Joe wird installiert
28-09-2016 09:59:49 Joe wird entfernt
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/04/2016 11:11:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDScan.exe, Version 2.6.44.181 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 14a8
Startzeit: 01d21e8342241ebf
Endzeit: 0
Anwendungspfad: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Berichts-ID: 27f75e57-8a77-11e6-9e77-485b39cadc8b
Error: (09/14/2016 11:39:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: witcher.EXE, Version: 1.5.0.1304, Zeitstempel: 0x4910475c
Name des fehlerhaften Moduls: witcher.EXE, Version: 1.5.0.1304, Zeitstempel: 0x4910475c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x005fffe0
ID des fehlerhaften Prozesses: 0x1624
Startzeit der fehlerhaften Anwendung: 0x01d20ecdf4d1aa99
Pfad der fehlerhaften Anwendung: C:\GOG Games\The Witcher Enhanced Edition Director's Cut\SYSTEM\witcher.EXE
Pfad des fehlerhaften Moduls: C:\GOG Games\The Witcher Enhanced Edition Director's Cut\SYSTEM\witcher.EXE
Berichtskennung: ac4c5a6c-7ac3-11e6-b837-485b39cadc8b
Error: (09/09/2016 07:38:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: witcher.EXE, Version: 1.5.0.1304, Zeitstempel: 0x4910475c
Name des fehlerhaften Moduls: witcher.EXE, Version: 1.5.0.1304, Zeitstempel: 0x4910475c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0012d614
ID des fehlerhaften Prozesses: 0x19a0
Startzeit der fehlerhaften Anwendung: 0x01d20a5863293774
Pfad der fehlerhaften Anwendung: C:\GOG Games\The Witcher Enhanced Edition Director's Cut\SYSTEM\witcher.EXE
Pfad des fehlerhaften Moduls: C:\GOG Games\The Witcher Enhanced Edition Director's Cut\SYSTEM\witcher.EXE
Berichtskennung: 9c2c6a2c-764f-11e6-b191-485b39cadc8b
Error: (08/22/2016 11:37:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: witcher.EXE, Version: 1.5.0.1304, Zeitstempel: 0x4910475c
Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195, Zeitstempel: 0x4dcddbf3
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000355cf
ID des fehlerhaften Prozesses: 0x1890
Startzeit der fehlerhaften Anwendung: 0x01d1fcba58e93c54
Pfad der fehlerhaften Anwendung: C:\GOG Games\The Witcher Enhanced Edition Director's Cut\SYSTEM\witcher.EXE
Pfad des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung: a36745da-68b0-11e6-95e5-485b39cadc8b
Error: (08/22/2016 02:48:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: witcher.EXE, Version: 1.5.0.1304, Zeitstempel: 0x4910475c
Name des fehlerhaften Moduls: witcher.EXE, Version: 1.5.0.1304, Zeitstempel: 0x4910475c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0066525c
ID des fehlerhaften Prozesses: 0xecc
Startzeit der fehlerhaften Anwendung: 0x01d1fc715b9843a5
Pfad der fehlerhaften Anwendung: C:\GOG Games\The Witcher Enhanced Edition Director's Cut\SYSTEM\witcher.EXE
Pfad des fehlerhaften Moduls: C:\GOG Games\The Witcher Enhanced Edition Director's Cut\SYSTEM\witcher.EXE
Berichtskennung: b440f965-6866-11e6-95e5-485b39cadc8b
Error: (08/05/2016 10:30:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SunkenSecrets.exe, Version: 1.0.0.1, Zeitstempel: 0x57894172
Name des fehlerhaften Moduls: MSVCR120.dll, Version: 12.0.21005.1, Zeitstempel: 0x524f7ce6
Ausnahmecode: 0x40000015
Fehleroffset: 0x000a7676
ID des fehlerhaften Prozesses: 0x1288
Startzeit der fehlerhaften Anwendung: 0x01d1ef562f6c1f30
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Sunken Secrets\SunkenSecrets.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Sunken Secrets\MSVCR120.dll
Berichtskennung: 7b5c112f-5b4b-11e6-893b-485b39cadc8b
Error: (08/04/2016 09:13:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.23418 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 6c0
Startzeit: 01d1ee68e643f962
Endzeit: 0
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 7c5aea70-5a77-11e6-ad4d-485b39cadc8b
Error: (08/01/2016 09:43:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipoint.exe, Version: 8.0.225.0, Zeitstempel: 0x4c2dba4d
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.23418, Zeitstempel: 0x5708a89c
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x000000000001a06d
ID des fehlerhaften Prozesses: 0xe70
Startzeit der fehlerhaften Anwendung: 0x01d1ec2ce10522d0
Pfad der fehlerhaften Anwendung: C:\Program Files\Microsoft IntelliPoint\ipoint.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung: 44b09801-5820-11e6-b169-485b39cadc8b
Error: (07/29/2016 07:35:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.18345, Zeitstempel: 0x573de6e7
Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.23452, Zeitstempel: 0x5734ba1c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000475b8
ID des fehlerhaften Prozesses: 0x1320
Startzeit der fehlerhaften Anwendung: 0x01d1e95af59bb3b6
Pfad der fehlerhaften Anwendung: C:\Windows\System32\GWX\GWXUX.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\RPCRT4.dll
Berichtskennung: 4806678f-554e-11e6-9f50-485b39cadc8b
Error: (07/28/2016 01:25:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.18345, Zeitstempel: 0x573de6e7
Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.23452, Zeitstempel: 0x5734ba1c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000475b8
ID des fehlerhaften Prozesses: 0x1798
Startzeit der fehlerhaften Anwendung: 0x01d1e85e2863bfae
Pfad der fehlerhaften Anwendung: C:\Windows\System32\GWX\GWXUX.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\RPCRT4.dll
Berichtskennung: 68c05782-5451-11e6-bee3-485b39cadc8b
Systemfehler:
=============
Error: (10/04/2016 08:09:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (10/01/2016 12:37:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (09/30/2016 06:44:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (09/30/2016 08:38:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (09/29/2016 12:52:04 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: Die Abstandserkennung war aufgrund des unbekannten Fehlers "0x80004004" nicht erfolgreich. Die beste erkannte Abstandszeit betrug -1 Millisekunden.
Error: (09/29/2016 10:21:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (09/28/2016 07:15:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (09/28/2016 03:18:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (09/28/2016 03:18:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Freemake Improver" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (09/28/2016 03:18:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Freemake Improver erreicht.
CodeIntegrity:
===================================
Date: 2014-07-11 10:12:24.081
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-11 10:12:24.080
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-11 10:12:23.996
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-11 10:12:23.995
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-11 10:07:52.079
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-11 10:07:47.159
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-15 17:11:20.392
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-15 17:11:20.392
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-15 17:11:20.220
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-15 17:11:20.205
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Speicherinformationen ===========================
Prozessor: AMD Phenom(tm) II X4 945 Processor
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 12287.18 MB
Verfügbarer physikalischer RAM: 8401.71 MB
Summe virtueller Speicher: 24572.54 MB
Verfügbarer virtueller Speicher: 20411.98 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:156.15 GB) (Free:32.55 GB) NTFS
Drive d: (DATA) (Fixed) (Total:196.29 GB) (Free:40.35 GB) NTFS
Drive e: (MEDIA) (Fixed) (Total:578.97 GB) (Free:261.67 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1B4B42EB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=156.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=196.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=579 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
05.10.2016, 05:30
| #4 |
| | Logdateien FRST Laptop Die FRST-Datei ist leider zu lang, daher als Anhang. Die Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-10-2016
durchgeführt von R****** (05-10-2016 05:54:36)
Gestartet von C:\Users\R******\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-01 12:11:12)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2161494752-664031264-1025246157-500 - Administrator - Disabled)
candi_000 (S-1-5-21-2161494752-664031264-1025246157-1004 - Limited - Enabled) => C:\Users\candi_000
DefaultAccount (S-1-5-21-2161494752-664031264-1025246157-503 - Limited - Disabled)
Gast (S-1-5-21-2161494752-664031264-1025246157-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2161494752-664031264-1025246157-1003 - Limited - Enabled)
R****** (S-1-5-21-2161494752-664031264-1025246157-1001 - Administrator - Enabled) => C:\Users\R******
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Amazon Music (HKU\S-1-5-21-2161494752-664031264-1025246157-1001\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
Amazon Music (HKU\SourceUser(S-1-5-21-2161494752-664031264-1025246157-1001)\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.20.59 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG3500 series Benutzerregistrierung (HKLM-x32\...\Canon MG3500 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.01 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.0 - Canon Inc.)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3714 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.3019 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.3019 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.8.0.18 - DivX, LLC)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
ELAN Touchpad 12.8.3.13_X64 (HKLM\...\Elantech) (Version: 12.8.3.13 - ELAN Microelectronic Corp.)
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreeFileSync 7.0 (HKLM-x32\...\FreeFileSync) (Version: 7.0 - www.FreeFileSync.org)
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.14 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.0.1427.2) (HKLM\...\{302600C1-6BDF-4FD1-1406-148929CC1385}) (Version: 17.1.1406.0472 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4859.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0105 - Pegatron Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-2161494752-664031264-1025246157-1001\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB)
Spotify (HKU\SourceUser(S-1-5-21-2161494752-664031264-1025246157-1001)\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-2161494752-664031264-1025246157-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\SourceUser(S-1-5-21-2161494752-664031264-1025246157-1001)\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-2161494752-664031264-1025246157-1001\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\SourceUser(S-1-5-21-2161494752-664031264-1025246157-1001)\...\WinDirStat) (Version: - )
Windows Driver Package - InvenSense (INVN_MotionApps) Sensor (06/04/2014 84.91.1.2) (HKLM\...\D6CB2687F0490418F0E24A5B57EF9ADA8EE8A961) (Version: 06/04/2014 84.91.1.2 - InvenSense)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2161494752-664031264-1025246157-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\R******\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2161494752-664031264-1025246157-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {10008B8B-7122-4850-B487-36EE83B364B3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {10EB3BDD-BF12-4AC8-916B-81AE3C5BC382} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {1BAA42A6-EB52-47E8-A255-98C57E843E12} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)
Task: {2C6C7152-E9C5-4F9E-B34A-1C4EBCC9A0DD} - System32\Tasks\Lenovo\sysrun-13687 =>
Task: {2D3BB635-231E-4313-B26A-57E24568CE14} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-09-16] (Microsoft Corporation)
Task: {2F37DA66-A300-418A-83D5-431E8D62ED3B} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2161494752-664031264-1025246157-1001 -> Keine Datei <==== ACHTUNG
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {404546BD-CD7A-4979-85AB-7F8874EFB6D6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {66027A8D-410F-4740-B856-40F27210E89D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {6C3E42A7-E427-4BA2-B050-7F7B3A1A03E0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {70E94A0F-557D-449B-9116-B42E48A13D76} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {741DAA78-BF09-48F0-B0F9-EFF97BBB1188} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {807FA169-4A50-4A30-B718-7820A67A479C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {831E75FA-1EB5-480A-BEF2-BB0B817E5EA5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation)
Task: {84D244FF-AC9A-4B84-AF0C-83B805C934E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {86B1E40F-D5CE-4BE6-A4B1-B9E2E02F13B0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation)
Task: {86D58994-CFAE-46CE-817A-84B474542729} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {A4807825-B33F-4743-9030-7C589E516697} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {B34CBD8D-9909-497F-98AC-CCCE12F4E0E4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {BCDB030B-4E09-4144-AC77-A8869B989B98} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {C913F4EF-4BE4-4A07-B7F4-FAB639122880} - System32\Tasks\Lenovo\sysrun-13397 =>
Task: {D8AA9442-470F-4AAE-8F6C-31D701008364} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {DF39F5CD-B9DD-4E1D-89DA-35F9DE9C0957} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\R******\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-10-01] (Microsoft Corporation)
Task: {ED8E73AD-3C03-4596-A7C8-5A7EDC910BA3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {FBF0677F-C65C-4922-A122-3AE795E462E5} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-03-01] (DivX, LLC)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\R******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Notizen – Notizen & Listen.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-08-05 10:20 - 2014-03-04 17:58 - 00136192 _____ () C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-04 22:21 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-13 11:26 - 2013-05-14 18:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-07-09 13:40 - 2013-03-06 15:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-01 14:19 - 2016-10-01 14:19 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-08-05 10:20 - 2014-07-11 18:15 - 02222592 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2014-08-05 10:20 - 2010-01-12 18:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2014-08-05 10:20 - 2010-01-12 18:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2016-10-01 14:19 - 2016-10-01 14:19 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-01 14:16 - 2016-10-01 14:16 - 01864384 _____ () C:\Users\R******\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2014-08-05 10:20 - 2010-12-17 15:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2014-08-05 10:20 - 2014-04-03 19:41 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2016-10-01 14:21 - 2016-10-01 14:21 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-01 14:21 - 2016-10-01 14:21 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-01 14:19 - 2016-10-01 14:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-01 14:21 - 2016-10-01 14:21 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-01 14:21 - 2016-10-01 14:21 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-10-01 14:21 - 2016-10-01 14:21 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-01 14:21 - 2016-10-01 14:21 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-08-05 10:20 - 2014-02-21 18:19 - 08857088 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2014-08-05 10:20 - 2014-07-08 15:39 - 03006464 _____ () C:\Program Files (x86)\PHotkey\KeyboardMonitorTool.exe
2016-08-30 18:35 - 2016-08-30 18:35 - 04028608 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\gfxim.dll
2016-08-30 18:35 - 2016-08-30 18:36 - 00071872 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40817.0_x64__8wekyb3d8bbwe\icui18n56.dll
2016-10-01 14:20 - 2016-10-01 14:20 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-01 14:20 - 2016-10-01 14:20 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-04-30 08:25 - 2016-04-26 04:28 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2016-04-30 08:25 - 2016-04-26 04:28 - 00343400 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2016-04-30 08:25 - 2016-04-26 04:28 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2016-04-30 08:25 - 2016-04-26 04:28 - 00378728 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2016-04-30 08:25 - 2016-04-26 04:28 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2016-04-30 08:25 - 2016-04-26 04:28 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2014-08-05 10:20 - 2009-12-18 16:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2014-08-05 10:20 - 2013-09-18 00:23 - 00108032 _____ () C:\Program Files (x86)\PHotkey\PGFNEX.dll
2014-07-09 13:39 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2161494752-664031264-1025246157-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\R******\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dsc_3971.jpg
HKU\S-1-5-21-2161494752-664031264-1025246157-1004\Control Panel\Desktop\\Wallpaper ->
HKU\SourceUser(S-1-5-21-2161494752-664031264-1025246157-1001)\Control Panel\Desktop\\Wallpaper -> C:\Users\R******\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dsc_3971.jpg
HKU\SourceUser(S-1-5-21-2161494752-664031264-1025246157-1004)\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-2161494752-664031264-1025246157-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-2161494752-664031264-1025246157-1001\...\StartupApproved\Run: => "OneDrive"
HKU\SourceUser(S-1-5-21-2161494752-664031264-1025246157-1001)\...\StartupApproved\Run: => "Amazon Music"
HKU\SourceUser(S-1-5-21-2161494752-664031264-1025246157-1001)\...\StartupApproved\Run: => "OneDrive"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{637D1F1F-3A5E-49F8-8809-92D27E4F1333}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9DCDEBAE-0F60-419F-A172-DAFBF961E18A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B8459533-BDBB-4432-A891-AA3C9065A954}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{849C01C0-9921-48FE-8C8D-42680DEAF1C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{20BD339A-4F4C-488A-B6DD-CEF080CB39F9}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{0B0BB06D-0733-428F-B99D-2805B34E0442}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{5066583C-AE84-4334-B92D-A8C2F890E162}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C4411585-F13D-48FA-BADE-9E54B70AB12E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FD113371-69B2-4EA3-8128-25A86A385F5B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{62425A6C-46C9-4B21-87D7-938912494AD6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9D71F1A9-203B-49D7-A0AB-6AE93996C662}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0C900EB5-ED5F-4980-875D-5621E88DDB9E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6CF0FEEA-63C8-4028-A995-01BD13AFD195}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6658CEBD-1694-4FD5-83DD-75C8F50E77AF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{69144617-63DD-4099-8355-2F006E1C08B7}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{EFD29DE5-4431-4A4D-845C-0EE0EBD0BFD4}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{39F95661-010A-44CB-B4C4-66048B71534A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B5980673-6B85-48F4-85D9-E274B98E3634}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CBD28AD0-2D45-4F1E-B4E6-C256DDBFEB52}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{90E0C369-B3C2-4DA3-8633-E43500209249}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{2A904383-2E58-4275-825A-512085E780AA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{19F2E114-4A8F-48FA-A67C-610C35B1B95F}C:\users\R******\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\R******\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{CF272A79-F4D8-435A-8E66-967C711F481F}C:\users\R******\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\R******\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{32D1FCA1-3D48-4377-9045-AF4B8DC8E1D3}C:\users\R******\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\R******\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{44867BD2-8999-4071-B090-52AE830844F8}C:\users\R******\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\R******\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{D0861D53-FBFD-474B-B9DC-AB97FE92944A}C:\users\R******\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\R******\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{809CE0DB-076D-48C2-BABA-BE587E3C86F6}C:\users\R******\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\R******\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DD2A6546-1FED-4288-B54F-538FA5E5EFA4}] => (Allow) C:\Users\R******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1ADC1899-E6F6-4DD1-98E6-CF0CC49B1AFF}] => (Allow) C:\Users\R******\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{37E34E69-4C03-44A8-8B23-35E837F2B9D7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2BE2F770-C157-425B-B2AD-BC87C80B0712}] => (Allow) LPort=1900
FirewallRules: [{B82C7587-D6FC-4146-8373-8620D19F6218}] => (Allow) LPort=2869
FirewallRules: [{0C7D5886-8A19-4003-A179-AA74C5143C8A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E6746EC7-AE00-4802-A4DC-A100BF941637}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
FirewallRules: [{907E79B7-29C7-4A32-8E53-84383AF3F9E6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
FirewallRules: [{F96114BC-2066-4F0B-83AA-C623B15CA8D5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{1C78D384-BEFF-4972-8F81-7966B565EEF7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{CEE33C9D-7863-485C-B87B-11B48714C458}] => (Allow) C:\Program Files\CyberLink\PowerDirector11\PDR10.EXE
FirewallRules: [{82C57A89-E0E9-436E-A004-3B41AB398FF3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3153B440-1248-49D1-92C5-B47D986ECBAA}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{ED51222F-7F95-44B2-AA67-9F229F10197E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{167C2992-D87D-4AAF-BC6B-34DBED14EA61}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D427B2FC-CDA7-42AC-8CA2-DC0A146EE7D9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{BC35933F-30D1-44D0-AC5B-FE42FA700222}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{37EE2597-E815-40CB-A997-52C1AD027654}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/05/2016 04:44:50 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/04/2016 11:08:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TABTOPNEU)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (10/04/2016 11:02:56 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (10/04/2016 11:02:56 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (10/04/2016 11:02:56 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (10/04/2016 11:02:56 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (10/04/2016 11:02:56 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (10/04/2016 11:02:56 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (10/04/2016 11:02:56 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (10/04/2016 11:02:56 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools.
Details:
(HRESULT : 0x80040210) (0x80040210)
Systemfehler:
=============
Error: (10/04/2016 11:09:04 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/04/2016 11:06:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (10/04/2016 11:06:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (10/04/2016 11:06:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (10/03/2016 11:33:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 8 0x0 0x0
Error: (10/03/2016 11:33:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 2 0xdeaddeed 0xeeec
Error: (10/03/2016 11:33:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 1 0xc 0x4
Error: (10/03/2016 10:23:16 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (10/03/2016 10:20:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (10/03/2016 10:20:16 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Prozentuale Nutzung des RAM: 47%
Installierter physikalischer RAM: 3985.47 MB
Verfügbarer physikalischer RAM: 2098.12 MB
Summe virtueller Speicher: 5393.47 MB
Verfügbarer virtueller Speicher: 3088.23 MB
==================== Laufwerke ================================
Drive c: (Boot) (Fixed) (Total:55.76 GB) (Free:11.66 GB) NTFS
Drive d: () (Removable) (Total:28.77 GB) (Free:9.46 GB) FAT32
Drive e: (Data) (Fixed) (Total:405.76 GB) (Free:259.46 GB) NTFS
Drive f: (Recover) (Fixed) (Total:60 GB) (Free:44.77 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 58.3 GB) (Disk ID: 74BF1121)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B43856D6)
Partition 1: (Not Active) - (Size=405.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 28.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
05.10.2016, 21:19
| #5 |
| | Accountsperrung wegen Betrugsversuch - Systemüberprüfung und -reinigung Kann mir keiner helfen??  |
|
06.10.2016, 09:54
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Accountsperrung wegen Betrugsversuch - Systemüberprüfung und -reinigung Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Spybot bitte deinstallieren. Schritt 1 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Accountsperrung wegen Betrugsversuch - Systemüberprüfung und -reinigung |
|
06.10.2016, 22:10
| #7 |
| | Accountsperrung wegen Betrugsversuch - Systemüberprüfung und -reinigung Lieber Jürgen, danke für deine Hilfe schon mal vorab  Nachdem Spybot nicht über Programme und Funktionen deinstallierbar war, hab ich es dann doch irgendwie geschafft... Ich habe TDSSKiller direkt über Laptop und PC laufen lassen, die Logfiles habe ich nicht gefunden und daher den Report in den Editor kopiert und diesen Inhalt poste ich dir jetzt. BTW hatte ich bei Erstellung des Threads auch Antivir noch laufen lassen, der hat in den "Freefilesync"-Dateien das Problem "OpenCandy" gefunden. Möchtest du die Reports davon auch haben? Hier TDSS vom PC: Code:
ATTFilter 22:51:10.0102 0x1900 TDSS rootkit removing tool 3.1.0.11 Aug 5 2016 12:13:31
22:51:15.0328 0x1900 ============================================================
22:51:15.0328 0x1900 Current date / time: 2016/10/06 22:51:15.0328
22:51:15.0328 0x1900 SystemInfo:
22:51:15.0328 0x1900
22:51:15.0328 0x1900 OS Version: 6.1.7601 ServicePack: 1.0
22:51:15.0328 0x1900 Product type: Workstation
22:51:15.0328 0x1900 ComputerName: SADLYFEY-PC
22:51:15.0344 0x1900 UserName: SadlyFey
22:51:15.0344 0x1900 Windows directory: C:\Windows
22:51:15.0344 0x1900 System windows directory: C:\Windows
22:51:15.0344 0x1900 Running under WOW64
22:51:15.0344 0x1900 Processor architecture: Intel x64
22:51:15.0344 0x1900 Number of processors: 4
22:51:15.0344 0x1900 Page size: 0x1000
22:51:15.0344 0x1900 Boot type: Normal boot
22:51:15.0344 0x1900 CodeIntegrityOptions = 0x00000001
22:51:15.0344 0x1900 ============================================================
22:51:17.0263 0x1900 KLMD registered as C:\Windows\system32\drivers\01668662.sys
22:51:17.0263 0x1900 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23418, osProperties = 0x1
22:51:17.0512 0x1900 System UUID: {F8FE5CC2-1B57-6748-A64D-8617707A20AB}
22:51:17.0949 0x1900 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:51:17.0949 0x1900 ============================================================
22:51:17.0949 0x1900 \Device\Harddisk0\DR0:
22:51:17.0949 0x1900 MBR partitions:
22:51:17.0949 0x1900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:51:17.0949 0x1900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1384D800
22:51:17.0949 0x1900 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x13880000, BlocksNum 0x18894000
22:51:17.0949 0x1900 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x2C114000, BlocksNum 0x485F2000
22:51:17.0949 0x1900 ============================================================
22:51:17.0965 0x1900 C: <-> \Device\Harddisk0\DR0\Partition2
22:51:17.0996 0x1900 D: <-> \Device\Harddisk0\DR0\Partition3
22:51:18.0027 0x1900 E: <-> \Device\Harddisk0\DR0\Partition4
22:51:18.0027 0x1900 ============================================================
22:51:18.0027 0x1900 Initialize success
22:51:18.0027 0x1900 ============================================================
22:51:52.0447 0x1a58 ============================================================
22:51:52.0447 0x1a58 Scan started
22:51:52.0447 0x1a58 Mode: Manual; SigCheck; TDLFS;
22:51:52.0447 0x1a58 ============================================================
22:51:52.0447 0x1a58 KSN ping started
22:51:52.0540 0x1a58 KSN ping finished: true
22:51:53.0338 0x1a58 ================ Scan system memory ========================
22:51:53.0338 0x1a58 System memory - ok
22:51:53.0338 0x1a58 ================ Scan services =============================
22:51:53.0447 0x1a58 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:51:53.0525 0x1a58 1394ohci - ok
22:51:53.0603 0x1a58 [ A3769020F7E8A70FD3E824C050F33306, BAAB18DD28C753EC90E9552BD5FFC316AD8815505A7998BCE51D21448B373D86 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
22:51:53.0634 0x1a58 acedrv11 - ok
22:51:53.0681 0x1a58 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:51:53.0697 0x1a58 ACPI - ok
22:51:53.0712 0x1a58 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:51:53.0790 0x1a58 AcpiPmi - ok
22:51:53.0837 0x1a58 [ E5568164C070A4988BD79C896920B3C6, A60F0ECEEC5D1E2298C4852803B66B92CE6EF44B9C3387BA6A94339BBE4D6D75 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
22:51:53.0853 0x1a58 acsock - ok
22:51:53.0946 0x1a58 [ DC00FD73505DAEDD99CAF4533B0C05BD, 2863D1F0587B79254FBE093C191C73892768CF2AC59BEF97745EE66CEE3473AF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:51:53.0962 0x1a58 AdobeARMservice - ok
22:51:54.0055 0x1a58 [ 8FC33A20D54FB5CC7FBBA814B4E42A22, 707F61F0CEB9467D9BD1782868403BD53DB46EAB0342772661F370E5174AAD8C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:51:54.0071 0x1a58 AdobeFlashPlayerUpdateSvc - ok
22:51:54.0118 0x1a58 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:51:54.0149 0x1a58 adp94xx - ok
22:51:54.0180 0x1a58 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:51:54.0196 0x1a58 adpahci - ok
22:51:54.0211 0x1a58 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:51:54.0243 0x1a58 adpu320 - ok
22:51:54.0258 0x1a58 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:51:54.0289 0x1a58 AeLookupSvc - ok
22:51:54.0321 0x1a58 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
22:51:54.0383 0x1a58 AFD - ok
22:51:54.0399 0x1a58 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
22:51:54.0414 0x1a58 agp440 - ok
22:51:54.0430 0x1a58 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
22:51:54.0492 0x1a58 ALG - ok
22:51:54.0508 0x1a58 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
22:51:54.0523 0x1a58 aliide - ok
22:51:54.0570 0x1a58 [ 606C8F129FE18D6E3EA2FD542D43D72D, 1BDB9B1C3C8345429FFF25189DCA16F4174F29B5C5DFD5AEB5C277CD4E6EBCA8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:51:54.0617 0x1a58 AMD External Events Utility - ok
22:51:54.0695 0x1a58 [ B12D8F8A42080B955D027EE56F5BD1C3, AA4763AF1D77F7F1FF3BFEC5B800E7E38F954C1488B19ED645B04FEC4D771A1C ] AMD FUEL Service C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
22:51:54.0726 0x1a58 AMD FUEL Service - detected UnsignedFile.Multi.Generic ( 1 )
22:51:54.0789 0x1a58 Detect skipped due to KSN trusted
22:51:54.0789 0x1a58 AMD FUEL Service - ok
22:51:54.0804 0x1a58 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
22:51:54.0820 0x1a58 amdide - ok
22:51:54.0851 0x1a58 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:51:54.0882 0x1a58 AmdK8 - ok
22:51:54.0913 0x1a58 amdkmdag - ok
22:51:54.0945 0x1a58 [ C0C27A1094F6EA978FB2CAACFDE0E594, 9B481D55ED3D55A975CB1EB32DD0DB9AD032D592585A5799F81918EFB7843AAE ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:51:54.0991 0x1a58 amdkmdap - ok
22:51:55.0007 0x1a58 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:51:55.0054 0x1a58 AmdPPM - ok
22:51:55.0085 0x1a58 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:51:55.0101 0x1a58 amdsata - ok
22:51:55.0116 0x1a58 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:51:55.0132 0x1a58 amdsbs - ok
22:51:55.0147 0x1a58 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:51:55.0163 0x1a58 amdxata - ok
22:51:55.0194 0x1a58 [ 4DE0D5D747A73797C95A97DCCE5018B5, 17EC669675C2E43515EFE2D8BCC9DDFFBE64F99EBFB9A6DAB429F65A2B504560 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
22:51:55.0225 0x1a58 androidusb - ok
22:51:55.0335 0x1a58 [ 70EE2EA42E9F20B794C4804454F1A37A, 49B615BF138E2C5AFF04EFDF7928D49117DF41DCD48922683E4D3D3FD0DF9A04 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
22:51:55.0366 0x1a58 AntiVirMailService - ok
22:51:55.0444 0x1a58 [ 9E6642340CC7C685E07981F0B43B661A, A6CC970817B616CB4BBF37089DC687567EABC2DC326CBACBF1E370AC98E5D65A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:51:55.0459 0x1a58 AntiVirSchedulerService - ok
22:51:55.0506 0x1a58 [ 9E6642340CC7C685E07981F0B43B661A, A6CC970817B616CB4BBF37089DC687567EABC2DC326CBACBF1E370AC98E5D65A ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:51:55.0522 0x1a58 AntiVirService - ok
22:51:55.0600 0x1a58 [ 96812A05A4C39CC55CF0CD286C3D6B8F, 18F38ACB3E87EFFD9B3A1126B0C4FF6CE3A6F327E01A6FC8AB2DCFFE9BF58953 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
22:51:55.0647 0x1a58 AntiVirWebService - ok
22:51:55.0693 0x1a58 [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3 C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
22:51:55.0709 0x1a58 AODDriver4.3 - ok
22:51:55.0756 0x1a58 [ 6474F8823C7188D2DA579F01FB6CED6B, 81D4E9D026CA60FB8840D520D151B8C2F4745A75DF90A4D6C80641F1A23AB605 ] AppID C:\Windows\system32\drivers\appid.sys
22:51:55.0818 0x1a58 AppID - ok
22:51:55.0834 0x1a58 [ 8F58BA1F7772D6D7CE45F03309608001, CDB109E0DD241042C058F7D81A1BDEBC34435CB2DC4A7A7A3692193DD5806097 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:51:55.0881 0x1a58 AppIDSvc - ok
22:51:55.0927 0x1a58 [ B62867835B41BCD839D9896AB4D7DF09, 98036D0202DB6171E90485898175833AC44873A85E6453EBE928E433B364CE07 ] Appinfo C:\Windows\System32\appinfo.dll
22:51:55.0959 0x1a58 Appinfo - ok
22:51:55.0990 0x1a58 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:51:56.0021 0x1a58 arc - ok
22:51:56.0037 0x1a58 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:51:56.0068 0x1a58 arcsas - ok
22:51:56.0130 0x1a58 [ A82C01606DC27D05D9D3BFB6BB807E32, CE231637422709D927FB6FA0C4F2215B9C0E3EBBD951FB2FA97B8E64DA479B96 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
22:51:56.0146 0x1a58 AsIO - ok
22:51:56.0303 0x1a58 [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:51:56.0334 0x1a58 aspnet_state - ok
22:51:56.0350 0x1a58 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:51:56.0849 0x1a58 AsyncMac - ok
22:51:56.0896 0x1a58 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
22:51:56.0911 0x1a58 atapi - ok
22:51:56.0958 0x1a58 [ F270AFC3848C54C67E3BFB892CE9B9C6, BF5F087D2677E8D75DB34335B54496A3C3AFBCE5A019C52B9EB2B1D19A0803B1 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:51:57.0005 0x1a58 AtiHDAudioService - ok
22:51:57.0020 0x1a58 [ 77C149E6D702737B2E372DEE166FAEF8, D18FEAE9D915D5F25B787B755F9C6321A9C9506D4F563DD637E3586401E36053 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
22:51:57.0052 0x1a58 AtiHdmiService - ok
22:51:57.0098 0x1a58 [ C07A040D6B5A42DD41EE386CF90974C8, 8D47815F99C79B795504C3172B5FBBDBA6AFACC004B17AA3954A06BE713FACAE ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:51:57.0114 0x1a58 AtiPcie - ok
22:51:57.0176 0x1a58 [ 64F07381335E37C142F6D176705FFCA6, 8F7F633B891FE653D3298578897711A04E7B2B08E51CEE131C50102EFD45AC0E ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
22:51:57.0192 0x1a58 atksgt - ok
22:51:57.0254 0x1a58 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:51:57.0286 0x1a58 AudioEndpointBuilder - ok
22:51:57.0317 0x1a58 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:51:57.0348 0x1a58 AudioSrv - ok
22:51:57.0410 0x1a58 [ E0304A40460FFFB14F3B067660518B9E, 68885E98ABBE72DC5EA9EEA30D1499B8E97E0963A0F19830C1F2D22689288AD4 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:51:57.0442 0x1a58 avgntflt - ok
22:51:57.0551 0x1a58 [ DBEFDCF8A5258A483B672EB9825E5F7F, B36CFC6FD723F43622EDB97157A0CA00494EF0C47D345DF7356B5C17B3D83513 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:51:57.0582 0x1a58 avipbb - ok
22:51:57.0676 0x1a58 [ A177265C1777ABE56B22D921F91DDC38, D4E9C5BFC65063EDA015723058805B03C51F5B7456B404A4548CEC8DF6A3F7B7 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
22:51:57.0691 0x1a58 Avira.ServiceHost - ok
22:51:57.0769 0x1a58 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:51:57.0785 0x1a58 avkmgr - ok
22:51:57.0832 0x1a58 [ 1DC2F715792CF33428AD7993ACBD224D, 129FBD517E016914CD61C35894C0B9B2074E680F1EB21201597E5C13CAF4529F ] avmeject C:\Windows\system32\drivers\avmeject.sys
22:51:57.0863 0x1a58 avmeject - ok
22:51:57.0910 0x1a58 [ 138A53D17B040F5A3A307D44A89D0905, AD212E430F2DE43F037BECF6A46FCD53270A5EE11427030C7D5CBC3EAAAAA029 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
22:51:57.0941 0x1a58 avnetflt - ok
22:51:57.0988 0x1a58 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:51:58.0034 0x1a58 AxInstSV - ok
22:51:58.0081 0x1a58 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:51:58.0128 0x1a58 b06bdrv - ok
22:51:58.0190 0x1a58 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:51:58.0268 0x1a58 b57nd60a - ok
22:51:58.0315 0x1a58 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
22:51:58.0362 0x1a58 BDESVC - ok
22:51:58.0362 0x1a58 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
22:51:58.0424 0x1a58 Beep - ok
22:51:58.0518 0x1a58 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
22:51:58.0565 0x1a58 BFE - ok
22:51:58.0674 0x1a58 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
22:51:58.0892 0x1a58 BITS - ok
22:51:58.0908 0x1a58 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:51:58.0939 0x1a58 blbdrive - ok
22:51:58.0970 0x1a58 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:51:59.0017 0x1a58 bowser - ok
22:51:59.0033 0x1a58 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:51:59.0142 0x1a58 BrFiltLo - ok
22:51:59.0173 0x1a58 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:51:59.0204 0x1a58 BrFiltUp - ok
22:51:59.0251 0x1a58 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
22:51:59.0298 0x1a58 Browser - ok
22:51:59.0329 0x1a58 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:51:59.0423 0x1a58 Brserid - ok
22:51:59.0438 0x1a58 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:51:59.0485 0x1a58 BrSerWdm - ok
22:51:59.0485 0x1a58 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:51:59.0532 0x1a58 BrUsbMdm - ok
22:51:59.0548 0x1a58 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:51:59.0594 0x1a58 BrUsbSer - ok
22:51:59.0610 0x1a58 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:51:59.0672 0x1a58 BTHMODEM - ok
22:51:59.0688 0x1a58 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
22:51:59.0735 0x1a58 bthserv - ok
22:51:59.0750 0x1a58 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:51:59.0813 0x1a58 cdfs - ok
22:51:59.0844 0x1a58 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:51:59.0891 0x1a58 cdrom - ok
22:51:59.0938 0x1a58 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
22:51:59.0984 0x1a58 CertPropSvc - ok
22:52:00.0016 0x1a58 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:52:00.0047 0x1a58 circlass - ok
22:52:00.0109 0x1a58 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
22:52:00.0125 0x1a58 CLFS - ok
22:52:00.0203 0x1a58 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:52:00.0218 0x1a58 clr_optimization_v2.0.50727_32 - ok
22:52:00.0250 0x1a58 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:52:00.0281 0x1a58 clr_optimization_v2.0.50727_64 - ok
22:52:00.0374 0x1a58 [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:52:00.0390 0x1a58 clr_optimization_v4.0.30319_32 - ok
22:52:00.0406 0x1a58 [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:52:00.0421 0x1a58 clr_optimization_v4.0.30319_64 - ok
22:52:00.0499 0x1a58 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:52:00.0562 0x1a58 CmBatt - ok
22:52:00.0593 0x1a58 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:52:00.0624 0x1a58 cmdide - ok
22:52:00.0718 0x1a58 [ 3323F76352B0AF14B2CDC4DFBF3E980A, F8E3C3508C37E647497B6889F26819B1DB30275F48A994D1BBFBAA9454E5FD70 ] CNG C:\Windows\system32\Drivers\cng.sys
22:52:00.0749 0x1a58 CNG - ok
22:52:00.0764 0x1a58 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:52:00.0780 0x1a58 Compbatt - ok
22:52:00.0811 0x1a58 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:52:00.0858 0x1a58 CompositeBus - ok
22:52:00.0874 0x1a58 COMSysApp - ok
22:52:00.0889 0x1a58 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:52:00.0920 0x1a58 crcdisk - ok
22:52:00.0967 0x1a58 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:52:01.0014 0x1a58 CryptSvc - ok
22:52:01.0045 0x1a58 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch C:\Windows\system32\rpcss.dll
22:52:01.0092 0x1a58 DcomLaunch - ok
22:52:01.0170 0x1a58 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
22:52:01.0201 0x1a58 defragsvc - ok
22:52:01.0248 0x1a58 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:52:01.0295 0x1a58 DfsC - ok
22:52:01.0404 0x1a58 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:52:01.0482 0x1a58 Dhcp - ok
22:52:01.0734 0x1a58 [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack C:\Windows\system32\diagtrack.dll
22:52:01.0827 0x1a58 DiagTrack - ok
22:52:02.0046 0x1a58 [ BB5B80616BD01A9C59BF1D52BA238EDA, 8168F38127EC955B25AD4EF61081D86473E4959F797F68055E6210080EFEFF9F ] DigitalWave.Update.Service C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
22:52:02.0077 0x1a58 DigitalWave.Update.Service - ok
22:52:02.0092 0x1a58 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
22:52:02.0155 0x1a58 discache - ok
22:52:02.0202 0x1a58 [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk C:\Windows\system32\drivers\disk.sys
22:52:02.0202 0x1a58 Disk - ok
22:52:02.0280 0x1a58 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:52:02.0311 0x1a58 Dnscache - ok
22:52:02.0389 0x1a58 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
22:52:02.0436 0x1a58 dot3svc - ok
22:52:02.0498 0x1a58 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
22:52:02.0545 0x1a58 DPS - ok
22:52:02.0592 0x1a58 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:52:02.0638 0x1a58 drmkaud - ok
22:52:02.0716 0x1a58 [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:52:02.0748 0x1a58 DXGKrnl - ok
22:52:02.0748 0x1a58 EagleX64 - ok
22:52:02.0779 0x1a58 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
22:52:02.0810 0x1a58 EapHost - ok
22:52:02.0919 0x1a58 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:52:03.0028 0x1a58 ebdrv - ok
22:52:03.0060 0x1a58 [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] EFS C:\Windows\System32\lsass.exe
22:52:03.0091 0x1a58 EFS - ok
22:52:03.0138 0x1a58 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:52:03.0200 0x1a58 ehRecvr - ok
22:52:03.0216 0x1a58 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
22:52:03.0262 0x1a58 ehSched - ok
22:52:03.0309 0x1a58 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:52:03.0340 0x1a58 elxstor - ok
22:52:03.0372 0x1a58 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:52:03.0403 0x1a58 ErrDev - ok
22:52:03.0450 0x1a58 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
22:52:03.0512 0x1a58 EventSystem - ok
22:52:03.0543 0x1a58 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
22:52:03.0590 0x1a58 exfat - ok
22:52:03.0606 0x1a58 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:52:03.0668 0x1a58 fastfat - ok
22:52:03.0715 0x1a58 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
22:52:03.0762 0x1a58 Fax - ok
22:52:03.0777 0x1a58 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:52:03.0808 0x1a58 fdc - ok
22:52:03.0855 0x1a58 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
22:52:03.0902 0x1a58 fdPHost - ok
22:52:03.0918 0x1a58 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
22:52:03.0964 0x1a58 FDResPub - ok
22:52:03.0980 0x1a58 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:52:03.0996 0x1a58 FileInfo - ok
22:52:04.0011 0x1a58 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:52:04.0042 0x1a58 Filetrace - ok
22:52:04.0058 0x1a58 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:52:04.0074 0x1a58 flpydisk - ok
22:52:04.0105 0x1a58 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:52:04.0120 0x1a58 FltMgr - ok
22:52:04.0183 0x1a58 [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\Windows\system32\FntCache.dll
22:52:04.0230 0x1a58 FontCache - ok
22:52:04.0261 0x1a58 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:52:04.0276 0x1a58 FontCache3.0.0.0 - ok
22:52:04.0354 0x1a58 [ D40B85303BCFF96A717392B06FB015C4, 93B4C232193B2E64178645E1D444ABC93053A8B4E07F4123D29D95891E411F41 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
22:52:04.0370 0x1a58 Freemake Improver - detected UnsignedFile.Multi.Generic ( 1 )
22:52:04.0448 0x1a58 Detect skipped due to KSN trusted
22:52:04.0448 0x1a58 Freemake Improver - ok
22:52:04.0464 0x1a58 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:52:04.0479 0x1a58 FsDepends - ok
22:52:04.0510 0x1a58 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:52:04.0526 0x1a58 Fs_Rec - ok
22:52:04.0557 0x1a58 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:52:04.0573 0x1a58 fvevol - ok
22:52:04.0635 0x1a58 [ AA76A57C7A6DE6FA6D0C55EDFC726FCF, 59FF6D7D47177F2F641B35E786A5F392F2D31EBA35C9939684B02E8EB98AF146 ] fwlanusb6 C:\Windows\system32\DRIVERS\fwlanusb6.sys
22:52:04.0713 0x1a58 fwlanusb6 - ok
22:52:04.0729 0x1a58 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:52:04.0744 0x1a58 gagp30kx - ok
22:52:04.0776 0x1a58 [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:52:04.0776 0x1a58 GEARAspiWDM - ok
22:52:04.0822 0x1a58 [ 16C2A6BCDDA8952C2035DEC861492A19, 9023CD3A2C1009786A48EF7FBCC97ED1724C836279424A4D465CCE1AFA2DBDDA ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
22:52:04.0838 0x1a58 ggflt - ok
22:52:04.0854 0x1a58 [ 6B503DF845EABF3457E49FBBDA26C10E, A1553E3822EDEA26D8E67FCC7F9EA40DFBED49EC92FD5674AAF938F2D58CF964 ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
22:52:04.0869 0x1a58 ggsemc - ok
22:52:04.0916 0x1a58 [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc C:\Windows\System32\gpsvc.dll
22:52:04.0963 0x1a58 gpsvc - ok
22:52:05.0025 0x1a58 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:52:05.0041 0x1a58 gupdate - ok
22:52:05.0088 0x1a58 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:52:05.0088 0x1a58 gupdatem - ok
22:52:05.0119 0x1a58 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:52:05.0134 0x1a58 gusvc - ok
22:52:05.0134 0x1a58 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:52:05.0181 0x1a58 hcw85cir - ok
22:52:05.0212 0x1a58 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:52:05.0244 0x1a58 HdAudAddService - ok
22:52:05.0275 0x1a58 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:52:05.0290 0x1a58 HDAudBus - ok
22:52:05.0322 0x1a58 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:52:05.0337 0x1a58 HidBatt - ok
22:52:05.0353 0x1a58 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:52:05.0384 0x1a58 HidBth - ok
22:52:05.0400 0x1a58 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:52:05.0415 0x1a58 HidIr - ok
22:52:05.0446 0x1a58 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
22:52:05.0478 0x1a58 hidserv - ok
22:52:05.0509 0x1a58 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:52:05.0540 0x1a58 HidUsb - ok
22:52:05.0556 0x1a58 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:52:05.0587 0x1a58 hkmsvc - ok
22:52:05.0618 0x1a58 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:52:05.0665 0x1a58 HomeGroupListener - ok
22:52:05.0696 0x1a58 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:52:05.0712 0x1a58 HomeGroupProvider - ok
22:52:05.0743 0x1a58 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:52:05.0758 0x1a58 HpSAMD - ok
22:52:05.0805 0x1a58 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:52:05.0852 0x1a58 HTTP - ok
22:52:05.0868 0x1a58 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:52:05.0883 0x1a58 hwpolicy - ok
22:52:05.0914 0x1a58 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:52:05.0930 0x1a58 i8042prt - ok
22:52:05.0961 0x1a58 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:52:05.0992 0x1a58 iaStorV - ok
22:52:06.0039 0x1a58 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:52:06.0070 0x1a58 idsvc - ok
22:52:06.0117 0x1a58 IEEtwCollectorService - ok
22:52:06.0133 0x1a58 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:52:06.0148 0x1a58 iirsp - ok
22:52:06.0226 0x1a58 [ C5E4602D85029C666A42890A3B2DFA45, 0D462704C507A83CB447AA0DF8A9FFAE2A16DD2D6882798E26C03F8B2C8A2C62 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
22:52:06.0226 0x1a58 IJPLMSVC - ok
22:52:06.0273 0x1a58 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
22:52:06.0320 0x1a58 IKEEXT - ok
22:52:06.0414 0x1a58 [ 490947A9AFF7CA31EF2E08F5776105EB, C817D60DBA6B276AD4EF2E0FDF5547F152294AFEF6264C28B8F4DC20B3A85515 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:52:06.0476 0x1a58 IntcAzAudAddService - ok
22:52:06.0507 0x1a58 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
22:52:06.0523 0x1a58 intelide - ok
22:52:06.0523 0x1a58 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:52:06.0554 0x1a58 intelppm - ok
22:52:06.0585 0x1a58 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:52:06.0616 0x1a58 IPBusEnum - ok
22:52:06.0648 0x1a58 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:52:06.0694 0x1a58 IpFilterDriver - ok
22:52:06.0741 0x1a58 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:52:06.0788 0x1a58 iphlpsvc - ok
22:52:06.0804 0x1a58 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:52:06.0835 0x1a58 IPMIDRV - ok
22:52:06.0850 0x1a58 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:52:06.0913 0x1a58 IPNAT - ok
22:52:06.0928 0x1a58 iPod Service - ok
22:52:06.0960 0x1a58 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:52:06.0991 0x1a58 IRENUM - ok
22:52:07.0022 0x1a58 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:52:07.0038 0x1a58 isapnp - ok
22:52:07.0069 0x1a58 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:52:07.0084 0x1a58 iScsiPrt - ok
22:52:07.0100 0x1a58 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:52:07.0116 0x1a58 kbdclass - ok
22:52:07.0116 0x1a58 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:52:07.0147 0x1a58 kbdhid - ok
22:52:07.0162 0x1a58 [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] KeyIso C:\Windows\system32\lsass.exe
22:52:07.0162 0x1a58 KeyIso - ok
22:52:07.0225 0x1a58 [ 18DCDF2DFDCCEB2EEF9E641F39D17BC7, 7C9704568E346C2C7292DD5D8027ED8249708424FE8DF5F4EED634FE80BAA2BA ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
22:52:07.0256 0x1a58 KL1 - ok
22:52:07.0272 0x1a58 [ D865DD8B0448E3F963D68C04C532858F, AD51013E65289CA8FD1313780A93610132B1570F7A85C7A2E7DD8FD1FBE8701D ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
22:52:07.0287 0x1a58 kl2 - ok
22:52:07.0350 0x1a58 [ 2CB6342329B118D9C2CD7551B1CF7002, 138BF88850B848428214DC07AD26F8281994DB6D1B62E78472CD6172C57E411C ] KLIF C:\Windows\system32\DRIVERS\klif.sys
22:52:07.0381 0x1a58 KLIF - ok
22:52:07.0396 0x1a58 [ 07071C1E3CD8F0F9114AAC8B072CA1E5, F72E49D9A77BBE28B135D5DDBD9037083D90400A6D61DA45B5D53C4ACFFAF932 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
22:52:07.0412 0x1a58 KMWDFILTER - ok
22:52:07.0443 0x1a58 [ CFBA6BCBBDC7E33813D92FFB3460FA07, 4BE0DF9AC976A991731C784CD3F32C4CED67AD58267658F046798E84BA1BF78C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:52:07.0459 0x1a58 KSecDD - ok
22:52:07.0459 0x1a58 [ CE66825289EE8326CB52C4E9E785ACB0, 41113B55F891A300C7967F585F59921917EC0718C26798946056B1DE534EE0E3 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:52:07.0474 0x1a58 KSecPkg - ok
22:52:07.0490 0x1a58 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:52:07.0521 0x1a58 ksthunk - ok
22:52:07.0552 0x1a58 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
22:52:07.0599 0x1a58 KtmRm - ok
22:52:07.0630 0x1a58 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:52:07.0662 0x1a58 LanmanServer - ok
22:52:07.0693 0x1a58 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:52:07.0740 0x1a58 LanmanWorkstation - ok
22:52:07.0771 0x1a58 [ 83BA097ACAAD0B00505634A62D90F93A, 6F1FE2F413A4A939D2D921F537EBB9330E2A65A7C38BD380CF9405792FD03052 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
22:52:07.0786 0x1a58 lirsgt - ok
22:52:07.0818 0x1a58 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:52:07.0864 0x1a58 lltdio - ok
22:52:07.0880 0x1a58 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:52:07.0927 0x1a58 lltdsvc - ok
22:52:07.0942 0x1a58 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:52:07.0974 0x1a58 lmhosts - ok
22:52:08.0005 0x1a58 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:52:08.0020 0x1a58 LSI_FC - ok
22:52:08.0036 0x1a58 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:52:08.0052 0x1a58 LSI_SAS - ok
22:52:08.0052 0x1a58 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:52:08.0083 0x1a58 LSI_SAS2 - ok
22:52:08.0083 0x1a58 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:52:08.0098 0x1a58 LSI_SCSI - ok
22:52:08.0114 0x1a58 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
22:52:08.0161 0x1a58 luafv - ok
22:52:08.0192 0x1a58 [ 4CB64D7458ABD8396BCD389A69C8FC80, 99B363E6A3C3920002F9FA98E2AAE42C24F072CA03CD5DD9DC8881EC495F3C93 ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys
22:52:08.0208 0x1a58 lvpepf64 - ok
22:52:08.0239 0x1a58 [ 0034F69D0007D3F77F6B96FA51228E85, 2A8B4ABF4AFE5E5F272678053399E3664D32F6CE2AEE34C8944C4E79973712A3 ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
22:52:08.0254 0x1a58 LVUSBS64 - ok
22:52:08.0286 0x1a58 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:52:08.0301 0x1a58 Mcx2Svc - ok
22:52:08.0301 0x1a58 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:52:08.0317 0x1a58 megasas - ok
22:52:08.0332 0x1a58 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:52:08.0364 0x1a58 MegaSR - ok
22:52:08.0395 0x1a58 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:52:08.0426 0x1a58 Microsoft Office Groove Audit Service - ok
22:52:08.0426 0x1a58 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
22:52:08.0473 0x1a58 MMCSS - ok
22:52:08.0488 0x1a58 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
22:52:08.0535 0x1a58 Modem - ok
22:52:08.0535 0x1a58 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:52:08.0566 0x1a58 monitor - ok
22:52:08.0582 0x1a58 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:52:08.0598 0x1a58 mouclass - ok
22:52:08.0598 0x1a58 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:52:08.0629 0x1a58 mouhid - ok
22:52:08.0644 0x1a58 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:52:08.0660 0x1a58 mountmgr - ok
22:52:08.0707 0x1a58 [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:52:08.0722 0x1a58 MozillaMaintenance - ok
22:52:08.0754 0x1a58 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
22:52:08.0769 0x1a58 mpio - ok
22:52:08.0785 0x1a58 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:52:08.0816 0x1a58 mpsdrv - ok
22:52:08.0925 0x1a58 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:52:08.0988 0x1a58 MpsSvc - ok
22:52:09.0019 0x1a58 [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:52:09.0050 0x1a58 MRxDAV - ok
22:52:09.0081 0x1a58 [ B7FADA5E1E55BB63F90EB9F8F016113B, 33C2C898E4AD0CBD34D9A6CF51987A4703009E23CD9D4F4294BF444C4D3D5A60 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:52:09.0112 0x1a58 mrxsmb - ok
22:52:09.0144 0x1a58 [ 34AFF1849B3EC042C40C5EEC9D78562A, E3378A9977B429812C38529C562FE27945706ADB5E9E877C4A90B0285631A501 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:52:09.0175 0x1a58 mrxsmb10 - ok
22:52:09.0190 0x1a58 [ 058CE7A55E140EB0C72FBA6FD2FA72DE, B1D89E524A621BDCC464882EF621BDC7779BFCBCC9FD923D70DE130C41D0DB4C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:52:09.0206 0x1a58 mrxsmb20 - ok
22:52:09.0237 0x1a58 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
22:52:09.0253 0x1a58 msahci - ok
22:52:09.0268 0x1a58 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:52:09.0268 0x1a58 msdsm - ok
22:52:09.0284 0x1a58 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
22:52:09.0315 0x1a58 MSDTC - ok
22:52:09.0315 0x1a58 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:52:09.0362 0x1a58 Msfs - ok
22:52:09.0378 0x1a58 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:52:09.0409 0x1a58 mshidkmdf - ok
22:52:09.0440 0x1a58 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:52:09.0440 0x1a58 msisadrv - ok
22:52:09.0471 0x1a58 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:52:09.0518 0x1a58 MSiSCSI - ok
22:52:09.0518 0x1a58 msiserver - ok
22:52:09.0549 0x1a58 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:52:09.0565 0x1a58 MSKSSRV - ok
22:52:09.0580 0x1a58 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:52:09.0612 0x1a58 MSPCLOCK - ok
22:52:09.0627 0x1a58 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:52:09.0658 0x1a58 MSPQM - ok
22:52:09.0705 0x1a58 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:52:09.0721 0x1a58 MsRPC - ok
22:52:09.0736 0x1a58 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:52:09.0752 0x1a58 mssmbios - ok
22:52:09.0768 0x1a58 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:52:09.0799 0x1a58 MSTEE - ok
22:52:09.0814 0x1a58 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:52:09.0846 0x1a58 MTConfig - ok
22:52:09.0877 0x1a58 [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:52:09.0892 0x1a58 MTsensor - ok
22:52:09.0892 0x1a58 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
22:52:09.0908 0x1a58 Mup - ok
22:52:09.0939 0x1a58 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
22:52:10.0002 0x1a58 napagent - ok
22:52:10.0033 0x1a58 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:52:10.0064 0x1a58 NativeWifiP - ok
22:52:10.0111 0x1a58 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:52:10.0158 0x1a58 NDIS - ok
22:52:10.0173 0x1a58 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:52:10.0204 0x1a58 NdisCap - ok
22:52:10.0220 0x1a58 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:52:10.0251 0x1a58 NdisTapi - ok
22:52:10.0282 0x1a58 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:52:10.0329 0x1a58 Ndisuio - ok
22:52:10.0345 0x1a58 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:52:10.0392 0x1a58 NdisWan - ok
22:52:10.0407 0x1a58 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:52:10.0454 0x1a58 NDProxy - ok
22:52:10.0470 0x1a58 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:52:10.0516 0x1a58 NetBIOS - ok
22:52:10.0548 0x1a58 [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:52:10.0563 0x1a58 NetBT - ok
22:52:10.0579 0x1a58 [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] Netlogon C:\Windows\system32\lsass.exe
22:52:10.0594 0x1a58 Netlogon - ok
22:52:10.0626 0x1a58 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
22:52:10.0672 0x1a58 Netman - ok
22:52:10.0735 0x1a58 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:52:10.0750 0x1a58 NetMsmqActivator - ok
22:52:10.0766 0x1a58 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:52:10.0782 0x1a58 NetPipeActivator - ok
22:52:10.0797 0x1a58 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
22:52:10.0844 0x1a58 netprofm - ok
22:52:10.0860 0x1a58 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:52:10.0875 0x1a58 NetTcpActivator - ok
22:52:10.0875 0x1a58 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:52:10.0891 0x1a58 NetTcpPortSharing - ok
22:52:10.0906 0x1a58 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:52:10.0922 0x1a58 nfrd960 - ok
22:52:10.0953 0x1a58 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
22:52:10.0984 0x1a58 NlaSvc - ok
22:52:11.0031 0x1a58 [ F44ADDBF29905CB19F52FC9FE6A0EFA1, 49AB6C779E41BF3208ADF637FC35B7AFC447211AE4BE88AAA54F043C30C23B55 ] nosGetPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
22:52:11.0047 0x1a58 nosGetPlusHelper - ok
22:52:11.0062 0x1a58 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:52:11.0094 0x1a58 Npfs - ok
22:52:11.0109 0x1a58 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
22:52:11.0140 0x1a58 nsi - ok
22:52:11.0156 0x1a58 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:52:11.0187 0x1a58 nsiproxy - ok
22:52:11.0250 0x1a58 [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:52:11.0312 0x1a58 Ntfs - ok
22:52:11.0312 0x1a58 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
22:52:11.0359 0x1a58 Null - ok
22:52:11.0374 0x1a58 [ 8EBCB9165EE7F1571842F4D9D624A74C, 115F46B8391866762AD41B299F0670D8735D124BD518A53EC73DCDBFCA9C28F9 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
22:52:11.0421 0x1a58 nusb3hub - ok
22:52:11.0452 0x1a58 [ 5D54DBB12BBFE07CC283FD39F2CD6D63, 3DC3F9121F8892EDABD07ACDE45DB025BA2FC4245A8D3EE343F1FDF7189B391F ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:52:11.0468 0x1a58 nusb3xhc - ok
22:52:11.0484 0x1a58 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:52:11.0515 0x1a58 nvraid - ok
22:52:11.0546 0x1a58 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:52:11.0562 0x1a58 nvstor - ok
22:52:11.0593 0x1a58 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:52:11.0608 0x1a58 nv_agp - ok
22:52:11.0686 0x1a58 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:52:11.0718 0x1a58 odserv - ok
22:52:11.0733 0x1a58 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:52:11.0749 0x1a58 ohci1394 - ok
22:52:11.0796 0x1a58 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:52:11.0811 0x1a58 ose - ok
22:52:11.0842 0x1a58 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:52:11.0889 0x1a58 p2pimsvc - ok
22:52:11.0920 0x1a58 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
22:52:11.0952 0x1a58 p2psvc - ok
22:52:11.0967 0x1a58 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:52:11.0983 0x1a58 Parport - ok
22:52:12.0014 0x1a58 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:52:12.0030 0x1a58 partmgr - ok
22:52:12.0045 0x1a58 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:52:12.0092 0x1a58 PcaSvc - ok
22:52:12.0123 0x1a58 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
22:52:12.0123 0x1a58 pci - ok
22:52:12.0154 0x1a58 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
22:52:12.0154 0x1a58 pciide - ok
22:52:12.0170 0x1a58 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:52:12.0201 0x1a58 pcmcia - ok
22:52:12.0217 0x1a58 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
22:52:12.0232 0x1a58 pcw - ok
22:52:12.0279 0x1a58 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:52:12.0310 0x1a58 PEAUTH - ok
22:52:12.0373 0x1a58 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:52:12.0388 0x1a58 PerfHost - ok
22:52:12.0435 0x1a58 [ 37EA62238E17AE88E4713D9246CA1C1C, 3D0D62472C00526702F4FF699A06A9C944DF7618EBF59A44CBBC0EE6154BE64B ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
22:52:12.0482 0x1a58 PID_PEPI - ok
22:52:12.0544 0x1a58 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
22:52:12.0622 0x1a58 pla - ok
22:52:12.0654 0x1a58 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:52:12.0685 0x1a58 PlugPlay - ok
22:52:12.0700 0x1a58 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:52:12.0732 0x1a58 PNRPAutoReg - ok
22:52:12.0732 0x1a58 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:52:12.0747 0x1a58 PNRPsvc - ok
22:52:12.0794 0x1a58 [ B8D8EC78B0F9ED8E220506181274F3D3, D920277EE66AAAB6D66BF328DD5A40DDD8382BF4F331EAB398069EDB842FF18E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
22:52:12.0794 0x1a58 Point64 - ok
22:52:12.0825 0x1a58 [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:52:12.0872 0x1a58 PolicyAgent - ok
22:52:12.0903 0x1a58 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
22:52:12.0934 0x1a58 Power - ok
22:52:12.0981 0x1a58 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:52:13.0012 0x1a58 PptpMiniport - ok
22:52:13.0028 0x1a58 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:52:13.0044 0x1a58 Processor - ok
22:52:13.0075 0x1a58 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
22:52:13.0122 0x1a58 ProfSvc - ok
22:52:13.0122 0x1a58 [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:52:13.0137 0x1a58 ProtectedStorage - ok
22:52:13.0184 0x1a58 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:52:13.0215 0x1a58 Psched - ok
22:52:13.0278 0x1a58 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:52:13.0324 0x1a58 ql2300 - ok
22:52:13.0356 0x1a58 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:52:13.0387 0x1a58 ql40xx - ok
22:52:13.0402 0x1a58 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
22:52:13.0418 0x1a58 QWAVE - ok
22:52:13.0434 0x1a58 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:52:13.0465 0x1a58 QWAVEdrv - ok
22:52:13.0481 0x1a58 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:52:13.0512 0x1a58 RasAcd - ok
22:52:13.0543 0x1a58 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:52:13.0574 0x1a58 RasAgileVpn - ok
22:52:13.0590 0x1a58 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
22:52:13.0621 0x1a58 RasAuto - ok
22:52:13.0637 0x1a58 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:52:13.0683 0x1a58 Rasl2tp - ok
22:52:13.0715 0x1a58 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
22:52:13.0761 0x1a58 RasMan - ok
22:52:13.0777 0x1a58 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:52:13.0808 0x1a58 RasPppoe - ok
22:52:13.0824 0x1a58 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:52:13.0855 0x1a58 RasSstp - ok
22:52:13.0902 0x1a58 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:52:13.0949 0x1a58 rdbss - ok
22:52:13.0949 0x1a58 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:52:13.0964 0x1a58 rdpbus - ok
22:52:13.0980 0x1a58 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:52:14.0027 0x1a58 RDPCDD - ok
22:52:14.0042 0x1a58 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:52:14.0089 0x1a58 RDPENCDD - ok
22:52:14.0105 0x1a58 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:52:14.0136 0x1a58 RDPREFMP - ok
22:52:14.0229 0x1a58 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:52:14.0245 0x1a58 RdpVideoMiniport - ok
22:52:14.0292 0x1a58 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:52:14.0339 0x1a58 RDPWD - ok
22:52:14.0370 0x1a58 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:52:14.0385 0x1a58 rdyboost - ok
22:52:14.0432 0x1a58 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:52:14.0463 0x1a58 RemoteAccess - ok
22:52:14.0479 0x1a58 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:52:14.0526 0x1a58 RemoteRegistry - ok
22:52:14.0541 0x1a58 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:52:14.0573 0x1a58 RpcEptMapper - ok
22:52:14.0588 0x1a58 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
22:52:14.0619 0x1a58 RpcLocator - ok
22:52:14.0651 0x1a58 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs C:\Windows\system32\rpcss.dll
22:52:14.0666 0x1a58 RpcSs - ok
22:52:14.0697 0x1a58 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:52:14.0729 0x1a58 rspndr - ok
22:52:14.0760 0x1a58 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A, 9F6CFBE7E64A63E0AFEF546C4B8D889657B2055CE80279EA1B63EB5650E730F8 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:52:14.0791 0x1a58 RTL8167 - ok
22:52:14.0822 0x1a58 [ A48B769DEC76629BD1A021D33C257B17, 41DF6DD6B4ED616B53C9A0BBB4F4586FE446B27A4AC710410A461354337A53F1 ] RTL8187 C:\Windows\system32\DRIVERS\wg111v2.sys
22:52:14.0869 0x1a58 RTL8187 - ok
22:52:14.0900 0x1a58 [ 301FBA4594FB5C0A469299A65106B4AA, 53683D49420B4647DBA63B1A6328511620DF615EAE6F42221A16AD3D3B77EE19 ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys
22:52:14.0931 0x1a58 s1018bus - ok
22:52:14.0963 0x1a58 [ D1D7C744F79710357E60FC04D125ED01, E7C10217323887E2605872720BB36BAB5CF3E24BDA1365F033A79EBB817A397B ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys
22:52:14.0963 0x1a58 s1018mdfl - ok
22:52:14.0978 0x1a58 [ 7DBE12CCCD837D4266B2DDD80A329C09, 557873A5D508471108F1756FEE5D88F80702D7CA3D7684B61046C1C5A80E14D9 ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys
22:52:15.0009 0x1a58 s1018mdm - ok
22:52:15.0025 0x1a58 [ 065FF5E62D2D18A6D93FD925546CD549, 18D38DA96C618B96BE715E2E3F17C15E80468879DB68E3AAB333E0CBB3822070 ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys
22:52:15.0041 0x1a58 s1018mgmt - ok
22:52:15.0056 0x1a58 [ 5101D815BDF0D667E3D5F0EA727CAAEE, 070BCE2EE15DD067E794BF80A79011B646775E55EE848614DFD45E405420AB0D ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys
22:52:15.0072 0x1a58 s1018nd5 - ok
22:52:15.0103 0x1a58 [ 13F220C65B444AC9BDA49DACFC3230BB, 996B46949AEE14D1D43D9D68759CA0EBA7C43B83363E2F2C674A9A0A249C7881 ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys
22:52:15.0119 0x1a58 s1018obex - ok
22:52:15.0134 0x1a58 [ CE7D8BCE80211D8A35F6BD7A87791860, 93A5DEB41B5AA3F706EB5F601BB3CFF45B51310BBB3D0320A91B4A2CF9560B6D ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys
22:52:15.0150 0x1a58 s1018unic - ok
22:52:15.0165 0x1a58 [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] SamSs C:\Windows\system32\lsass.exe
22:52:15.0181 0x1a58 SamSs - ok
22:52:15.0197 0x1a58 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:52:15.0212 0x1a58 sbp2port - ok
22:52:15.0243 0x1a58 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:52:15.0275 0x1a58 SCardSvr - ok
22:52:15.0306 0x1a58 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:52:15.0353 0x1a58 scfilter - ok
22:52:15.0399 0x1a58 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
22:52:15.0446 0x1a58 Schedule - ok
22:52:15.0477 0x1a58 [ 6011CDF54BB6F4C69F38FACCDAD73D7E, 4EE85F5E87A65E55EFCB5940A09993C54C5528ADA6194F3AED314F1AC2795A73 ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
22:52:15.0493 0x1a58 SCMNdisP - ok
22:52:15.0524 0x1a58 [ 42660BBED859AC22DFD12AE598A8FFAA, 64F7BF25AE82B62691CCDAFC077D64CFADD7884BE30438FF1FFD88472A9F84E2 ] SCM_Service C:\Windows\SysWOW64\WinService.exe
22:52:15.0540 0x1a58 SCM_Service - detected UnsignedFile.Multi.Generic ( 1 )
22:52:15.0618 0x1a58 Detect skipped due to KSN trusted
22:52:15.0618 0x1a58 SCM_Service - ok
22:52:15.0649 0x1a58 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:52:15.0680 0x1a58 SCPolicySvc - ok
22:52:15.0696 0x1a58 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:52:15.0727 0x1a58 SDRSVC - ok
22:52:15.0743 0x1a58 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:52:15.0774 0x1a58 secdrv - ok
22:52:15.0805 0x1a58 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon C:\Windows\system32\seclogon.dll
22:52:15.0836 0x1a58 seclogon - ok
22:52:15.0852 0x1a58 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
22:52:15.0883 0x1a58 SENS - ok
22:52:15.0883 0x1a58 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:52:15.0930 0x1a58 SensrSvc - ok
22:52:15.0945 0x1a58 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:52:15.0961 0x1a58 Serenum - ok
22:52:15.0977 0x1a58 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:52:15.0992 0x1a58 Serial - ok
22:52:16.0008 0x1a58 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:52:16.0039 0x1a58 sermouse - ok
22:52:16.0070 0x1a58 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
22:52:16.0101 0x1a58 SessionEnv - ok
22:52:16.0101 0x1a58 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:52:16.0148 0x1a58 sffdisk - ok
22:52:16.0164 0x1a58 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:52:16.0164 0x1a58 sffp_mmc - ok
22:52:16.0179 0x1a58 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:52:16.0211 0x1a58 sffp_sd - ok
22:52:16.0211 0x1a58 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:52:16.0226 0x1a58 sfloppy - ok
22:52:16.0257 0x1a58 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:52:16.0304 0x1a58 SharedAccess - ok
22:52:16.0320 0x1a58 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:52:16.0351 0x1a58 ShellHWDetection - ok
22:52:16.0367 0x1a58 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:52:16.0382 0x1a58 SiSRaid2 - ok
22:52:16.0398 0x1a58 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:52:16.0413 0x1a58 SiSRaid4 - ok
22:52:16.0476 0x1a58 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:52:16.0507 0x1a58 SkypeUpdate - ok
22:52:16.0523 0x1a58 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:52:16.0554 0x1a58 Smb - ok
22:52:16.0585 0x1a58 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:52:16.0601 0x1a58 SNMPTRAP - ok
22:52:16.0616 0x1a58 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
22:52:16.0632 0x1a58 spldr - ok
22:52:16.0679 0x1a58 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
22:52:16.0725 0x1a58 Spooler - ok
22:52:16.0835 0x1a58 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
22:52:16.0944 0x1a58 sppsvc - ok
22:52:16.0959 0x1a58 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:52:16.0991 0x1a58 sppuinotify - ok
22:52:17.0022 0x1a58 [ F2F4B895296EE3ECCE781CC2A296A5D1, 126321EDDA8141A42DBE7C90675948433063E6D5B6DEFD805AA0797C95A461EE ] srv C:\Windows\system32\DRIVERS\srv.sys
22:52:17.0069 0x1a58 srv - ok
22:52:17.0084 0x1a58 [ FD0008BEDD2723170CCA7D61837DFD52, F9F576FA7B84CAB5180B9080D62B8A00B3E5D5BC73199B11C63193742529227D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:52:17.0100 0x1a58 srv2 - ok
22:52:17.0115 0x1a58 [ 63B5845D9379262083655D5C6AB8DFC5, 1813D2FC41ADCDAC6E3A522373B9DB934CC27B89E7185E0E4FC26E30CDAF1523 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:52:17.0147 0x1a58 srvnet - ok
22:52:17.0178 0x1a58 [ 8F8324ED1DE63FFC7B1A02CD2D963C72, E58603F81DEAFF1D45CB83FB6E625E6A13868741B833B1C9E60D672179D18EE0 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
22:52:17.0225 0x1a58 ssadbus - ok
22:52:17.0256 0x1a58 [ 58221EFCB74167B73667F0024C661CE0, D9B67A8897B4DC3E4729187F17ABEB4710CF57440D718E17ED828439198D34DB ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:52:17.0271 0x1a58 ssadmdfl - ok
22:52:17.0318 0x1a58 [ 4DA7C71BFAC5AD71255B7E4CAB980163, 4CC0F9C8E96ECEF36EEB021E448A9734B63512D030516DC38B1A2EEAA1043AEC ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
22:52:17.0349 0x1a58 ssadmdm - ok
22:52:17.0349 0x1a58 [ D33D1BD3EC0E766211A234F56A12726D, 53EEAA94865554F8422D111D717B548DF553B5B8647D2A45F3718BF4AEEBEC27 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
22:52:17.0396 0x1a58 ssadserd - ok
22:52:17.0427 0x1a58 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:52:17.0459 0x1a58 SSDPSRV - ok
22:52:17.0490 0x1a58 [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
22:52:17.0505 0x1a58 SSPORT - ok
22:52:17.0505 0x1a58 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:52:17.0552 0x1a58 SstpSvc - ok
22:52:17.0568 0x1a58 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:52:17.0583 0x1a58 stexstor - ok
22:52:17.0630 0x1a58 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
22:52:17.0661 0x1a58 stisvc - ok
22:52:17.0693 0x1a58 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
22:52:17.0708 0x1a58 swenum - ok
22:52:17.0724 0x1a58 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
22:52:17.0786 0x1a58 swprv - ok
22:52:17.0849 0x1a58 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
22:52:17.0927 0x1a58 SysMain - ok
22:52:17.0958 0x1a58 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:52:17.0989 0x1a58 TabletInputService - ok
22:52:18.0005 0x1a58 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
22:52:18.0051 0x1a58 TapiSrv - ok
22:52:18.0129 0x1a58 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:52:18.0176 0x1a58 Tcpip - ok
22:52:18.0239 0x1a58 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:52:18.0285 0x1a58 TCPIP6 - ok
22:52:18.0317 0x1a58 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:52:18.0332 0x1a58 tcpipreg - ok
22:52:18.0363 0x1a58 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:52:18.0395 0x1a58 TDPIPE - ok
22:52:18.0410 0x1a58 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:52:18.0426 0x1a58 TDTCP - ok
22:52:18.0457 0x1a58 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:52:18.0488 0x1a58 tdx - ok
22:52:18.0675 0x1a58 [ 6EC042A004268B3EA2FB96D939303095, 0E889FB317AF484DA4A8529C5569350C69F4587C2B455C0F559E8061ECC2247B ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
22:52:18.0800 0x1a58 TeamViewer - ok
22:52:18.0831 0x1a58 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
22:52:18.0847 0x1a58 TermDD - ok
22:52:18.0894 0x1a58 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
22:52:18.0956 0x1a58 TermService - ok
22:52:18.0972 0x1a58 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
22:52:19.0003 0x1a58 Themes - ok
22:52:19.0034 0x1a58 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
22:52:19.0065 0x1a58 THREADORDER - ok
22:52:19.0112 0x1a58 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
22:52:19.0190 0x1a58 TrkWks - ok
22:52:19.0284 0x1a58 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:52:19.0315 0x1a58 TrustedInstaller - ok
22:52:19.0346 0x1a58 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:52:19.0362 0x1a58 tssecsrv - ok
22:52:19.0377 0x1a58 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:52:19.0409 0x1a58 TsUsbFlt - ok
22:52:19.0440 0x1a58 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:52:19.0471 0x1a58 tunnel - ok
22:52:19.0487 0x1a58 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:52:19.0502 0x1a58 uagp35 - ok
22:52:19.0533 0x1a58 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:52:19.0580 0x1a58 udfs - ok
22:52:19.0596 0x1a58 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:52:19.0627 0x1a58 UI0Detect - ok
22:52:19.0643 0x1a58 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:52:19.0658 0x1a58 uliagpkx - ok
22:52:19.0674 0x1a58 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:52:19.0705 0x1a58 umbus - ok
22:52:19.0721 0x1a58 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:52:19.0736 0x1a58 UmPass - ok
22:52:19.0767 0x1a58 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
22:52:19.0814 0x1a58 upnphost - ok
22:52:19.0830 0x1a58 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:52:19.0861 0x1a58 usbaudio - ok
22:52:19.0877 0x1a58 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:52:19.0908 0x1a58 usbccgp - ok
22:52:19.0939 0x1a58 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:52:19.0970 0x1a58 usbcir - ok
22:52:19.0986 0x1a58 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:52:20.0017 0x1a58 usbehci - ok
22:52:20.0033 0x1a58 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:52:20.0048 0x1a58 usbhub - ok
22:52:20.0064 0x1a58 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:52:20.0095 0x1a58 usbohci - ok
22:52:20.0111 0x1a58 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:52:20.0126 0x1a58 usbprint - ok
22:52:20.0173 0x1a58 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
22:52:20.0204 0x1a58 usbscan - ok
22:52:20.0235 0x1a58 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:52:20.0251 0x1a58 USBSTOR - ok
22:52:20.0267 0x1a58 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:52:20.0282 0x1a58 usbuhci - ok
22:52:20.0298 0x1a58 [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
22:52:20.0329 0x1a58 usb_rndisx - ok
22:52:20.0345 0x1a58 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
22:52:20.0376 0x1a58 UxSms - ok
22:52:20.0391 0x1a58 [ 13FE29C1C8E782829C7FAA3B14F4A666, C53F7F9039E79AC6D5BDA94981A187570D6C7828930B6064CEFC17DC172EA20E ] VaultSvc C:\Windows\system32\lsass.exe
22:52:20.0407 0x1a58 VaultSvc - ok
22:52:20.0423 0x1a58 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:52:20.0438 0x1a58 vdrvroot - ok
22:52:20.0469 0x1a58 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
22:52:20.0516 0x1a58 vds - ok
22:52:20.0532 0x1a58 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:52:20.0547 0x1a58 vga - ok
22:52:20.0563 0x1a58 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:52:20.0594 0x1a58 VgaSave - ok
22:52:20.0610 0x1a58 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:52:20.0625 0x1a58 vhdmp - ok
22:52:20.0641 0x1a58 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
22:52:20.0657 0x1a58 viaide - ok
22:52:20.0672 0x1a58 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:52:20.0688 0x1a58 volmgr - ok
22:52:20.0719 0x1a58 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:52:20.0735 0x1a58 volmgrx - ok
22:52:20.0766 0x1a58 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:52:20.0781 0x1a58 volsnap - ok
22:52:20.0859 0x1a58 [ 80E63B86C40C5E067475DC98F845A6DD, A9B5211E1038DCDDB35D2E4496DDE455B8610933918E705A8323E3F283E98A8D ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
22:52:20.0875 0x1a58 vpnagent - ok
22:52:20.0906 0x1a58 [ A8D4FED106B4BD337DF3DA20BA44E18E, 066F58895F9FF71E72852DB982C3CD2F7E92092411686CE972449B0123A04B1E ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
22:52:20.0922 0x1a58 vpnva - ok
22:52:20.0953 0x1a58 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:52:20.0969 0x1a58 vsmraid - ok
22:52:21.0031 0x1a58 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
22:52:21.0109 0x1a58 VSS - ok
22:52:21.0125 0x1a58 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:52:21.0140 0x1a58 vwifibus - ok
22:52:21.0171 0x1a58 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] VWiFiFlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:52:21.0187 0x1a58 VWiFiFlt - ok
22:52:21.0203 0x1a58 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:52:21.0234 0x1a58 vwifimp - ok
22:52:21.0265 0x1a58 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
22:52:21.0312 0x1a58 W32Time - ok
22:52:21.0312 0x1a58 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:52:21.0343 0x1a58 WacomPen - ok
22:52:21.0374 0x1a58 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:52:21.0405 0x1a58 WANARP - ok
22:52:21.0405 0x1a58 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:52:21.0437 0x1a58 Wanarpv6 - ok
22:52:21.0499 0x1a58 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
22:52:21.0546 0x1a58 wbengine - ok
22:52:21.0577 0x1a58 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:52:21.0608 0x1a58 WbioSrvc - ok
22:52:21.0639 0x1a58 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:52:21.0655 0x1a58 wcncsvc - ok
22:52:21.0671 0x1a58 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:52:21.0702 0x1a58 WcsPlugInService - ok
22:52:21.0717 0x1a58 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:52:21.0733 0x1a58 Wd - ok
22:52:21.0764 0x1a58 [ D0335A55E5C3F812548E18300C2ACB62, 7EF7C3A21E97197E1A6D2956D0F5A7C23F2D590C9709708394426031634990A5 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
22:52:21.0795 0x1a58 WDC_SAM - ok
22:52:21.0827 0x1a58 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:52:21.0858 0x1a58 Wdf01000 - ok
22:52:21.0889 0x1a58 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:52:21.0920 0x1a58 WdiServiceHost - ok
22:52:21.0920 0x1a58 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:52:21.0936 0x1a58 WdiSystemHost - ok
22:52:21.0967 0x1a58 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
22:52:21.0998 0x1a58 WebClient - ok
22:52:22.0014 0x1a58 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:52:22.0061 0x1a58 Wecsvc - ok
22:52:22.0076 0x1a58 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:52:22.0107 0x1a58 wercplsupport - ok
22:52:22.0139 0x1a58 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
22:52:22.0185 0x1a58 WerSvc - ok
22:52:22.0201 0x1a58 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:52:22.0232 0x1a58 WfpLwf - ok
22:52:22.0232 0x1a58 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:52:22.0248 0x1a58 WIMMount - ok
22:52:22.0263 0x1a58 WinDefend - ok
22:52:22.0279 0x1a58 WinHttpAutoProxySvc - ok
22:52:22.0326 0x1a58 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:52:22.0373 0x1a58 Winmgmt - ok
22:52:22.0435 0x1a58 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
22:52:22.0529 0x1a58 WinRM - ok
22:52:22.0575 0x1a58 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:52:22.0591 0x1a58 WinUsb - ok
22:52:22.0638 0x1a58 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:52:22.0685 0x1a58 Wlansvc - ok
22:52:22.0825 0x1a58 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:52:22.0887 0x1a58 wlidsvc - ok
22:52:22.0919 0x1a58 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:52:22.0934 0x1a58 WmiAcpi - ok
22:52:22.0950 0x1a58 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:52:22.0965 0x1a58 wmiApSrv - ok
22:52:22.0981 0x1a58 WMPNetworkSvc - ok
22:52:22.0997 0x1a58 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:52:23.0028 0x1a58 WPCSvc - ok
22:52:23.0059 0x1a58 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:52:23.0075 0x1a58 WPDBusEnum - ok
22:52:23.0092 0x1a58 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:52:23.0139 0x1a58 ws2ifsl - ok
22:52:23.0155 0x1a58 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
22:52:23.0170 0x1a58 wscsvc - ok
22:52:23.0170 0x1a58 WSearch - ok
22:52:23.0264 0x1a58 [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv C:\Windows\system32\wuaueng.dll
22:52:23.0357 0x1a58 wuauserv - ok
22:52:23.0389 0x1a58 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:52:23.0420 0x1a58 WudfPf - ok
22:52:23.0451 0x1a58 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:52:23.0482 0x1a58 WUDFRd - ok
22:52:23.0498 0x1a58 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:52:23.0513 0x1a58 wudfsvc - ok
22:52:23.0529 0x1a58 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
22:52:23.0560 0x1a58 WwanSvc - ok
22:52:23.0716 0x1a58 X6va003 - ok
22:52:23.0747 0x1a58 ZAPrivacyService - ok
22:52:23.0794 0x1a58 ================ Scan global ===============================
22:52:23.0872 0x1a58 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
22:52:23.0903 0x1a58 [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
22:52:23.0919 0x1a58 [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
22:52:23.0950 0x1a58 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:52:23.0981 0x1a58 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
22:52:23.0981 0x1a58 [ Global ] - ok
22:52:23.0981 0x1a58 ================ Scan MBR ==================================
22:52:23.0997 0x1a58 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:52:24.0200 0x1a58 \Device\Harddisk0\DR0 - ok
22:52:24.0200 0x1a58 ================ Scan VBR ==================================
22:52:24.0200 0x1a58 [ 2A3CF2CC5E490C38616EC07C1B82C303 ] \Device\Harddisk0\DR0\Partition1
22:52:24.0200 0x1a58 \Device\Harddisk0\DR0\Partition1 - ok
22:52:24.0200 0x1a58 [ 3185D6697CC19CFCAB6FEC06367CB8FE ] \Device\Harddisk0\DR0\Partition2
22:52:24.0200 0x1a58 \Device\Harddisk0\DR0\Partition2 - ok
22:52:24.0215 0x1a58 [ 9514C8EFD54A52972BA126715933753E ] \Device\Harddisk0\DR0\Partition3
22:52:24.0215 0x1a58 \Device\Harddisk0\DR0\Partition3 - ok
22:52:24.0215 0x1a58 [ DDF72B714C7F4ABD80917DE9B58E8222 ] \Device\Harddisk0\DR0\Partition4
22:52:24.0215 0x1a58 \Device\Harddisk0\DR0\Partition4 - ok
22:52:24.0215 0x1a58 ================ Scan generic autorun ======================
22:52:24.0512 0x1a58 [ 12A5B2D07E28D9BF17CFE60255AE7448, 15CEBC602FC6241C23162DF9ECC847B056A997CBB5DE2C95A3E448288C60DA48 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
22:52:24.0761 0x1a58 RtHDVCpl - ok
22:52:24.0871 0x1a58 [ DC2755EB981280C312E7BE5EE8CF5D62, 4E52976235B1D2E756235F988709D84E9D83D60927138376BDE1405902997997 ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
22:52:24.0933 0x1a58 IntelliPoint - ok
22:52:24.0980 0x1a58 [ 358C81ADA09E0B6906DB82EA75B836D5, B0F0FAB3D6A3541010D3CF810D6C0005E9C5556F226A71AFA2AEB22C981EC0F3 ] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
22:52:24.0980 0x1a58 NUSB3MON - detected UnsignedFile.Multi.Generic ( 1 )
22:52:25.0073 0x1a58 Detect skipped due to KSN trusted
22:52:25.0073 0x1a58 NUSB3MON - ok
22:52:25.0229 0x1a58 [ B610C42256BD674E09C9DCFCD20AE732, 66F11A95D85099273F562E349D34C1DDE502CC9237B3D02587E46BCA847EA5E4 ] C:\Program Files (x86)\ASUS\EPU\EPU.exe
22:52:25.0339 0x1a58 Six Engine - ok
22:52:25.0385 0x1a58 [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
22:52:25.0401 0x1a58 GrooveMonitor - ok
22:52:25.0463 0x1a58 [ 916A2C4EB028604783FD5EA169236C1D, C97DAA1BE5C912DDCEDBA7619631BB98F4A9B32B1E40C5374A64E25305E0A1C4 ] C:\Program Files (x86)\QuickTime\QTTask.exe
22:52:25.0479 0x1a58 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
22:52:25.0557 0x1a58 Detect skipped due to KSN trusted
22:52:25.0557 0x1a58 QuickTime Task - ok
22:52:25.0635 0x1a58 [ 66598E7BC1960E5E57A646B69671182F, A6B5008742A3E5C506C870CBA27711AF6F25B840E7B869FB33E9C080A4917C76 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
22:52:25.0651 0x1a58 avgnt - ok
22:52:25.0697 0x1a58 [ 4F925312D235CAFC6D5BBEB9D7FBC291, 8FB3EDD67A73298ED77622F03B61EBE088963CA83330AAAB4210748FD9CD6400 ] C:\Gaming Mouse\Gaming Mouse.exe
22:52:25.0744 0x1a58 Gaming Mouse - detected UnsignedFile.Multi.Generic ( 1 )
22:52:25.0885 0x1a58 Gaming Mouse ( UnsignedFile.Multi.Generic ) - warning
22:52:26.0103 0x1a58 [ 4C605573182D0E96CAA6328E54C72746, 4CFAA3FC419AA85F9432AFFBEA52CBCA303DEB331400FCF69E12D07E0D6D84EF ] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
22:52:26.0134 0x1a58 DivXMediaServer - ok
22:52:26.0228 0x1a58 [ ECDF500485D7E9E6252260993AE70E70, A56D55D53897FE4FEB11E5AA4B15EA85AC447D6E5EC84701C3EA4AA3EB683B53 ] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
22:52:26.0275 0x1a58 CanonQuickMenu - ok
22:52:26.0306 0x1a58 [ 6B53177248AC5327FFB5CB2D5C500C94, 2F03DA955BF63BDCA979B76B263FBE4EB1BA2A76476EF0D9145E66CAB781C67C ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
22:52:26.0321 0x1a58 IJNetworkScannerSelectorEX - ok
22:52:26.0368 0x1a58 [ E127B5D81CE968CD3858AF6BDCADEC7C, AF426B8259E2801679A8E3FAE42B617D0DA1D4E834DF0F7B1FD93AB5E64CBE34 ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
22:52:26.0384 0x1a58 Avira SystrayStartTrigger - ok
22:52:26.0448 0x1a58 [ C70FC2ED49368631E2FF4D0F764B1CA5, 4C9CFE592D52229C745FE13A800E0B624CC57F0F9FD27C16CAB58ADAF6338C72 ] C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
22:52:26.0479 0x1a58 AVMWlanClient - detected UnsignedFile.Multi.Generic ( 1 )
22:52:26.0557 0x1a58 Detect skipped due to KSN trusted
22:52:26.0557 0x1a58 AVMWlanClient - ok
22:52:26.0635 0x1a58 [ D5DDC3EC0BF960389E9A964D7CC8CC30, 02C06CF596B33B1883C371EA9B61B1EC41319EFF853A54864329129699534769 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
22:52:26.0682 0x1a58 StartCCC - ok
22:52:26.0729 0x1a58 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:52:26.0791 0x1a58 Sidebar - ok
22:52:26.0823 0x1a58 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:52:26.0838 0x1a58 mctadmin - ok
22:52:26.0869 0x1a58 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:52:26.0901 0x1a58 Sidebar - ok
22:52:26.0916 0x1a58 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:52:26.0932 0x1a58 mctadmin - ok
22:52:27.0025 0x1a58 [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\SadlyFey\AppData\Local\Dropbox\Update\DropboxUpdate.exe
22:52:27.0041 0x1a58 Dropbox Update - ok
22:52:27.0135 0x1a58 [ 49610A409DFAE252AE6A07E400013178, 4191C5BF1BF0E029F58F71BC9B06C1A817FA6250EC6F33C6C680EDE4A2B47F19 ] C:\Users\SadlyFey\AppData\Roaming\Spotify\SpotifyWebHelper.exe
22:52:27.0213 0x1a58 Spotify Web Helper - ok
22:52:27.0259 0x1a58 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\SadlyFey\AppData\Local\Google\Update\GoogleUpdate.exe
22:52:27.0275 0x1a58 Google Update - ok
22:52:27.0337 0x1a58 [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
22:52:27.0384 0x1a58 SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
22:52:27.0462 0x1a58 Detect skipped due to KSN trusted
22:52:27.0462 0x1a58 SpybotPostWindows10UpgradeReInstall - ok
22:52:27.0462 0x1a58 Waiting for KSN requests completion. In queue: 147
22:52:28.0463 0x1a58 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.20.55 ), 0x41000 ( enabled : updated )
22:52:28.0463 0x1a58 Win FW state via NFP2: enabled ( trusted )
22:52:28.0574 0x1a58 ============================================================
22:52:28.0574 0x1a58 Scan finished
22:52:28.0574 0x1a58 ============================================================
22:52:28.0574 0x1a50 Detected object count: 1
22:52:28.0574 0x1a50 Actual detected object count: 1
22:52:53.0765 0x1a50 Gaming Mouse ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:53.0765 0x1a50 Gaming Mouse ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.10.2016, 22:11
| #8 |
| | Accountsperrung wegen Betrugsversuch - Systemüberprüfung und -reinigung Und hier vom Laptop: Code:
ATTFilter 22:51:10.0937 0x2a5c TDSS rootkit removing tool 3.1.0.11 Aug 5 2016 12:13:31
22:51:10.0937 0x2a5c UEFI system
22:51:15.0602 0x2a5c ============================================================
22:51:15.0602 0x2a5c Current date / time: 2016/10/06 22:51:15.0602
22:51:15.0602 0x2a5c SystemInfo:
22:51:15.0602 0x2a5c
22:51:15.0602 0x2a5c OS Version: 10.0.14393 ServicePack: 0.0
22:51:15.0602 0x2a5c Product type: Workstation
22:51:15.0602 0x2a5c ComputerName: TABTOPNEU
22:51:15.0602 0x2a5c UserName: R******
22:51:15.0602 0x2a5c Windows directory: C:\WINDOWS
22:51:15.0602 0x2a5c System windows directory: C:\WINDOWS
22:51:15.0602 0x2a5c Running under WOW64
22:51:15.0602 0x2a5c Processor architecture: Intel x64
22:51:15.0602 0x2a5c Number of processors: 4
22:51:15.0602 0x2a5c Page size: 0x1000
22:51:15.0602 0x2a5c Boot type: Normal boot
22:51:15.0602 0x2a5c CodeIntegrityOptions = 0x00000001
22:51:15.0602 0x2a5c ============================================================
22:51:15.0789 0x2a5c KLMD registered as C:\WINDOWS\system32\drivers\83472626.sys
22:51:15.0789 0x2a5c KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.206, osProperties = 0x19
22:51:15.0982 0x2a5c System UUID: {6123FF85-76F0-8283-D58A-89352B25BE62}
22:51:16.0529 0x2a5c !crdlk
22:51:18.0525 0x2a5c Drive \Device\Harddisk0\DR0 - Size: 0xE90000000 ( 58.25 Gb ), SectorSize: 0x200, Cylinders: 0x1DB4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:51:18.0525 0x2a5c Drive \Device\Harddisk1\DR1 - Size: 0x7470C05800 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:51:18.0871 0x2a5c Drive \Device\Harddisk2\DR4 - Size: 0x732480000 ( 28.79 Gb ), SectorSize: 0x200, Cylinders: 0xEAD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:51:18.0887 0x2a5c ============================================================
22:51:18.0887 0x2a5c \Device\Harddisk0\DR0:
22:51:18.0887 0x2a5c Can't read MBR
22:51:18.0887 0x2a5c \Device\Harddisk1\DR1:
22:51:18.0887 0x2a5c MBR partitions:
22:51:18.0887 0x2a5c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32B85000
22:51:18.0887 0x2a5c \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32B85800, BlocksNum 0x7800800
22:51:18.0887 0x2a5c \Device\Harddisk2\DR4:
22:51:18.0887 0x2a5c MBR partitions:
22:51:18.0887 0x2a5c \Device\Harddisk2\DR4\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3990400
22:51:18.0887 0x2a5c ============================================================
22:51:18.0934 0x2a5c E: <-> \Device\Harddisk1\DR1\Partition1
22:51:18.0965 0x2a5c F: <-> \Device\Harddisk1\DR1\Partition2
22:51:18.0965 0x2a5c ============================================================
22:51:18.0981 0x2a5c Initialize success
22:51:18.0981 0x2a5c ============================================================
22:51:55.0954 0x1ff8 ============================================================
22:51:55.0954 0x1ff8 Scan started
22:51:55.0954 0x1ff8 Mode: Manual; SigCheck; TDLFS;
22:51:55.0954 0x1ff8 ============================================================
22:51:55.0954 0x1ff8 KSN ping started
22:51:56.0016 0x1ff8 KSN ping finished: true
22:51:56.0188 0x1ff8 ================ Scan system memory ========================
22:51:56.0188 0x1ff8 System memory - ok
22:51:56.0188 0x1ff8 ================ Scan services =============================
22:51:56.0235 0x1ff8 1394ohci - ok
22:51:56.0235 0x1ff8 3ware - ok
22:51:56.0250 0x1ff8 ACPI - ok
22:51:56.0250 0x1ff8 AcpiDev - ok
22:51:56.0266 0x1ff8 acpiex - ok
22:51:56.0282 0x1ff8 acpipagr - ok
22:51:56.0282 0x1ff8 AcpiPmi - ok
22:51:56.0297 0x1ff8 acpitime - ok
22:51:56.0297 0x1ff8 ADP80XX - ok
22:51:56.0313 0x1ff8 AFD - ok
22:51:56.0329 0x1ff8 ahcache - ok
22:51:56.0329 0x1ff8 AJRouter - ok
22:51:56.0344 0x1ff8 ALG - ok
22:51:56.0344 0x1ff8 AmdK8 - ok
22:51:56.0360 0x1ff8 AmdPPM - ok
22:51:56.0360 0x1ff8 amdsata - ok
22:51:56.0375 0x1ff8 amdsbs - ok
22:51:56.0375 0x1ff8 amdxata - ok
22:51:56.0391 0x1ff8 AMPPAL - ok
22:51:56.0391 0x1ff8 AMPPALP - ok
22:51:56.0407 0x1ff8 AntiVirMailService - ok
22:51:56.0407 0x1ff8 AntiVirSchedulerService - ok
22:51:56.0422 0x1ff8 AntiVirService - ok
22:51:56.0422 0x1ff8 AntiVirWebService - ok
22:51:56.0438 0x1ff8 AppID - ok
22:51:56.0438 0x1ff8 AppIDSvc - ok
22:51:56.0454 0x1ff8 Appinfo - ok
22:51:56.0469 0x1ff8 Apple Mobile Device Service - ok
22:51:56.0469 0x1ff8 applockerfltr - ok
22:51:56.0485 0x1ff8 AppReadiness - ok
22:51:56.0485 0x1ff8 AppXSvc - ok
22:51:56.0500 0x1ff8 arcsas - ok
22:51:56.0500 0x1ff8 AsyncMac - ok
22:51:56.0516 0x1ff8 atapi - ok
22:51:56.0516 0x1ff8 AudioEndpointBuilder - ok
22:51:56.0532 0x1ff8 Audiosrv - ok
22:51:56.0547 0x1ff8 avgntflt - ok
22:51:56.0547 0x1ff8 avipbb - ok
22:51:56.0563 0x1ff8 Avira.ServiceHost - ok
22:51:56.0579 0x1ff8 avkmgr - ok
22:51:56.0579 0x1ff8 avnetflt - ok
22:51:56.0594 0x1ff8 AxInstSV - ok
22:51:56.0610 0x1ff8 b06bdrv - ok
22:51:56.0610 0x1ff8 BasicDisplay - ok
22:51:56.0625 0x1ff8 BasicRender - ok
22:51:56.0641 0x1ff8 bcmfn - ok
22:51:56.0657 0x1ff8 bcmfn2 - ok
22:51:56.0657 0x1ff8 BDESVC - ok
22:51:56.0672 0x1ff8 Beep - ok
22:51:56.0672 0x1ff8 BFE - ok
22:51:56.0688 0x1ff8 BITS - ok
22:51:56.0704 0x1ff8 Bonjour Service - ok
22:51:56.0704 0x1ff8 bowser - ok
22:51:56.0719 0x1ff8 BrokerInfrastructure - ok
22:51:56.0719 0x1ff8 Browser - ok
22:51:56.0735 0x1ff8 BthAvrcpTg - ok
22:51:56.0751 0x1ff8 BthHFEnum - ok
22:51:56.0766 0x1ff8 bthhfhid - ok
22:51:56.0766 0x1ff8 BthHFSrv - ok
22:51:56.0782 0x1ff8 BTHMODEM - ok
22:51:56.0782 0x1ff8 BthPan - ok
22:51:56.0799 0x1ff8 BTHPORT - ok
22:51:56.0815 0x1ff8 bthserv - ok
22:51:56.0815 0x1ff8 BTHUSB - ok
22:51:56.0831 0x1ff8 buttonconverter - ok
22:51:56.0846 0x1ff8 CapImg - ok
22:51:56.0846 0x1ff8 cdfs - ok
22:51:56.0862 0x1ff8 CDPSvc - ok
22:51:56.0862 0x1ff8 CDPUserSvc - ok
22:51:56.0893 0x1ff8 cdrom - ok
22:51:56.0893 0x1ff8 CertPropSvc - ok
22:51:56.0909 0x1ff8 cht4iscsi - ok
22:51:56.0909 0x1ff8 cht4vbd - ok
22:51:56.0925 0x1ff8 circlass - ok
22:51:56.0940 0x1ff8 CLFS - ok
22:51:56.0940 0x1ff8 ClickToRunSvc - ok
22:51:56.0956 0x1ff8 ClipSVC - ok
22:51:56.0971 0x1ff8 clreg - ok
22:51:57.0003 0x1ff8 CLVirtualDrive - ok
22:51:57.0003 0x1ff8 clwvd - ok
22:51:57.0018 0x1ff8 CmBatt - ok
22:51:57.0018 0x1ff8 CNG - ok
22:51:57.0034 0x1ff8 cnghwassist - ok
22:51:57.0050 0x1ff8 CompositeBus - ok
22:51:57.0050 0x1ff8 COMSysApp - ok
22:51:57.0065 0x1ff8 condrv - ok
22:51:57.0081 0x1ff8 CoreMessagingRegistrar - ok
22:51:57.0096 0x1ff8 cphs - ok
22:51:57.0096 0x1ff8 CryptSvc - ok
22:51:57.0112 0x1ff8 CyberLink PowerDVD 10 MS Monitor Service - ok
22:51:57.0128 0x1ff8 CyberLink PowerDVD 10 MS Service - ok
22:51:57.0128 0x1ff8 dam - ok
22:51:57.0143 0x1ff8 DcomLaunch - ok
22:51:57.0159 0x1ff8 DcpSvc - ok
22:51:57.0159 0x1ff8 defragsvc - ok
22:51:57.0174 0x1ff8 DeviceAssociationService - ok
22:51:57.0190 0x1ff8 DeviceInstall - ok
22:51:57.0190 0x1ff8 DevQueryBroker - ok
22:51:57.0206 0x1ff8 Dfsc - ok
22:51:57.0206 0x1ff8 Dhcp - ok
22:51:57.0221 0x1ff8 diagnosticshub.standardcollector.service - ok
22:51:57.0237 0x1ff8 DiagTrack - ok
22:51:57.0237 0x1ff8 DigitalWave.Update.Service - ok
22:51:57.0253 0x1ff8 disk - ok
22:51:57.0268 0x1ff8 DmEnrollmentSvc - ok
22:51:57.0268 0x1ff8 dmvsc - ok
22:51:57.0284 0x1ff8 dmwappushservice - ok
22:51:57.0284 0x1ff8 Dnscache - ok
22:51:57.0300 0x1ff8 dot3svc - ok
22:51:57.0315 0x1ff8 DPS - ok
22:51:57.0331 0x1ff8 drmkaud - ok
22:51:57.0331 0x1ff8 DsmSvc - ok
22:51:57.0346 0x1ff8 DsSvc - ok
22:51:57.0346 0x1ff8 DXGKrnl - ok
22:51:57.0362 0x1ff8 EapHost - ok
22:51:57.0378 0x1ff8 ebdrv - ok
22:51:57.0378 0x1ff8 EFS - ok
22:51:57.0393 0x1ff8 EhStorClass - ok
22:51:57.0393 0x1ff8 EhStorTcgDrv - ok
22:51:57.0409 0x1ff8 embeddedmode - ok
22:51:57.0424 0x1ff8 EntAppSvc - ok
22:51:57.0424 0x1ff8 ErrDev - ok
22:51:57.0440 0x1ff8 ETDHIDUSB - ok
22:51:57.0456 0x1ff8 ETDService - ok
22:51:57.0471 0x1ff8 EventSystem - ok
22:51:57.0471 0x1ff8 exfat - ok
22:51:57.0487 0x1ff8 fastfat - ok
22:51:57.0503 0x1ff8 Fax - ok
22:51:57.0503 0x1ff8 fdc - ok
22:51:57.0518 0x1ff8 fdPHost - ok
22:51:57.0518 0x1ff8 FDResPub - ok
22:51:57.0534 0x1ff8 fhsvc - ok
22:51:57.0550 0x1ff8 FileCrypt - ok
22:51:57.0550 0x1ff8 FileInfo - ok
22:51:57.0565 0x1ff8 Filetrace - ok
22:51:57.0565 0x1ff8 flpydisk - ok
22:51:57.0581 0x1ff8 FltMgr - ok
22:51:57.0596 0x1ff8 FontCache - ok
22:51:57.0596 0x1ff8 FontCache3.0.0.0 - ok
22:51:57.0612 0x1ff8 FrameServer - ok
22:51:57.0628 0x1ff8 FsDepends - ok
22:51:57.0628 0x1ff8 Fs_Rec - ok
22:51:57.0643 0x1ff8 fvevol - ok
22:51:57.0643 0x1ff8 gencounter - ok
22:51:57.0659 0x1ff8 genericusbfn - ok
22:51:57.0674 0x1ff8 GPIO - ok
22:51:57.0674 0x1ff8 GPIOClx0101 - ok
22:51:57.0690 0x1ff8 gpsvc - ok
22:51:57.0706 0x1ff8 GpuEnergyDrv - ok
22:51:57.0706 0x1ff8 gupdate - ok
22:51:57.0721 0x1ff8 gupdatem - ok
22:51:57.0721 0x1ff8 HDAudBus - ok
22:51:57.0737 0x1ff8 HidBatt - ok
22:51:57.0753 0x1ff8 HidBth - ok
22:51:57.0753 0x1ff8 hidi2c - ok
22:51:57.0768 0x1ff8 hidinterrupt - ok
22:51:57.0768 0x1ff8 HidIr - ok
22:51:57.0784 0x1ff8 hidserv - ok
22:51:57.0803 0x1ff8 HidUsb - ok
22:51:57.0803 0x1ff8 HomeGroupListener - ok
22:51:57.0819 0x1ff8 HomeGroupProvider - ok
22:51:57.0819 0x1ff8 HpSAMD - ok
22:51:57.0835 0x1ff8 HtcVCom32 - ok
22:51:57.0850 0x1ff8 HTTP - ok
22:51:57.0850 0x1ff8 HvHost - ok
22:51:57.0866 0x1ff8 hvservice - ok
22:51:57.0866 0x1ff8 hwpolicy - ok
22:51:57.0881 0x1ff8 hyperkbd - ok
22:51:57.0897 0x1ff8 i8042prt - ok
22:51:57.0897 0x1ff8 iagpio - ok
22:51:57.0913 0x1ff8 iai2c - ok
22:51:57.0928 0x1ff8 iaioi2c - ok
22:51:57.0928 0x1ff8 iaLPSS2i_GPIO2 - ok
22:51:57.0944 0x1ff8 iaLPSS2i_I2C - ok
22:51:57.0944 0x1ff8 iaLPSSi_GPIO - ok
22:51:57.0960 0x1ff8 iaLPSSi_I2C - ok
22:51:57.0975 0x1ff8 iaStorAV - ok
22:51:57.0975 0x1ff8 iaStorV - ok
22:51:57.0991 0x1ff8 ibbus - ok
22:51:58.0007 0x1ff8 ibtsiva - ok
22:51:58.0007 0x1ff8 ibtusb - ok
22:51:58.0022 0x1ff8 ICCS - ok
22:51:58.0022 0x1ff8 icssvc - ok
22:51:58.0038 0x1ff8 igfx - ok
22:51:58.0053 0x1ff8 igfxCUIService1.0.0.0 - ok
22:51:58.0053 0x1ff8 IJPLMSVC - ok
22:51:58.0069 0x1ff8 IKEEXT - ok
22:51:58.0069 0x1ff8 IndirectKmd - ok
22:51:58.0085 0x1ff8 intaud_WaveExtensible - ok
22:51:58.0100 0x1ff8 IntcAzAudAddService - ok
22:51:58.0116 0x1ff8 IntcDAud - ok
22:51:58.0116 0x1ff8 Intel(R) Capability Licensing Service Interface - ok
22:51:58.0132 0x1ff8 Intel(R) Capability Licensing Service TCP IP Interface - ok
22:51:58.0132 0x1ff8 intelide - ok
22:51:58.0147 0x1ff8 intelpep - ok
22:51:58.0163 0x1ff8 intelppm - ok
22:51:58.0163 0x1ff8 INVN_MotionApps - ok
22:51:58.0178 0x1ff8 iorate - ok
22:51:58.0194 0x1ff8 IpFilterDriver - ok
22:51:58.0194 0x1ff8 iphlpsvc - ok
22:51:58.0210 0x1ff8 IPMIDRV - ok
22:51:58.0210 0x1ff8 IPNAT - ok
22:51:58.0225 0x1ff8 irda - ok
22:51:58.0241 0x1ff8 IRENUM - ok
22:51:58.0241 0x1ff8 irmon - ok
22:51:58.0256 0x1ff8 isapnp - ok
22:51:58.0256 0x1ff8 iScsiPrt - ok
22:51:58.0272 0x1ff8 iwdbus - ok
22:51:58.0288 0x1ff8 jhi_service - ok
22:51:58.0288 0x1ff8 kbdclass - ok
22:51:58.0303 0x1ff8 kbdhid - ok
22:51:58.0319 0x1ff8 kdnic - ok
22:51:58.0319 0x1ff8 KeyIso - ok
22:51:58.0335 0x1ff8 KSecDD - ok
22:51:58.0335 0x1ff8 KSecPkg - ok
22:51:58.0350 0x1ff8 ksthunk - ok
22:51:58.0366 0x1ff8 KtmRm - ok
22:51:58.0366 0x1ff8 LanmanServer - ok
22:51:58.0382 0x1ff8 LanmanWorkstation - ok
22:51:58.0397 0x1ff8 lfsvc - ok
22:51:58.0397 0x1ff8 LicenseManager - ok
22:51:58.0413 0x1ff8 lltdio - ok
22:51:58.0429 0x1ff8 lltdsvc - ok
22:51:58.0429 0x1ff8 lmhosts - ok
22:51:58.0444 0x1ff8 LSI_SAS - ok
22:51:58.0460 0x1ff8 LSI_SAS2i - ok
22:51:58.0460 0x1ff8 LSI_SAS3i - ok
22:51:58.0475 0x1ff8 LSI_SSS - ok
22:51:58.0491 0x1ff8 LSM - ok
22:51:58.0491 0x1ff8 luafv - ok
22:51:58.0507 0x1ff8 MapsBroker - ok
22:51:58.0507 0x1ff8 megasas - ok
22:51:58.0522 0x1ff8 megasr - ok
22:51:58.0538 0x1ff8 MessagingService - ok
22:51:58.0553 0x1ff8 mlx4_bus - ok
22:51:58.0569 0x1ff8 MMCSS - ok
22:51:58.0569 0x1ff8 Modem - ok
22:51:58.0585 0x1ff8 monitor - ok
22:51:58.0585 0x1ff8 mouclass - ok
22:51:58.0600 0x1ff8 mouhid - ok
22:51:58.0616 0x1ff8 mountmgr - ok
22:51:58.0616 0x1ff8 mpsdrv - ok
22:51:58.0632 0x1ff8 MpsSvc - ok
22:51:58.0632 0x1ff8 MRxDAV - ok
22:51:58.0647 0x1ff8 mrxsmb - ok
22:51:58.0663 0x1ff8 mrxsmb10 - ok
22:51:58.0663 0x1ff8 mrxsmb20 - ok
22:51:58.0678 0x1ff8 MsBridge - ok
22:51:58.0694 0x1ff8 MSDTC - ok
22:51:58.0710 0x1ff8 Msfs - ok
22:51:58.0710 0x1ff8 msgpiowin32 - ok
22:51:58.0725 0x1ff8 mshidkmdf - ok
22:51:58.0741 0x1ff8 mshidumdf - ok
22:51:58.0741 0x1ff8 msisadrv - ok
22:51:58.0757 0x1ff8 MSiSCSI - ok
22:51:58.0757 0x1ff8 msiserver - ok
22:51:58.0772 0x1ff8 MSKSSRV - ok
22:51:58.0788 0x1ff8 MsLldp - ok
22:51:58.0788 0x1ff8 MSPCLOCK - ok
22:51:58.0807 0x1ff8 MSPQM - ok
22:51:58.0807 0x1ff8 MsRPC - ok
22:51:58.0823 0x1ff8 mssmbios - ok
22:51:58.0838 0x1ff8 MSTEE - ok
22:51:58.0838 0x1ff8 MTConfig - ok
22:51:58.0854 0x1ff8 Mup - ok
22:51:58.0870 0x1ff8 mvumis - ok
22:51:58.0870 0x1ff8 NativeWifiP - ok
22:51:58.0885 0x1ff8 NcaSvc - ok
22:51:58.0901 0x1ff8 NcbService - ok
22:51:58.0901 0x1ff8 NcdAutoSetup - ok
22:51:58.0916 0x1ff8 ndfltr - ok
22:51:58.0932 0x1ff8 NDIS - ok
22:51:58.0932 0x1ff8 NdisCap - ok
22:51:58.0948 0x1ff8 NdisImPlatform - ok
22:51:58.0948 0x1ff8 NdisTapi - ok
22:51:58.0963 0x1ff8 Ndisuio - ok
22:51:58.0979 0x1ff8 NdisVirtualBus - ok
22:51:58.0979 0x1ff8 NdisWan - ok
22:51:58.0994 0x1ff8 ndiswanlegacy - ok
22:51:59.0010 0x1ff8 ndproxy - ok
22:51:59.0010 0x1ff8 Ndu - ok
22:51:59.0026 0x1ff8 NetAdapterCx - ok
22:51:59.0041 0x1ff8 NetBIOS - ok
22:51:59.0041 0x1ff8 NetBT - ok
22:51:59.0057 0x1ff8 Netlogon - ok
22:51:59.0073 0x1ff8 Netman - ok
22:51:59.0073 0x1ff8 netprofm - ok
22:51:59.0088 0x1ff8 NetSetupSvc - ok
22:51:59.0088 0x1ff8 NetTcpPortSharing - ok
22:51:59.0104 0x1ff8 NETwNb64 - ok
22:51:59.0120 0x1ff8 NgcCtnrSvc - ok
22:51:59.0135 0x1ff8 NgcSvc - ok
22:51:59.0135 0x1ff8 NlaSvc - ok
22:51:59.0151 0x1ff8 Npfs - ok
22:51:59.0166 0x1ff8 npsvctrig - ok
22:51:59.0166 0x1ff8 nsi - ok
22:51:59.0182 0x1ff8 nsiproxy - ok
22:51:59.0198 0x1ff8 NTFS - ok
22:51:59.0198 0x1ff8 Null - ok
22:51:59.0213 0x1ff8 nvraid - ok
22:51:59.0213 0x1ff8 nvstor - ok
22:51:59.0229 0x1ff8 OneSyncSvc - ok
22:51:59.0245 0x1ff8 ose - ok
22:51:59.0260 0x1ff8 p2pimsvc - ok
22:51:59.0260 0x1ff8 p2psvc - ok
22:51:59.0276 0x1ff8 Parport - ok
22:51:59.0291 0x1ff8 partmgr - ok
22:51:59.0291 0x1ff8 PcaSvc - ok
22:51:59.0307 0x1ff8 pci - ok
22:51:59.0307 0x1ff8 pciide - ok
22:51:59.0323 0x1ff8 pcmcia - ok
22:51:59.0338 0x1ff8 pcw - ok
22:51:59.0338 0x1ff8 pdc - ok
22:51:59.0354 0x1ff8 PEAUTH - ok
22:51:59.0354 0x1ff8 PEGAGFN - ok
22:51:59.0370 0x1ff8 percsas2i - ok
22:51:59.0385 0x1ff8 percsas3i - ok
22:51:59.0401 0x1ff8 PerfHost - ok
22:51:59.0416 0x1ff8 PGFNEXSrv - ok
22:51:59.0432 0x1ff8 PhoneSvc - ok
22:51:59.0432 0x1ff8 PimIndexMaintenanceSvc - ok
22:51:59.0448 0x1ff8 pla - ok
22:51:59.0463 0x1ff8 PlugPlay - ok
22:51:59.0479 0x1ff8 PNRPAutoReg - ok
22:51:59.0479 0x1ff8 PNRPsvc - ok
22:51:59.0495 0x1ff8 PolicyAgent - ok
22:51:59.0510 0x1ff8 Power - ok
22:51:59.0526 0x1ff8 PptpMiniport - ok
22:51:59.0526 0x1ff8 PrintNotify - ok
22:51:59.0542 0x1ff8 Processor - ok
22:51:59.0542 0x1ff8 ProfSvc - ok
22:51:59.0557 0x1ff8 Psched - ok
22:51:59.0573 0x1ff8 QWAVE - ok
22:51:59.0573 0x1ff8 QWAVEdrv - ok
22:51:59.0588 0x1ff8 RasAcd - ok
22:51:59.0588 0x1ff8 RasAgileVpn - ok
22:51:59.0604 0x1ff8 RasAuto - ok
22:51:59.0620 0x1ff8 Rasl2tp - ok
22:51:59.0620 0x1ff8 RasMan - ok
22:51:59.0635 0x1ff8 RasPppoe - ok
22:51:59.0651 0x1ff8 RasSstp - ok
22:51:59.0651 0x1ff8 rdbss - ok
22:51:59.0666 0x1ff8 rdpbus - ok
22:51:59.0682 0x1ff8 RDPDR - ok
22:51:59.0698 0x1ff8 RdpVideoMiniport - ok
22:51:59.0698 0x1ff8 rdyboost - ok
22:51:59.0713 0x1ff8 ReFSv1 - ok
22:51:59.0729 0x1ff8 RemoteAccess - ok
22:51:59.0729 0x1ff8 RemoteRegistry - ok
22:51:59.0745 0x1ff8 RetailDemo - ok
22:51:59.0760 0x1ff8 RichVideo64 - ok
22:51:59.0776 0x1ff8 RmSvc - ok
22:51:59.0776 0x1ff8 RpcEptMapper - ok
22:51:59.0796 0x1ff8 RpcLocator - ok
22:51:59.0796 0x1ff8 RpcSs - ok
22:51:59.0812 0x1ff8 rspndr - ok
22:51:59.0812 0x1ff8 RTSUER - ok
22:51:59.0827 0x1ff8 s3cap - ok
22:51:59.0843 0x1ff8 SamSs - ok
22:51:59.0843 0x1ff8 sbp2port - ok
22:51:59.0858 0x1ff8 SCardSvr - ok
22:51:59.0874 0x1ff8 ScDeviceEnum - ok
22:51:59.0874 0x1ff8 scfilter - ok
22:51:59.0890 0x1ff8 Schedule - ok
22:51:59.0890 0x1ff8 scmbus - ok
22:51:59.0905 0x1ff8 scmdisk0101 - ok
22:51:59.0921 0x1ff8 SCPolicySvc - ok
22:51:59.0921 0x1ff8 sdbus - ok
22:51:59.0937 0x1ff8 SDRSVC - ok
22:51:59.0937 0x1ff8 sdstor - ok
22:51:59.0952 0x1ff8 seclogon - ok
22:51:59.0968 0x1ff8 SENS - ok
22:51:59.0968 0x1ff8 SensorDataService - ok
22:51:59.0983 0x1ff8 SensorService - ok
22:51:59.0983 0x1ff8 SensrSvc - ok
22:51:59.0999 0x1ff8 SerCx - ok
22:52:00.0015 0x1ff8 SerCx2 - ok
22:52:00.0015 0x1ff8 Serenum - ok
22:52:00.0031 0x1ff8 Serial - ok
22:52:00.0046 0x1ff8 sermouse - ok
22:52:00.0062 0x1ff8 SessionEnv - ok
22:52:00.0077 0x1ff8 sfloppy - ok
22:52:00.0093 0x1ff8 SharedAccess - ok
22:52:00.0093 0x1ff8 ShellHWDetection - ok
22:52:00.0109 0x1ff8 shpamsvc - ok
22:52:00.0124 0x1ff8 SiSRaid2 - ok
22:52:00.0124 0x1ff8 SiSRaid4 - ok
22:52:00.0140 0x1ff8 smphost - ok
22:52:00.0140 0x1ff8 SmsRouter - ok
22:52:00.0171 0x1ff8 SNMPTRAP - ok
22:52:00.0171 0x1ff8 spaceport - ok
22:52:00.0187 0x1ff8 SpbCx - ok
22:52:00.0187 0x1ff8 Spooler - ok
22:52:00.0202 0x1ff8 sppsvc - ok
22:52:00.0218 0x1ff8 srv - ok
22:52:00.0218 0x1ff8 srv2 - ok
22:52:00.0233 0x1ff8 srvnet - ok
22:52:00.0249 0x1ff8 SSDPSRV - ok
22:52:00.0249 0x1ff8 SstpSvc - ok
22:52:00.0265 0x1ff8 StateRepository - ok
22:52:00.0265 0x1ff8 stexstor - ok
22:52:00.0280 0x1ff8 stisvc - ok
22:52:00.0296 0x1ff8 storahci - ok
22:52:00.0296 0x1ff8 storflt - ok
22:52:00.0312 0x1ff8 stornvme - ok
22:52:00.0327 0x1ff8 storqosflt - ok
22:52:00.0327 0x1ff8 StorSvc - ok
22:52:00.0343 0x1ff8 storufs - ok
22:52:00.0358 0x1ff8 storvsc - ok
22:52:00.0358 0x1ff8 svsvc - ok
22:52:00.0374 0x1ff8 swenum - ok
22:52:00.0390 0x1ff8 swprv - ok
22:52:00.0390 0x1ff8 Synth3dVsc - ok
22:52:00.0405 0x1ff8 SysMain - ok
22:52:00.0421 0x1ff8 SystemEventsBroker - ok
22:52:00.0421 0x1ff8 TabletInputService - ok
22:52:00.0437 0x1ff8 TapiSrv - ok
22:52:00.0437 0x1ff8 Tcpip - ok
22:52:00.0452 0x1ff8 Tcpip6 - ok
22:52:00.0468 0x1ff8 tcpipreg - ok
22:52:00.0483 0x1ff8 tdx - ok
22:52:00.0483 0x1ff8 TeamViewer - ok
22:52:00.0499 0x1ff8 terminpt - ok
22:52:00.0515 0x1ff8 TermService - ok
22:52:00.0515 0x1ff8 Themes - ok
22:52:00.0530 0x1ff8 TieringEngineService - ok
22:52:00.0530 0x1ff8 tiledatamodelsvc - ok
22:52:00.0546 0x1ff8 TimeBrokerSvc - ok
22:52:00.0562 0x1ff8 TPM - ok
22:52:00.0562 0x1ff8 TrkWks - ok
22:52:00.0577 0x1ff8 TrustedInstaller - ok
22:52:00.0593 0x1ff8 tsusbflt - ok
22:52:00.0608 0x1ff8 TsUsbGD - ok
22:52:00.0608 0x1ff8 tunnel - ok
22:52:00.0624 0x1ff8 TXEIx64 - ok
22:52:00.0624 0x1ff8 tzautoupdate - ok
22:52:00.0640 0x1ff8 UASPStor - ok
22:52:00.0655 0x1ff8 UcmCx0101 - ok
22:52:00.0655 0x1ff8 UcmTcpciCx0101 - ok
22:52:00.0671 0x1ff8 UcmUcsi - ok
22:52:00.0671 0x1ff8 Ucx01000 - ok
22:52:00.0687 0x1ff8 UdeCx - ok
22:52:00.0702 0x1ff8 udfs - ok
22:52:00.0702 0x1ff8 UEFI - ok
22:52:00.0718 0x1ff8 Ufx01000 - ok
22:52:00.0733 0x1ff8 UfxChipidea - ok
22:52:00.0733 0x1ff8 ufxsynopsys - ok
22:52:00.0749 0x1ff8 UI0Detect - ok
22:52:00.0765 0x1ff8 umbus - ok
22:52:00.0781 0x1ff8 UmPass - ok
22:52:00.0781 0x1ff8 UmRdpService - ok
22:52:00.0799 0x1ff8 UnistoreSvc - ok
22:52:00.0815 0x1ff8 upnphost - ok
22:52:00.0830 0x1ff8 UrsChipidea - ok
22:52:00.0830 0x1ff8 UrsCx01000 - ok
22:52:00.0846 0x1ff8 UrsSynopsys - ok
22:52:00.0846 0x1ff8 usbccgp - ok
22:52:00.0861 0x1ff8 usbcir - ok
22:52:00.0877 0x1ff8 usbehci - ok
22:52:00.0877 0x1ff8 usbhub - ok
22:52:00.0893 0x1ff8 USBHUB3 - ok
22:52:00.0893 0x1ff8 usbohci - ok
22:52:00.0908 0x1ff8 usbprint - ok
22:52:00.0924 0x1ff8 usbser - ok
22:52:00.0924 0x1ff8 USBSTOR - ok
22:52:00.0940 0x1ff8 usbuhci - ok
22:52:00.0955 0x1ff8 usbvideo - ok
22:52:00.0955 0x1ff8 USBXHCI - ok
22:52:00.0971 0x1ff8 UserDataSvc - ok
22:52:00.0986 0x1ff8 UserManager - ok
22:52:00.0986 0x1ff8 UsoSvc - ok
22:52:01.0002 0x1ff8 VaultSvc - ok
22:52:01.0018 0x1ff8 vdrvroot - ok
22:52:01.0018 0x1ff8 vds - ok
22:52:01.0033 0x1ff8 VerifierExt - ok
22:52:01.0033 0x1ff8 vhdmp - ok
22:52:01.0049 0x1ff8 vhf - ok
22:52:01.0065 0x1ff8 VirtualButtons - ok
22:52:01.0065 0x1ff8 vmbus - ok
22:52:01.0080 0x1ff8 VMBusHID - ok
22:52:01.0096 0x1ff8 vmgid - ok
22:52:01.0096 0x1ff8 vmicguestinterface - ok
22:52:01.0111 0x1ff8 vmicheartbeat - ok
22:52:01.0111 0x1ff8 vmickvpexchange - ok
22:52:01.0127 0x1ff8 vmicrdv - ok
22:52:01.0143 0x1ff8 vmicshutdown - ok
22:52:01.0143 0x1ff8 vmictimesync - ok
22:52:01.0158 0x1ff8 vmicvmsession - ok
22:52:01.0158 0x1ff8 vmicvss - ok
22:52:01.0174 0x1ff8 volmgr - ok
22:52:01.0190 0x1ff8 volmgrx - ok
22:52:01.0190 0x1ff8 volsnap - ok
22:52:01.0205 0x1ff8 volume - ok
22:52:01.0205 0x1ff8 vpci - ok
22:52:01.0221 0x1ff8 vsmraid - ok
22:52:01.0236 0x1ff8 VSS - ok
22:52:01.0236 0x1ff8 VSTXRAID - ok
22:52:01.0252 0x1ff8 vwifibus - ok
22:52:01.0252 0x1ff8 vwififlt - ok
22:52:01.0268 0x1ff8 vwifimp - ok
22:52:01.0283 0x1ff8 W32Time - ok
22:52:01.0283 0x1ff8 WacomPen - ok
22:52:01.0299 0x1ff8 WalletService - ok
22:52:01.0315 0x1ff8 wanarp - ok
22:52:01.0315 0x1ff8 wanarpv6 - ok
22:52:01.0330 0x1ff8 wbengine - ok
22:52:01.0346 0x1ff8 WbioSrvc - ok
22:52:01.0346 0x1ff8 wcifs - ok
22:52:01.0361 0x1ff8 Wcmsvc - ok
22:52:01.0377 0x1ff8 wcncsvc - ok
22:52:01.0377 0x1ff8 wcnfs - ok
22:52:01.0393 0x1ff8 WdBoot - ok
22:52:01.0408 0x1ff8 Wdf01000 - ok
22:52:01.0408 0x1ff8 WdFilter - ok
22:52:01.0424 0x1ff8 WdiServiceHost - ok
22:52:01.0424 0x1ff8 WdiSystemHost - ok
22:52:01.0440 0x1ff8 wdiwifi - ok
22:52:01.0455 0x1ff8 WdNisDrv - ok
22:52:01.0455 0x1ff8 WdNisSvc - ok
22:52:01.0471 0x1ff8 WebClient - ok
22:52:01.0486 0x1ff8 Wecsvc - ok
22:52:01.0486 0x1ff8 WEPHOSTSVC - ok
22:52:01.0502 0x1ff8 wercplsupport - ok
22:52:01.0502 0x1ff8 WerSvc - ok
22:52:01.0518 0x1ff8 WFPLWFS - ok
22:52:01.0533 0x1ff8 WiaRpc - ok
22:52:01.0533 0x1ff8 WIMMount - ok
22:52:01.0549 0x1ff8 WinDefend - ok
22:52:01.0564 0x1ff8 WindowsTrustedRT - ok
22:52:01.0580 0x1ff8 WindowsTrustedRTProxy - ok
22:52:01.0580 0x1ff8 WinHttpAutoProxySvc - ok
22:52:01.0596 0x1ff8 WinMad - ok
22:52:01.0611 0x1ff8 Winmgmt - ok
22:52:01.0611 0x1ff8 WinRM - ok
22:52:01.0627 0x1ff8 WINUSB - ok
22:52:01.0643 0x1ff8 WinVerbs - ok
22:52:01.0658 0x1ff8 wisvc - ok
22:52:01.0658 0x1ff8 WlanSvc - ok
22:52:01.0674 0x1ff8 wlidsvc - ok
22:52:01.0689 0x1ff8 WmiAcpi - ok
22:52:01.0705 0x1ff8 wmiApSrv - ok
22:52:01.0705 0x1ff8 WMPNetworkSvc - ok
22:52:01.0721 0x1ff8 Wof - ok
22:52:01.0736 0x1ff8 workfolderssvc - ok
22:52:01.0736 0x1ff8 WPDBusEnum - ok
22:52:01.0752 0x1ff8 WpdUpFltr - ok
22:52:01.0768 0x1ff8 WpnService - ok
22:52:01.0768 0x1ff8 WpnUserService - ok
22:52:01.0783 0x1ff8 ws2ifsl - ok
22:52:01.0803 0x1ff8 wscsvc - ok
22:52:01.0819 0x1ff8 WSearch - ok
22:52:01.0835 0x1ff8 wuauserv - ok
22:52:01.0835 0x1ff8 WudfPf - ok
22:52:01.0850 0x1ff8 WUDFRd - ok
22:52:01.0850 0x1ff8 wudfsvc - ok
22:52:01.0866 0x1ff8 WUDFWpdFs - ok
22:52:01.0882 0x1ff8 WwanSvc - ok
22:52:01.0882 0x1ff8 XblAuthManager - ok
22:52:01.0897 0x1ff8 XblGameSave - ok
22:52:01.0913 0x1ff8 xboxgip - ok
22:52:01.0913 0x1ff8 XboxNetApiSvc - ok
22:52:01.0928 0x1ff8 xinputhid - ok
22:52:01.0944 0x1ff8 ================ Scan global ===============================
22:52:01.0944 0x1ff8 [ Global ] - ok
22:52:01.0944 0x1ff8 ================ Scan MBR ==================================
22:52:01.0944 0x1ff8 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:52:01.0975 0x1ff8 \Device\Harddisk0\DR0 - ok
22:52:01.0991 0x1ff8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:52:02.0366 0x1ff8 \Device\Harddisk1\DR1 - ok
22:52:04.0326 0x1ff8 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR4
22:52:04.0482 0x1ff8 \Device\Harddisk2\DR4 - ok
22:52:04.0482 0x1ff8 ================ Scan VBR ==================================
22:52:04.0498 0x1ff8 [ A9C0749589B6C2CE8387999089E83C64 ] \Device\Harddisk1\DR1\Partition1
22:52:04.0498 0x1ff8 \Device\Harddisk1\DR1\Partition1 - ok
22:52:04.0498 0x1ff8 [ 94BD1A1DFD24F47BE1FD92E0E8460FD0 ] \Device\Harddisk1\DR1\Partition2
22:52:04.0513 0x1ff8 \Device\Harddisk1\DR1\Partition2 - ok
22:52:04.0513 0x1ff8 [ AEF5F2D2C9FF3B70A1122F0E821E809C ] \Device\Harddisk2\DR4\Partition1
22:52:04.0513 0x1ff8 \Device\Harddisk2\DR4\Partition1 - ok
22:52:04.0513 0x1ff8 ================ Scan generic autorun ======================
22:52:04.0513 0x1ff8 RtHDVCpl - ok
22:52:04.0529 0x1ff8 RtHDVBg_Dolby - ok
22:52:04.0529 0x1ff8 ETDCtrl - ok
22:52:04.0529 0x1ff8 CLMLServer_For_P2G8 - ok
22:52:04.0529 0x1ff8 CLVirtualDrive - ok
22:52:04.0545 0x1ff8 RemoteControl10 - ok
22:52:04.0545 0x1ff8 YouCam Service - ok
22:52:04.0545 0x1ff8 avgnt - ok
22:52:04.0560 0x1ff8 DivXMediaServer - ok
22:52:04.0560 0x1ff8 Avira SystrayStartTrigger - ok
22:52:04.0560 0x1ff8 CanonQuickMenu - ok
22:52:04.0560 0x1ff8 IJNetworkScannerSelectorEX - ok
22:52:04.0576 0x1ff8 OneDriveSetup - ok
22:52:04.0576 0x1ff8 OneDriveSetup - ok
22:52:04.0576 0x1ff8 Amazon Music - ok
22:52:04.0591 0x1ff8 Spotify Web Helper - ok
22:52:04.0591 0x1ff8 OneDrive - ok
22:52:04.0591 0x1ff8 OneDriveSetup - ok
22:52:04.0591 0x1ff8 WAB Migrate - ok
22:52:04.0638 0x1ff8 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.20.55 ), 0x41000 ( enabled : updated )
22:52:04.0638 0x1ff8 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
22:52:04.0685 0x1ff8 Win FW state via NFP2: enabled ( trusted )
22:52:04.0850 0x1ff8 ============================================================
22:52:04.0850 0x1ff8 Scan finished
22:52:04.0850 0x1ff8 ============================================================
22:52:04.0865 0x1b34 Detected object count: 0
22:52:04.0865 0x1b34 Actual detected object count: 0
|
|
07.10.2016, 14:48
| #9 |
| /// TB-Ausbilder /// Anleitungs-Guru | Accountsperrung wegen Betrugsversuch - Systemüberprüfung und -reinigung Nein, von Avira will ich nichts haben. Ich bereinige hier und jetzt nur den PC von dem die ersten FRST-Logs stammen. Alles andere verwirrt doch nur. Schritt 1 Echtzeitschutz des Virenscanners abschalten.  Schritt 2  Scan mit Combofix
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
08.10.2016, 17:50
| #10 |
| | Accountsperrung wegen Betrugsversuch - Systemüberprüfung und -reinigung Hey, ich hab folgende Meldungen in dem blauen Fenster steht Starte WIndows neu.. Bitte warten Bitte lasse Combofix deinen PC neustarten WARNUNG!! Führe keinen manuellen Neustart der MAcshine durch Darüber liegt ein Fehlerfenster mit INhalt: Unable to create a backup of the current registry file Continue restoration of this file? Ja oder Nein?? Das steht da jetzt schon seit 40 Minuten |
|
08.10.2016, 18:25
| #11 |
| /// TB-Ausbilder /// Anleitungs-Guru | Accountsperrung wegen Betrugsversuch - Systemüberprüfung und -reinigung Nein
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
08.10.2016, 19:13
| #12 |
| | Accountsperrung wegen Betrugsversuch - Systemüberprüfung und -reinigung Also den Echtzeitschutz hatte ich deaktiviert... Warum Antivir dann ganz unten trotzdem auftaucht, weiß ich nicht. Aktuell habe ich unten rechts in der Leiste auch keinerlei Icons mehr, die ja eigentlich alle da sein müssten... Aber da ist Nada, außer Netzwerk und diesem Windows-Fähnchen... Code:
ATTFilter ComboFix 16-09-28.01 - S******* 08.10.2016 17:50:24.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.12287.9641 [GMT 2:00]
ausgeführt von:: c:\users\S*******\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Sony Ericsson PC Software.ico
c:\users\S*******\AppData\Local\assembly\tmp
c:\users\S*******\AppData\Local\lollipop
c:\users\S*******\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
((((((((((((((((((((((( Dateien erstellt von 2016-09-08 bis 2016-10-08 ))))))))))))))))))))))))))))))
.
.
2016-10-08 15:57 . 2016-10-08 15:57 -------- d-----w- c:\users\M***** Arbeit\AppData\Local\temp
2016-10-08 15:57 . 2016-10-08 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-05 03:11 . 2016-10-05 03:19 -------- d-----w- C:\FRST
2016-10-04 20:54 . 2016-10-04 20:54 -------- d-----w- c:\program files\Common Files\AV
2016-10-04 20:22 . 2016-10-06 20:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2016-10-04 20:22 . 2016-10-06 20:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2016-09-28 08:02 . 2016-09-28 08:02 -------- d-----w- c:\program files\Bulk Rename Utility
2016-09-28 07:54 . 2016-09-28 07:54 -------- d-----w- c:\users\S*******\AppData\Roaming\EFSoftware
2016-09-28 07:51 . 2016-09-28 07:51 -------- d-----w- c:\users\S*******\AppData\Local\Tools&More
2016-09-28 07:41 . 2016-09-28 07:48 -------- d-----w- c:\users\S*******\AppData\Roaming\XnViewMP
2016-09-28 07:41 . 2016-09-28 07:41 -------- d-----w- c:\program files\XnViewMP
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-28 07:51 . 2016-09-28 07:51 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D775B4D-ED42-4355-AB0E-793604C3A084}\offreg.2764.dll
2016-09-14 13:56 . 2012-03-31 19:36 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-09-14 13:56 . 2011-05-16 09:32 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-09-04 19:46 . 2010-09-18 17:42 147640136 -c--a-w- c:\windows\system32\MRT.exe
2016-09-02 06:43 . 2016-09-02 06:43 365536 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2016-08-02 22:36 . 2016-09-11 05:40 11847048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D775B4D-ED42-4355-AB0E-793604C3A084}\mpengine.dll
2016-08-02 14:54 . 2016-09-04 19:37 394440 ----a-w- c:\windows\system32\iedkcs32.dll
2016-08-02 06:54 . 2016-09-04 19:37 25808384 ----a-w- c:\windows\system32\mshtml.dll
2016-08-02 06:47 . 2016-09-04 19:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-08-02 06:47 . 2016-09-04 19:37 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-08-02 06:32 . 2016-09-04 19:37 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-08-02 06:32 . 2016-09-04 19:37 2894336 ----a-w- c:\windows\system32\iertutil.dll
2016-08-02 06:31 . 2016-09-04 19:38 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-08-02 06:31 . 2016-09-04 19:37 417792 ----a-w- c:\windows\system32\html.iec
2016-08-02 06:31 . 2016-09-04 19:37 572416 ----a-w- c:\windows\system32\vbscript.dll
2016-08-02 06:31 . 2016-09-04 19:37 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-08-02 06:24 . 2016-09-04 19:37 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-08-02 06:23 . 2016-09-04 19:38 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-08-02 06:20 . 2016-09-04 19:37 615936 ----a-w- c:\windows\system32\ieui.dll
2016-08-02 06:19 . 2016-09-04 19:38 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-08-02 06:19 . 2016-09-04 19:37 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-08-02 06:18 . 2016-09-04 19:37 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-08-02 06:18 . 2016-09-04 19:37 817664 ----a-w- c:\windows\system32\jscript.dll
2016-08-02 06:18 . 2016-09-04 19:37 6047744 ----a-w- c:\windows\system32\jscript9.dll
2016-08-02 06:11 . 2016-09-04 19:37 969216 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-08-02 06:08 . 2016-09-04 19:37 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-08-02 06:03 . 2016-09-04 19:37 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-08-02 06:00 . 2016-09-04 19:37 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-08-02 05:59 . 2016-09-04 19:37 107520 ----a-w- c:\windows\system32\inseng.dll
2016-08-02 05:56 . 2016-09-04 19:37 199680 ----a-w- c:\windows\system32\msrating.dll
2016-08-02 05:55 . 2016-09-04 19:37 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-08-02 05:53 . 2016-09-04 19:37 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-08-02 05:51 . 2016-09-04 19:37 497664 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-08-02 05:51 . 2016-09-04 19:37 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-08-02 05:51 . 2016-09-04 19:37 152064 ----a-w- c:\windows\system32\occache.dll
2016-08-02 05:51 . 2016-09-04 19:38 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-08-02 05:51 . 2016-09-04 19:37 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-08-02 05:50 . 2016-09-04 19:37 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-08-02 05:41 . 2016-09-04 19:37 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-08-02 05:41 . 2016-09-04 19:37 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-08-02 05:40 . 2016-09-04 19:37 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-08-02 05:38 . 2016-09-04 19:37 724992 ----a-w- c:\windows\system32\ie4uinit.exe
2016-08-02 05:38 . 2016-09-04 19:37 806400 ----a-w- c:\windows\system32\msfeeds.dll
2016-08-02 05:37 . 2016-09-04 19:37 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-08-02 05:36 . 2016-09-04 19:37 2131456 ----a-w- c:\windows\system32\inetcpl.cpl
2016-08-02 05:29 . 2016-09-04 19:37 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-08-02 05:28 . 2016-09-04 19:37 15412224 ----a-w- c:\windows\system32\ieframe.dll
2016-08-02 05:23 . 2016-09-04 19:37 2868224 ----a-w- c:\windows\system32\wininet.dll
2016-08-02 05:21 . 2016-09-04 19:37 4608000 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-08-02 05:14 . 2016-09-04 19:37 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-08-02 05:14 . 2016-09-04 19:37 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-08-02 05:10 . 2016-09-04 19:37 1550848 ----a-w- c:\windows\system32\urlmon.dll
2016-08-02 04:59 . 2016-09-04 19:37 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-08-02 04:56 . 2016-09-04 19:37 2393088 ----a-w- c:\windows\SysWow64\wininet.dll
2016-07-26 18:18 . 2013-03-20 10:15 171752 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2016-07-26 18:18 . 2013-03-20 10:15 145984 ----a-w- c:\windows\system32\drivers\avipbb.sys
2016-07-26 12:24 . 2010-09-15 11:25 504488 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox Update"="c:\users\S*******\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-10 134512]
"Spotify Web Helper"="c:\users\S*******\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2016-09-28 1529456]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2016-09-09 830064]
"Gaming Mouse"="c:\gaming mouse\Gaming Mouse.exe" [2009-09-30 1306624]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2016-08-29 1009632]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2013-04-02 1282632]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2013-02-19 453736]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-08-19 60136]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\FRITZWLANMini.exe" [2014-03-27 933888]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-08-04 767176]
.
c:\users\S*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\S*******\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2016-10-8 25243040]
FastStone Capture.lnk - c:\program files (x86)\FastStone Capture\FSCapture.exe -Silent [2007-2-12 1111552]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 fwlanusb6;FRITZ!WLAN USB Stick AC 430;c:\windows\system32\DRIVERS\fwlanusb6.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb6.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys;c:\windows\SYSNATIVE\DRIVERS\wg111v2.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 X6va003;X6va003;c:\users\S*******\AppData\Local\Temp\003C9C4.tmp;c:\users\S*******\AppData\Local\Temp\003C9C4.tmp [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DigitalWave.Update.Service;Digital Wave Update Service;c:\program files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe;c:\program files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 SCM_Service;SCM_Service;c:\windows\SysWOW64\WinService.exe;c:\windows\SysWOW64\WinService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Inhalt des "geplante Tasks" Ordners
.
2016-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 13:56]
.
2016-10-04 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000Core.job
- c:\users\S*******\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-10 04:09]
.
2016-10-08 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000UA.job
- c:\users\S*******\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-10 04:09]
.
2016-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-28 17:40]
.
2016-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-28 17:40]
.
2016-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000Core.job
- c:\users\S*******\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-26 17:05]
.
2016-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935282697-2757325891-1977791356-1000UA.job
- c:\users\S*******\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-26 17:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 270144 ----a-w- c:\users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 270144 ----a-w- c:\users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 270144 ----a-w- c:\users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 270144 ----a-w- c:\users\S*******\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-17 10134560]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\S*******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: toysrus.de\webvpn
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\S*******\AppData\Roaming\Mozilla\Firefox\Profiles\r59s22ry.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
FF - user.js: extensions.zonealarm.hpOld0 -
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughDev3&Lan={dfltLng}&gu=2f92fc4cedb54bca865a0e336386c80d&tu=10GXz009Y1B0CO0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 043d943800000000000000184dcd7251
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15932
FF - user.js: extensions.zonealarm.vrsn - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsni - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.22.022:40
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughDev3
FF - user.js: extensions.zonealarm.instlRef - ZLN19090066867192-1001
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=de&gu=2f92fc4cedb54bca865a0e336386c80d&tu=10GXz009Y1B0CO0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=de&gu=2f92fc4cedb54bca865a0e336386c80d&tu=10GXz009Y1B0CO0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=goughDev3&Lan=de&gu=2f92fc4cedb54bca865a0e336386c80d&tu=10GXz009Y1B0CO0&sku=&tstsId=&ver=&
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-Run-GarminExpressTrayApp - c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe
AddRemove-EF Multi File Renamer - c:\program files (x86)\EF Multi File Renamer\UNINST.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\S*******\AppData\Local\Temp\003C9C4.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.032"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.abr"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ani"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.apd"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.arw"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.bay"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.bmp"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bwf"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cel"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.cr2"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.crw"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.cs1"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.cur"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.dcr"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.dcx"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.dib"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.djv"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.djvu"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.dng"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.emf"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.eps"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.erf"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.fff"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.flc"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fli"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.gif"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.hdr"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.icl"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.icn"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
@Denied: (2) (LocalSystem)
"Progid"="XnView.iff"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.iw4"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.j2c"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.j2k"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jbr"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jfif"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jif"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jp2"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpc"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.jpe"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.jpeg"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.jpg"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpk"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.jpx"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kar"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.kdc"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m15"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m1a"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m2a"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m75"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.mef"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.mos"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mpv"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.mrw"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.nef"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.nrw"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.orf"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pbr"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pct"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.pcx"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.pef"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.pic"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pics"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pict"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.png"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.psd"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.psp"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pspbrush"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.pspimage"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.qtpf"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.raf"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.raw"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.rle"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.rw2"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.rwl"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sdv"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sfil"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.smf"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sml"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.sr2"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.srf"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.srw"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.swa"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.tga"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.thm"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.tif"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1935282697-2757325891-1977791356-1000)
"Progid"="ACDSee Pro 6.tiff"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ttc"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.ttf"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ulw"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60po"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60pp"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60ppf"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.vfw"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wbm"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wbmp"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.wmf"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.xif"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.xmp"
.
[HKEY_USERS\S-1-5-21-1935282697-2757325891-1977791356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2016-10-08 20:11:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2016-10-08 18:11
.
Vor Suchlauf: 13 Verzeichnis(se), 36.014.854.144 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 35.220.914.176 Bytes frei
.
- - End Of File - - E2143B957C5099BD9635B6B455216702
A36C5E4F47E84449FF07ED3517B43A31
|
|
09.10.2016, 16:56
| #13 |
| /// TB-Ausbilder /// Anleitungs-Guru | Accountsperrung wegen Betrugsversuch - Systemüberprüfung und -reinigung Jetzt bitte noch einen letzten Suchscan durchführen: Schritt 1 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
09.10.2016, 22:25
| #14 |
| | Accountsperrung wegen Betrugsversuch - Systemüberprüfung und -reinigungCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bc7520ea03a20c4ca67edc7157b053cf
# end=init
# utc_time=2016-10-09 07:00:54
# local_time=2016-10-09 09:00:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 31020
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bc7520ea03a20c4ca67edc7157b053cf
# end=updated
# utc_time=2016-10-09 07:27:25
# local_time=2016-10-09 09:27:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=bc7520ea03a20c4ca67edc7157b053cf
# engine=31020
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-10-09 09:16:08
# local_time=2016-10-09 11:16:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 98 9235 68647062 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 97999 227677618 0 0
# scanned=325889
# found=9
# cleaned=0
# scan_time=6523
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe"
sh=0E570494944DCA604EAB47459C3BEAF04B6B8713 ft=1 fh=1705691274759c48 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\S*******\Documents\Downloads\FreeVideoDub.exe"
sh=3F07369481E1A12CBF66EDFBB23D60A01C831DED ft=1 fh=4caba853b124ee2f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Bulk Rename Utility - CHIP-Installer.exe"
sh=CBD1538AEC16055DF9F97C614745908CA01656C0 ft=1 fh=97fda28c45339833 vn="Variante von Win32/InstallCore.AHH evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\FreeYouTubeToMP3Converter_4.1.26.721.exe"
sh=6098A4F678586A611C5D68463AB9DBE72AFA103C ft=1 fh=8401215c5ec97791 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Joe letzte Freeware Version - CHIP-Installer.exe"
sh=CA93F551F47686F132C9F17E0247E4068DCB2CB1 ft=1 fh=e47c41f0d041cd21 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Tools&Progs\zafwSetupWeb_110_000_504(1).exe"
sh=FF6189C81427004A5A75C813206C8BB5201F7A55 ft=1 fh=f3346341465c9511 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Tools&Progs\zafwSetupWeb_131_211_000 (1).exe"
sh=8830B8D7CD0FEBD8E8DCEB95FCB0315FC17E03D5 ft=1 fh=a42b4b81f0781c56 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Tools&Progs\zaSetupWeb_110_768_000.exe"
sh=BCCB23BDF46FC326539907F0ACCBA7F229D43204 ft=1 fh=fdeeeacbc83b830b vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Tools&Progs\zaSetupWeb_120_104_000.exe"
|
|
10.10.2016, 17:29
| #15 |
| /// TB-Ausbilder /// Anleitungs-Guru | Accountsperrung wegen Betrugsversuch - Systemüberprüfung und -reinigungGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?Schritt 1   Bitte starte FRST erneut, markiere auch die checkbox  und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu Accountsperrung wegen Betrugsversuch - Systemüberprüfung und -reinigung |
| anzeige, browser, computer, dll, ebay, excel, explorer, explorer.exe, firefox, flash player, google, helper.exe, installation, internet, internet explorer, laptop, microsoft, namen, programm, regedit, registry, software, systeme, systemüberprüfung, temp, wallpaper |
Linear-Darstellung
