| |
| |||||||
Log-Analyse und Auswertung: rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,......Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.01.2017, 20:48
| #16 |
 |  rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,...... adw: Code:
ATTFilter # AdwCleaner v6.042 - Bericht erstellt am 24/01/2017 um 17:37:37
# Aktualisiert am 06/01/2017 von Malwarebytes
# Datenbank : 2017-01-24.1 [Lokal]
# Betriebssystem : Windows 10 Home (X64)
# Benutzername : Dragonfly - DRAGONFLY-PC
# Gestartet von : C:\Users\Dragonfly\Desktop\AdwCleaner_6.042.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2793 Bytes] - [24/01/2017 17:37:37]
C:\AdwCleaner\AdwCleaner[S0].txt - [1351 Bytes] - [24/01/2017 17:02:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [1423 Bytes] - [24/01/2017 17:05:05]
C:\AdwCleaner\AdwCleaner[S2].txt - [3204 Bytes] - [24/01/2017 17:36:05]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3085 Bytes] ##########
JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Dragonfly (Administrator) on 24.01.2017 at 17:42:49,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.01.2017 at 17:46:18,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
adw: Code:
ATTFilter # AdwCleaner v6.042 - Bericht erstellt am 24/01/2017 um 20:37:54
# Aktualisiert am 06/01/2017 von Malwarebytes
# Datenbank : 2017-01-24.2 [Server]
# Betriebssystem : Windows 10 Home (X64)
# Benutzername : Dragonfly - DRAGONFLY-PC
# Gestartet von : C:\Users\Dragonfly\Desktop\AdwCleaner_6.042.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3180 Bytes] - [24/01/2017 17:37:37]
C:\AdwCleaner\AdwCleaner[C2].txt - [1011 Bytes] - [24/01/2017 20:37:54]
C:\AdwCleaner\AdwCleaner[S0].txt - [1351 Bytes] - [24/01/2017 17:02:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [1423 Bytes] - [24/01/2017 17:05:05]
C:\AdwCleaner\AdwCleaner[S2].txt - [3204 Bytes] - [24/01/2017 17:36:05]
C:\AdwCleaner\AdwCleaner[S3].txt - [1643 Bytes] - [24/01/2017 20:35:42]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1376 Bytes] ##########
JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Dragonfly (Administrator) on 24.01.2017 at 17:42:49,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.01.2017 at 17:46:18,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
24.01.2017, 22:14
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,...... Wir haben leider noch ne ältere Anleitung vom adwCleaner, bitte nochmal ausführen und so einstellen:
__________________
__________________ |
|
26.01.2017, 07:18
| #18 |
| | rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,...... der findet egal mit welcher Einstellung nix mehr. hab auch alle Programme noch mal neu runtergeladen, installiert und dann ausgeführt. hat aber auch nicht geholfen.
__________________wenn ich frst ausführen will kommt inzwischen immer eine blau hinterlegte Meldung die mir sagt dass der computer durch windows geschützt ist und diese app unter umständen eine Gefahr darstellt. ansonsten läuft der pc fast durchgehend auf Hochtouren. laut taskmanager oder systemexplorer ist daran meißtens irgendein systemprozess, das antivirenprogramm oder beides zusammen schuld. teilweise hat emisoft 80% festplattenauslastung und 100% cpu. außerdem werden ers immer mehr Programme die ich nicht beenden kann oder die sich anomal verhalten. |
|
26.01.2017, 11:57
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,...... Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.01.2017, 11:57
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,...... Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.01.2017, 14:02
| #21 |
| | rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,...... keine Ahnung ob nich inzwischen frst nich auch schon befallen ist... sieht für mich irgendwie anders aus als die ersten scans. frst: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
durchgeführt von Dragonfly (Administrator) auf DRAGONFLY-PC (26-01-2017 13:16:52)
Gestartet von C:\Users\Dragonfly\Desktop
Geladene Profile: Dragonfly (Verfügbare Profile: Dragonfly)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\syswow64\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1812544 2016-09-12] (NVIDIA Corporation)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8140696 2016-12-29] (Emsisoft Ltd)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [571928 2015-09-03] (Vimicro)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9d7e27a9-5756-47e5-95d0-70cb4968354e}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-23] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Dragonfly\AppData\Local\Google\Chrome\User Data\Default [2017-01-26]
CHR Extension: (Google Docs) - C:\Users\Dragonfly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-24]
CHR Extension: (Google Drive) - C:\Users\Dragonfly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-24]
CHR Extension: (YouTube) - C:\Users\Dragonfly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-24]
CHR Extension: (Google Docs Offline) - C:\Users\Dragonfly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-24]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Dragonfly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Google Mail) - C:\Users\Dragonfly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-24]
CHR Extension: (Chrome Media Router) - C:\Users\Dragonfly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-24]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9461280 2016-12-29] (Emsisoft Ltd)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [422656 2016-03-09] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-06-03] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [648872 2015-09-03] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-01-26 10:28 - 2017-01-26 10:28 - 01357260 _____ C:\Users\Dragonfly\Desktop\a2service.exe.txt
2017-01-26 08:22 - 2017-01-26 08:31 - 00034971 _____ C:\Users\Dragonfly\Desktop\Shortcut.txt
2017-01-26 08:21 - 2017-01-26 08:31 - 00024541 _____ C:\Users\Dragonfly\Desktop\Addition.txt
2017-01-26 08:20 - 2017-01-26 13:16 - 00007442 _____ C:\Users\Dragonfly\Desktop\FRST.txt
2017-01-26 08:20 - 2017-01-26 13:16 - 00000000 ____D C:\FRST
2017-01-26 06:23 - 2017-01-26 13:16 - 02420736 _____ (Farbar) C:\Users\Dragonfly\Desktop\FRST64.exe
2017-01-26 06:13 - 2017-01-26 06:13 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-26 06:12 - 2017-01-26 06:12 - 00000000 ____D C:\Users\Dragonfly\AppData\Roaming\Skype
2017-01-26 05:56 - 2017-01-26 05:56 - 01663040 _____ (Malwarebytes) C:\Users\Dragonfly\Desktop\JRT.exe
2017-01-26 05:47 - 2017-01-26 05:47 - 03988944 _____ C:\Users\Dragonfly\Desktop\AdwCleaner_6.042 (1).exe
2017-01-25 00:42 - 2017-01-25 00:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-24 20:46 - 2017-01-25 16:46 - 00001171 _____ C:\Users\Dragonfly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware Guard.lnk
2017-01-24 17:29 - 2017-01-24 17:29 - 01663040 _____ (Malwarebytes) C:\Users\Dragonfly\Desktop\JRT (1).exe
2017-01-24 16:59 - 2017-01-26 05:49 - 00000000 ____D C:\AdwCleaner
2017-01-24 16:54 - 2017-01-24 01:46 - 283519832 _____ C:\Users\Dragonfly\Desktop\EmsisoftEmergencyKit.exe
2017-01-24 16:54 - 2016-08-06 12:56 - 24463226 _____ C:\Users\Dragonfly\Desktop\gpg4usb-0.3.3-2.zip
2017-01-24 16:54 - 2016-07-13 23:20 - 49625952 _____ C:\Users\Dragonfly\Desktop\torbrowser-install-6.0.2_en-US.exe
2017-01-24 16:54 - 2016-07-13 23:08 - 15883624 _____ (CyberGhost S.R.L. ) C:\Users\Dragonfly\Desktop\CyberGhost_6.0.0.1823_2.exe
2017-01-24 16:53 - 2016-07-14 21:30 - 11882488 _____ (Lenovo Group Limited ) C:\Users\Dragonfly\Desktop\1hst01ww.exe
2017-01-24 14:45 - 2016-12-22 23:48 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-01-24 14:45 - 2016-12-22 23:48 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-24 14:39 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-01-24 14:39 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-01-24 14:34 - 2017-01-24 16:35 - 00000000 ____D C:\Users\Dragonfly\AppData\Local\ElevatedDiagnostics
2017-01-24 14:28 - 2017-01-24 14:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-24 14:28 - 2017-01-24 14:28 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-24 12:07 - 2017-01-24 12:20 - 00238666 _____ C:\TDSSKiller.3.1.0.12_24.01.2017_12.07.38_log.txt
2017-01-24 12:03 - 2017-01-24 12:05 - 00374652 _____ C:\TDSSKiller.3.1.0.12_24.01.2017_12.03.24_log.txt
2017-01-24 12:03 - 2017-01-24 12:03 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Dragonfly\Desktop\tdsskiller.exe
2017-01-24 11:36 - 2017-01-26 03:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-01-24 11:36 - 2017-01-26 03:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-24 11:36 - 2017-01-24 11:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-24 11:35 - 2017-01-26 06:19 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-24 11:35 - 2017-01-26 03:36 - 00000000 ____D C:\Users\Dragonfly\Desktop\mbar
2017-01-24 11:35 - 2017-01-24 11:35 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Dragonfly\Desktop\mbar-1.09.3.1001.exe
2017-01-24 08:05 - 2017-01-24 08:05 - 00042168 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-01-24 01:56 - 2017-01-24 03:41 - 00000000 ____D C:\ProgramData\Emsisoft
2017-01-24 01:55 - 2017-01-24 01:55 - 00000937 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-01-24 01:55 - 2017-01-24 01:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-01-24 01:54 - 2017-01-26 13:15 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-01-24 01:47 - 2017-01-24 01:47 - 00000000 ____D C:\EEK
2017-01-24 01:31 - 2016-10-28 02:22 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-01-24 01:16 - 2017-01-26 11:43 - 00007623 _____ C:\Users\Dragonfly\AppData\Local\resmon.resmoncfg
2017-01-23 23:22 - 2017-01-23 23:22 - 00000000 ____D C:\Users\Dragonfly\AppData\Local\NVIDIA
2017-01-23 23:17 - 2017-01-23 23:17 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-23 23:17 - 2017-01-23 23:17 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-23 23:17 - 2016-05-04 03:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-01-23 23:17 - 2016-05-04 03:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-01-23 23:17 - 2016-05-04 03:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-01-23 23:17 - 2016-05-04 03:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-01-23 22:19 - 2017-01-23 22:19 - 00000000 ____D C:\Users\Dragonfly\AppData\Local\Comms
2017-01-23 22:15 - 2017-01-23 22:15 - 00000000 ____D C:\Users\Dragonfly\AppData\Roaming\LolClient
2017-01-23 22:12 - 2017-01-23 22:12 - 00001585 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-01-23 22:12 - 2017-01-23 22:12 - 00000000 ____D C:\ProgramData\Riot Games
2017-01-23 22:12 - 2017-01-23 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-01-23 22:12 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2017-01-23 22:12 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2017-01-23 22:12 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2017-01-23 22:12 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2017-01-23 22:12 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2017-01-23 22:09 - 2017-01-25 15:37 - 00000000 ____D C:\Users\Dragonfly\AppData\Roaming\Riot Games
2017-01-23 21:57 - 2017-01-23 21:57 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-23 21:53 - 2017-01-23 21:53 - 00000000 ____D C:\Users\Dragonfly\AppData\Roaming\Macromedia
2017-01-23 21:48 - 2017-01-23 21:48 - 00002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-23 21:48 - 2017-01-23 21:48 - 00002324 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-23 21:39 - 2017-01-24 10:04 - 00000000 ____D C:\Users\Dragonfly\AppData\Local\Google
2017-01-23 21:39 - 2017-01-23 22:58 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-23 21:39 - 2017-01-23 22:58 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-23 21:39 - 2017-01-23 21:52 - 00992488 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgsnx.sys.148520484293701
2017-01-23 21:39 - 2017-01-23 21:48 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-23 21:38 - 2017-01-23 21:38 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-01-23 21:38 - 2017-01-23 21:38 - 00000000 ____D C:\Program Files (x86)\USB Camera
2017-01-23 21:36 - 2017-01-23 21:36 - 00000000 ____D C:\Users\Dragonfly\AppData\Local\CEF
2017-01-23 21:35 - 2017-01-24 02:53 - 00000000 ____D C:\ProgramData\Avg
2017-01-23 21:35 - 2017-01-24 02:09 - 00000000 ____D C:\Users\Dragonfly\AppData\Local\AvgSetupLog
2017-01-23 21:35 - 2017-01-23 21:35 - 00000000 ____D C:\Users\Dragonfly\AppData\Local\Avg
2017-01-23 21:33 - 2017-01-23 21:33 - 00000000 ____D C:\Users\Dragonfly\AppData\Local\MicrosoftEdge
2017-01-23 21:31 - 2017-01-26 06:13 - 00002395 _____ C:\Users\Dragonfly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-23 21:31 - 2017-01-23 21:31 - 00000000 ____D C:\Users\Dragonfly\AppData\Local\ActiveSync
2017-01-23 21:31 - 2017-01-23 21:31 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-01-23 21:30 - 2017-01-26 06:58 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-23 21:29 - 2017-01-24 17:08 - 00000000 ____D C:\Users\Dragonfly\AppData\Local\Packages
2017-01-23 21:29 - 2017-01-23 21:29 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-01-23 21:29 - 2017-01-23 21:29 - 00000020 ___SH C:\Users\Dragonfly\ntuser.ini
2017-01-23 21:29 - 2017-01-23 21:29 - 00000000 ____D C:\Users\Dragonfly\AppData\Roaming\Adobe
2017-01-23 21:29 - 2017-01-23 21:29 - 00000000 ____D C:\Users\Dragonfly\AppData\Local\VirtualStore
2017-01-23 21:29 - 2017-01-23 21:29 - 00000000 ____D C:\Users\Dragonfly\AppData\Local\TileDataLayer
2017-01-23 21:29 - 2017-01-23 21:29 - 00000000 ____D C:\Users\Dragonfly\AppData\Local\Publishers
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default\Vorlagen
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default\Startmenü
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\Default User
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Users\All Users
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\ProgramData\Vorlagen
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\ProgramData\Startmenü
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\ProgramData\Favoriten
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\ProgramData\Dokumente
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2017-01-23 21:25 - 2017-01-23 21:25 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2017-01-23 21:23 - 2017-01-26 06:53 - 00000000 ____D C:\Users\Dragonfly
2017-01-23 21:23 - 2017-01-23 21:24 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\Dragonfly\Vorlagen
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\Dragonfly\Startmenü
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\Dragonfly\Netzwerkumgebung
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\Dragonfly\Lokale Einstellungen
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\Dragonfly\Eigene Dateien
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\Dragonfly\Druckumgebung
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\Dragonfly\Documents\Eigene Videos
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\Dragonfly\Documents\Eigene Musik
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\Dragonfly\Documents\Eigene Bilder
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\Dragonfly\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\Dragonfly\AppData\Local\Verlauf
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\Dragonfly\AppData\Local\Anwendungsdaten
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\Dragonfly\Anwendungsdaten
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Vorlagen
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Startmenü
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Netzwerkumgebung
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Lokale Einstellungen
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Eigene Dateien
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Druckumgebung
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Videos
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Musik
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Eigene Bilder
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Verlauf
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Anwendungsdaten
2017-01-23 21:23 - 2017-01-23 21:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Anwendungsdaten
2017-01-23 21:17 - 2017-01-23 23:19 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-23 21:17 - 2017-01-23 23:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-23 21:17 - 2017-01-23 23:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-23 21:17 - 2017-01-23 21:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-23 21:17 - 2017-01-23 21:17 - 00000000 ____D C:\Program Files\Common Files\Atheros
2017-01-23 21:17 - 2016-08-01 13:54 - 06386744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-01-23 21:17 - 2016-08-01 13:54 - 02466360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-01-23 21:17 - 2016-08-01 13:54 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-01-23 21:17 - 2016-08-01 13:54 - 01365048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2017-01-23 21:17 - 2016-08-01 13:54 - 00547896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-01-23 21:17 - 2016-08-01 13:54 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-01-23 21:17 - 2016-08-01 13:54 - 00139712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2017-01-23 21:17 - 2016-08-01 13:54 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-01-23 21:17 - 2016-08-01 13:54 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-01-23 21:17 - 2016-07-28 14:02 - 07242545 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-01-23 21:17 - 2016-05-03 22:30 - 00081416 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-01-23 21:17 - 2016-05-03 22:30 - 00077832 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-01-23 21:16 - 2017-01-23 21:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-01-23 21:16 - 2017-01-23 21:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-01-23 21:16 - 2017-01-23 21:16 - 00000000 ____D C:\ProgramData\USOShared
2017-01-23 21:16 - 2017-01-23 21:16 - 00000000 ____D C:\Program Files\Intel
2017-01-23 21:15 - 2016-10-25 09:58 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-01-23 21:13 - 2017-01-26 06:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-23 21:13 - 2017-01-23 21:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-01-23 21:12 - 2017-01-24 14:43 - 00194272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-23 21:11 - 2017-01-23 21:26 - 00000000 ___DC C:\WINDOWS\Panther
2017-01-23 21:11 - 2017-01-23 21:11 - 00000000 ____D C:\WINDOWS\InfusedApps
2017-01-23 21:10 - 2017-01-24 05:24 - 00000000 ____D C:\Windows.old
2017-01-23 21:10 - 2017-01-23 21:10 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-01-23 21:08 - 2017-01-23 21:08 - 00000000 ____D C:\Program Files\Synaptics
2017-01-23 21:07 - 2017-01-23 21:07 - 00000000 ____D C:\WINDOWS\Setup
2017-01-23 21:02 - 2017-01-23 21:02 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-01-23 21:02 - 2017-01-23 21:02 - 00000000 ____D C:\WINDOWS\OCR
2017-01-23 21:02 - 2017-01-23 21:02 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-01-23 21:02 - 2017-01-23 21:02 - 00000000 ____D C:\Program Files\MSBuild
2017-01-23 21:02 - 2017-01-23 21:02 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-01-23 21:02 - 2017-01-23 21:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-01-23 21:01 - 2017-01-26 06:58 - 00776766 _____ C:\WINDOWS\system32\perfh007.dat
2017-01-23 21:01 - 2017-01-26 06:58 - 00155544 _____ C:\WINDOWS\system32\perfc007.dat
2017-01-23 21:01 - 2017-01-23 21:00 - 00305634 _____ C:\WINDOWS\system32\perfi007.dat
2017-01-23 21:01 - 2017-01-23 21:00 - 00040390 _____ C:\WINDOWS\system32\perfd007.dat
2017-01-23 21:00 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-01-23 21:00 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-01-23 21:00 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-01-23 21:00 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-01-23 21:00 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-01-23 21:00 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\SysWOW64\de
2017-01-23 21:00 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2017-01-23 21:00 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-01-23 21:00 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-01-23 21:00 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-01-23 21:00 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-01-23 21:00 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\system32\de
2017-01-23 21:00 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\system32\0409
2017-01-23 21:00 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\DigitalLocker
2017-01-23 20:56 - 2017-01-23 20:53 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-01-23 20:56 - 2017-01-23 20:53 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-01-23 20:56 - 2017-01-23 20:53 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2017-01-23 20:56 - 2017-01-23 20:53 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2017-01-23 20:56 - 2017-01-23 20:53 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-01-23 20:55 - 2017-01-26 11:19 - 00000000 ____D C:\WINDOWS\Registration
2017-01-23 20:55 - 2017-01-26 03:34 - 00000000 __RHD C:\Users\Public\Libraries
2017-01-23 20:55 - 2017-01-26 00:10 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-23 20:55 - 2017-01-25 23:39 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\system32\setup
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\Program Files\Windows Defender
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-01-23 20:55 - 2017-01-24 14:39 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-01-23 20:55 - 2017-01-24 14:16 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-01-23 20:55 - 2017-01-24 13:53 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-23 20:55 - 2017-01-24 03:39 - 00000000 ____D C:\WINDOWS\appcompat
2017-01-23 20:55 - 2017-01-23 21:38 - 00000000 ____D C:\WINDOWS\System
2017-01-23 20:55 - 2017-01-23 21:29 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2017-01-23 20:55 - 2017-01-23 21:29 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-01-23 20:55 - 2017-01-23 21:27 - 00000000 ____D C:\WINDOWS\rescache
2017-01-23 20:55 - 2017-01-23 21:25 - 00000000 ____D C:\Program Files\Windows NT
2017-01-23 20:55 - 2017-01-23 21:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-01-23 20:55 - 2017-01-23 21:24 - 00000000 ____D C:\WINDOWS\system32\spool
2017-01-23 20:55 - 2017-01-23 21:20 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-23 20:55 - 2017-01-23 21:17 - 00000000 ____D C:\WINDOWS\Help
2017-01-23 20:55 - 2017-01-23 21:16 - 00000000 ____D C:\ProgramData\USOPrivate
2017-01-23 20:55 - 2017-01-23 21:11 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-01-23 20:55 - 2017-01-23 21:06 - 00000000 __RSD C:\WINDOWS\Media
2017-01-23 20:55 - 2017-01-23 21:06 - 00000000 ____D C:\Program Files\Windows Portable Devices
2017-01-23 20:55 - 2017-01-23 21:06 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-01-23 20:55 - 2017-01-23 21:06 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-01-23 20:55 - 2017-01-23 21:06 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-01-23 20:55 - 2017-01-23 21:02 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-01-23 20:55 - 2017-01-23 21:02 - 00000000 ____D C:\WINDOWS\SystemApps
2017-01-23 20:55 - 2017-01-23 21:02 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-01-23 20:55 - 2017-01-23 21:00 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-01-23 20:55 - 2017-01-23 21:00 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-01-23 20:55 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-01-23 20:55 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-01-23 20:55 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-01-23 20:55 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\system32\Com
2017-01-23 20:55 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\IME
2017-01-23 20:55 - 2017-01-23 21:00 - 00000000 ____D C:\Program Files\Common Files\System
2017-01-23 20:55 - 2017-01-23 21:00 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-23 20:55 - 2017-01-23 20:56 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-01-23 20:55 - 2017-01-23 20:56 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-01-23 20:55 - 2017-01-23 20:56 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-01-23 20:55 - 2017-01-23 20:56 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-01-23 20:55 - 2017-01-23 20:56 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-01-23 20:55 - 2017-01-23 20:56 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-01-23 20:55 - 2017-01-23 20:56 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ___SD C:\WINDOWS\system32\Nui
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\Web
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\Vss
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\tracing
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\TAPI
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\SystemResources
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\winevt
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\ras
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\IME
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\icsxml
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\ias
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\downlevel
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\SKB
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\security
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\schemas
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\SchCache
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\Resources
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\PLA
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\Performance
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\L2Schemas
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\InputMethod
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\Globalization
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\Cursors
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\Branding
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\ProgramData\Comms
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\Program Files\Common Files\Services
2017-01-23 20:55 - 2017-01-23 20:55 - 00000000 ____D C:\Program Files (x86)\Windows NT
2017-01-23 20:55 - 2017-01-23 20:53 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-01-23 20:55 - 2017-01-23 20:53 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2017-01-23 20:55 - 2017-01-23 20:53 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2017-01-23 20:55 - 2017-01-23 20:53 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2017-01-23 20:55 - 2017-01-23 20:53 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-01-23 20:55 - 2017-01-23 20:53 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2017-01-23 20:55 - 2017-01-23 20:53 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2017-01-23 20:55 - 2017-01-23 20:53 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-01-23 20:55 - 2017-01-23 20:53 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-01-23 20:55 - 2017-01-23 20:53 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2017-01-23 20:55 - 2017-01-23 20:53 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
2017-01-23 20:55 - 2017-01-23 20:53 - 00000219 _____ C:\WINDOWS\system.ini
2017-01-23 20:55 - 2017-01-23 20:53 - 00000092 _____ C:\WINDOWS\win.ini
2017-01-23 20:54 - 2017-01-26 06:58 - 00000000 ____D C:\WINDOWS\INF
2017-01-23 20:43 - 2017-01-24 23:24 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-23 20:33 - 2017-01-26 05:33 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-01-23 20:33 - 2017-01-23 21:16 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-23 20:33 - 2017-01-23 21:00 - 00000000 ____D C:\WINDOWS\servicing
2017-01-23 20:33 - 2017-01-23 20:55 - 00000000 ____D C:\WINDOWS\system32\SMI
2017-01-23 20:33 - 2015-10-30 07:33 - 00000164 _____ C:\WINDOWS\system32\config\FP
2017-01-22 16:50 - 2017-01-22 16:52 - 00000000 ____D C:\Users\Dragonfly\Desktop\Neuer Ordner (2)
2017-01-20 05:39 - 2017-01-20 05:39 - 00000000 ____D C:\Users\Dragonfly\AppData\Temp
2017-01-20 05:32 - 2017-01-23 20:32 - 00002362 _____ C:\bdlog.txt
2017-01-20 05:30 - 2017-01-20 05:30 - 00000684 ____H C:\bdr-cf01
2017-01-20 05:29 - 2017-01-20 05:30 - 00253404 ____H C:\bdr-ld01
2017-01-20 05:29 - 2017-01-20 05:30 - 00009216 ____H C:\bdr-ld01.mbr
2017-01-20 05:29 - 2016-10-18 11:51 - 49758588 ____H C:\bdr-im01.gz
2017-01-20 05:29 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
2017-01-15 00:00 - 2017-01-23 20:29 - 00000000 ____D C:\Users\Dragonfly\Documents\13 in one Session
2017-01-15 00:00 - 2017-01-15 00:00 - 00000000 ____D C:\Users\Dragonfly\Documents\Sleepless & Destruction
2017-01-15 00:00 - 2017-01-15 00:00 - 00000000 ____D C:\Users\Dragonfly\Documents\Projects3
2017-01-15 00:00 - 2017-01-15 00:00 - 00000000 ____D C:\Users\Dragonfly\Documents\Projects in 2016
2017-01-15 00:00 - 2017-01-15 00:00 - 00000000 ____D C:\Users\Dragonfly\Documents\2016
2017-01-15 00:00 - 2017-01-14 14:01 - 00000110 ____H C:\Users\Dragonfly\Desktop\.~lock.TOM Bewerbung Krankenpfleger wbg.odt#
2017-01-15 00:00 - 2017-01-14 13:59 - 00017624 _____ C:\Users\Dragonfly\Desktop\TOM Lebenslauf.odt
2017-01-15 00:00 - 2017-01-05 11:32 - 00006869 _____ C:\Users\Dragonfly\Desktop\TOM Bewerbung Krankenpfleger wbg.odt
2017-01-15 00:00 - 2016-10-26 17:46 - 00020499 _____ C:\Users\Dragonfly\Desktop\TOM Bewerbung Krankenpfleger.odt
2017-01-15 00:00 - 2016-07-17 15:12 - 00185700 _____ C:\Users\Dragonfly\Documents\Daso_Version 2.flp
2017-01-15 00:00 - 2013-06-10 18:59 - 00015014 _____ C:\Users\Dragonfly\Desktop\TOM Bewerbung Lehre Wasserburg.odt
2017-01-15 00:00 - 2013-06-03 20:43 - 00014689 _____ C:\Users\Dragonfly\Desktop\TOM Bewerbung Lehre.odt
2017-01-15 00:00 - 2010-06-15 22:26 - 00102759 _____ C:\Users\Dragonfly\Documents\needspweed2.flp
2017-01-15 00:00 - 2010-06-10 16:09 - 00126729 _____ C:\Users\Dragonfly\Documents\wooly days neuer bass.flp
2017-01-15 00:00 - 2010-05-28 20:52 - 00100757 _____ C:\Users\Dragonfly\Documents\melodie.flp
2017-01-15 00:00 - 2010-02-10 19:58 - 00274250 _____ C:\Users\Dragonfly\Documents\Neustart4.flp
2017-01-14 23:59 - 2017-01-14 23:59 - 00000000 ____D C:\Users\Dragonfly\Documents\Acid Trumpet - becomming shroom
2017-01-14 23:59 - 2017-01-14 23:59 - 00000000 ____D C:\Users\Dragonfly\Desktop\Faithless
2017-01-14 14:09 - 2017-01-14 14:09 - 00018268 _____ C:\Users\Dragonfly\Documents\TOM Bewerbung Krankenpfleger wbg.odt
2017-01-11 17:15 - 2016-12-21 10:01 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 17:15 - 2016-12-21 10:01 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-01-11 17:15 - 2016-12-21 09:25 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-01-11 17:15 - 2016-12-21 08:18 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-01-11 17:15 - 2016-12-21 07:56 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-01-11 17:15 - 2016-12-21 06:41 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-11 17:15 - 2016-12-21 06:39 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 17:15 - 2016-12-21 06:15 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 17:15 - 2016-12-21 06:06 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-11 17:15 - 2016-12-21 06:03 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 17:15 - 2016-12-21 05:48 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 17:15 - 2016-10-25 07:55 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-12-30 23:49 - 2017-01-09 13:26 - 00000000 ____D C:\Users\Dragonfly\Documents\hummel
2016-12-28 14:50 - 2016-12-28 14:51 - 00311294 _____ C:\Users\Dragonfly\Documents\goa drogen4 blue.png
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-01-26 06:54 - 2016-07-25 18:44 - 00000000 __SHD C:\Users\Dragonfly\IntelGraphicsProfiles
2017-01-26 06:13 - 2016-07-30 00:38 - 00000000 ___RD C:\Users\Dragonfly\OneDrive
2017-01-24 14:47 - 2016-04-27 06:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-24 13:43 - 2016-10-04 11:27 - 00000000 ___HD C:\$SysReset
2017-01-24 12:36 - 2016-07-27 22:08 - 00000000 ____D C:\Fruity Loops Studio 8
2017-01-24 09:09 - 2016-11-18 07:18 - 01457312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Dragonfly\Desktop\procexp64.exe
2017-01-24 07:51 - 2016-11-18 07:26 - 02720928 _____ (Sysinternals - www.sysinternals.com) C:\Users\Dragonfly\Desktop\procexp.exe
2017-01-23 21:24 - 2010-11-21 08:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-01-23 20:50 - 2015-10-30 08:17 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2017-01-23 20:29 - 2016-08-09 18:42 - 00000000 ____D C:\Users\Dragonfly\Documents\Projects
2017-01-23 20:29 - 2016-07-30 23:04 - 00000000 ___RD C:\Users\Dragonfly\Desktop\-
2017-01-23 19:36 - 2016-11-18 17:23 - 00000000 ____D C:\Users\Dragonfly\AppData\LocalLow\Mozilla
2017-01-17 15:54 - 2016-10-07 14:14 - 00000000 ____D C:\Users\Dragonfly\dwhelper
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-01-24 01:16 - 2017-01-26 11:43 - 0007623 _____ () C:\Users\Dragonfly\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-01-24 14:03
==================== Ende von FRST.txt ============================
addition:FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
durchgeführt von Dragonfly (26-01-2017 13:17:27)
Gestartet von C:\Users\Dragonfly\Desktop
Windows 10 Home Version 1511 (X64) (2017-01-23 20:26:00)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-614321186-1851163967-905647231-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-614321186-1851163967-905647231-503 - Limited - Disabled)
Dragonfly (S-1-5-21-614321186-1851163967-905647231-1000 - Administrator - Enabled) => C:\Users\Dragonfly
Gast (S-1-5-21-614321186-1851163967-905647231-501 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 12.2 - Emsisoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.123 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.15.0414.1 - Vimicro)
Microsoft OneDrive (HKU\S-1-5-21-614321186-1851163967-905647231-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 369.09 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-614321186-1851163967-905647231-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {50EB80B4-0793-4AD7-880B-13CF2D3CE57A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-23] (Google Inc.)
Task: {FC35B7C5-F263-4BA7-B430-A22F1D73449E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-23] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 ____N () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-01-23 21:17 - 2016-08-01 13:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-09 01:24 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-09 01:24 - 2016-10-25 10:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-27 06:17 - 2016-04-27 06:17 - 00093696 ____N () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-30 00:41 - 2016-07-30 00:41 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-09 01:25 - 2016-10-25 08:01 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-11-09 01:24 - 2016-10-25 05:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 01:24 - 2016-10-25 05:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 01:24 - 2016-10-25 05:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 01:24 - 2016-10-25 05:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2017-01-23 20:55 - 2017-01-23 20:53 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-614321186-1851163967-905647231-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dragonfly\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run32: => "331BigDog"
HKU\S-1-5-21-614321186-1851163967-905647231-1000\...\StartupApproved\Run: => "OneDrive"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [TCP Query User{8CBE30B3-3F2F-4176-989A-9E75DC62C734}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{9A88D860-93D4-4126-B30F-FFE0235DA3DD}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
==================== Wiederherstellungspunkte =========================
23-01-2017 22:09:56 Microsoft Visual C++ 2005 Redistributable (x64) wird installiert
24-01-2017 17:30:29 JRT Pre-Junkware Removal
24-01-2017 17:42:52 JRT Pre-Junkware Removal
26-01-2017 05:56:29 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Mikrofon (High Definition Audio-Gerät)
Description: Audioendpunkt
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kerneldebugger-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WLAN
Description: Generisches Softwaregerät
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Lenovo EasyCamera
Description: Lenovo EasyCamera
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Chicony
Service: vm331avs
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Qualcomm Atheros AR3012 Bluetooth 4.0
Description: Qualcomm Atheros AR3012 Bluetooth 4.0
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft GS Wavetable Synthesizer
Description: Generisches Softwaregerät
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft Wi-Fi Direct Virtual Adapter
Description: Virtueller Microsoft-Adapter für direktes WiFi
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (01/26/2017 06:45:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: a2service.exe, Version: 12.2.0.7060, Zeitstempel: 0x5863af1f
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10586.672, Zeitstempel: 0x580ee321
Ausnahmecode: 0xc000070a
Fehleroffset: 0x00000000000f5639
ID des fehlerhaften Prozesses: 0x658
Startzeit der fehlerhaften Anwendung: 0x01d2778d63fbc6fb
Pfad der fehlerhaften Anwendung: C:\Program Files\Emsisoft Anti-Malware\a2service.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 0f435fc1-86fe-453e-925f-55c94b9a1ab8
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (01/26/2017 05:57:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MicrosoftEdge.exe, Version: 11.0.10586.713, Zeitstempel: 0x5833ee87
Name des fehlerhaften Moduls: CoreUIComponents.dll, Version: 0.0.0.0, Zeitstempel: 0x580ee036
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000782b7
ID des fehlerhaften Prozesses: 0x1340
Startzeit der fehlerhaften Anwendung: 0x01d2778dc283dab4
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\CoreUIComponents.dll
Berichtskennung: 2282fea6-9489-4570-9b3e-1a40663ab0d3
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge
Error: (01/26/2017 05:56:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (01/25/2017 03:38:03 PM) (Source: MsiInstaller) (EventID: 1013) (User: Dragonfly-PC)
Description: Produkt: League of Legends -- Eine aktuellere Version von League of Legends ist bereits auf Ihrem Computer installiert.
Error: (01/24/2017 05:43:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (01/24/2017 05:31:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MicrosoftEdge.exe, Version: 11.0.10586.713, Zeitstempel: 0x5833ee87
Name des fehlerhaften Moduls: CoreUIComponents.dll, Version: 0.0.0.0, Zeitstempel: 0x580ee036
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000782b7
ID des fehlerhaften Prozesses: 0x146c
Startzeit der fehlerhaften Anwendung: 0x01d2765f54e9f7e4
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\CoreUIComponents.dll
Berichtskennung: 65463d9a-2c29-4477-bb01-c15eeec7bdd1
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_25.10586.672.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge
Error: (01/24/2017 05:30:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (01/24/2017 04:54:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dragonfly-PC)
Description: Bei der Aktivierung der App „Microsoft.WindowsStore_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (01/24/2017 12:38:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FL.exe, Version: 0.0.0.0, Zeitstempel: 0x47af175d
Name des fehlerhaften Moduls: combase.dll, Version: 10.0.10586.103, Zeitstempel: 0x56a84cbb
Ausnahmecode: 0xc0000602
Fehleroffset: 0x0005704a
ID des fehlerhaften Prozesses: 0x16e8
Startzeit der fehlerhaften Anwendung: 0x01d276363299e2c8
Pfad der fehlerhaften Anwendung: C:\Fruity Loops Studio 8\FL.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\combase.dll
Berichtskennung: 0512a8fb-955c-4c95-9347-8b48d5e0437d
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (01/24/2017 09:08:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dragonfly-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Systemfehler:
=============
Error: (01/26/2017 07:00:26 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Netzwerkverbindungsbroker" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (01/26/2017 07:00:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/26/2017 07:00:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Automatische WLAN-Konfiguration" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/26/2017 07:00:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Diagnosesystemhost" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/26/2017 07:00:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/26/2017 07:00:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/26/2017 07:00:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/26/2017 07:00:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Netzwerkverbindungsbroker" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/26/2017 07:00:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Eingabegerätedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/26/2017 07:00:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Audio-Endpunkterstellung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2017-01-26 05:36:03.577
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-24 23:35:30.374
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-24 23:35:30.359
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-24 20:41:14.474
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-24 17:39:50.722
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-24 16:38:18.861
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-24 14:59:41.372
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-24 14:45:39.051
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-01-24 14:44:27.574
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-24 01:56:04.124
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 8053.6 MB
Verfügbarer physikalischer RAM: 5930.02 MB
Summe virtueller Speicher: 9973.6 MB
Verfügbarer virtueller Speicher: 7720.07 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:930.91 GB) (Free:859.95 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9BCA118F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=511 MB) - (Type=27)
==================== Ende von Addition.txt ============================
das sin laut processexplorer die strings von emisoft. genauer von der a2service.exe. da steht irgendwas von versteckten Bedrohungen auf einer anderen partition und wie emisoft manipuliert wird um die zu erhalten. also zumindest vesteh ich das so^^ Code:
ATTFilter orceX86
Unknown (%d.%d)
Path does not exists
Removable
Fixed
Remote
CD_ROM
RAMDISK
Unknown
-> DeviceToDrive(%s)
<- DeviceToDrive(%s): %s
\Device\Mup\;LanmanRedirector\
\Device\LanmanRedirector\
\Device\Mup\
Fixed
Removable
Remote
CD_ROM
RAMDISK
\Device\HarddiskDmVolumes\
\Device\Mup\
Fixed
Removable
-> GetProcessFilenameNT(PID: %d)
<- GetProcessFilenameNT(PID: %d): %s
-> GetProcessFilename(PID: %d)
<- GetProcessFilename(PID: %d): %s
SYSNATIVE\
\SysNative\
\System32\
SYSTEM32\
\System32\
\SysNative\
-> IsDriveNetWork(FileName: String): Boolean
Val: FileName =
Result =
<- IsDriveNetWork(FileName: String): Boolean
-> GetModulesListVista(DWord: Integer): String
Val: PID =
Result =
<- GetModulesListVista(DWord: Integer): String
-> GetModulesListNT(PID: DWord): String
Val: PID =
Result =
<- GetModulesListNT(PID: DWord): String
-> GetModulesStringList(PID: DWord): String
Val: PID =
Result =
<- GetModulesStringList(PID: DWord): String
-> GetTokenElevationType(): TTokenElevationType
<- GetTokenElevationType(): TTokenElevationType
GenerateDebugOutput
-> IsDirectoryALink(%s)
INVALID_FILE_ATTRIBUTES detected for %s, error code %d
FILE_ATTRIBUTE_REPARSE_POINT detected for %s
<- IsDirectoryALink(): %s
SrClient.dll
SRSetRestorePointW
kernel32.dll
IsWow64Process
ORAT: Deleting dir
ORAT: Directory deleted successfully
ORAT: DeleteDir
SOFTWARE\Emsi Software GmbH
MakeSureDirectoryExists: %s
Windows
explorer.exe
.dll,
.exe,
System32\
%SystemRoot%\System32\
\SystemRoot\
%SystemRoot%\
%windir%
SOFTWARE\Emsi Software GmbH
GenerateDebugOutput
ServiceTestMode
OsUnit.Initialization finished
-> LoadLibraryLogged()
LoadLibraryEx failed:
<- LoadLibraryLogged('%s'->'%s') = %d; dll version: %s(%d)
-> UnloadLibraryLogged(%d, '%s')
<- UnloadLibraryLogged(%d)= %s
a2AntiMalware
a2Cmd
a2framework.dll
PrepareShutdown
InitializeClientPipe
-> StopLocalService(ServiceName: String): Boolean
Val: ServiceName =
Result =
<- StopLocalService(ServiceName: String): Boolean
-> StopLocalServiceTimeOut('%s', %d): Boolean
<- StopLocalServiceTimeOut(...) = %s
-> StartLocalService(ServiceName: String): Boolean
Val: ServiceName =
Result =
<- StartLocalService(ServiceName: String): Boolean
-> GetAccountBySID(ServerName: String; aSID: PSID): String
Val: ServerName =
Erroneus SID!
Result =
<- GetAccountBySID(ServerName: String; aSID: PSID): String
-> TServiceManager.PauseService()
<- TServiceManager.PauseService()
-> TServiceManager.StopService(): Boolean
StopService failed
<- TServiceManager.StopService(): Result = %s
-> TServiceManager.ContinueService()
<- TServiceManager.ContinueService()
-> TServiceManager.ShutdownService()
<- TServiceManager.ShutdownService()
-> TServiceManager.StartService(): Boolean
Result =
<- TServiceManager.StartService(): Boolean
-> TServiceManager.StartService(NumberOfArgument: DWord; ServiceArgVectors: PChar): Boolean
Val: NumberOfArgument =
Val: ServiceArgVectors =
Result =
<- TServiceManager.StartService(NumberOfArgument: DWord; ServiceArgVectors: PChar): Boolean
-> TServiceManager.ListServices()
.exe
<- TServiceManager.ListServices()
-> TServiceManager.GetServiceExecutablePath(): String
Result =
<- TServiceManager.GetServiceExecutablePath(): String
-> TServiceManager.GetStartType(): DWord
Result =
<- TServiceManager.GetStartType(): DWord
-> TServiceManager.ServiceStopped(): Boolean
Result =
<- TServiceManager.ServiceStopped(): Boolean
-> TServiceManager.DoStartService(NumberOfArgument: DWord; ServiceArgVectors: PChar): Boolean
Val: NumberOfArgument =
Val: ServiceArgVectors =
Result =
<- TServiceManager.DoStartService(NumberOfArgument: DWord; ServiceArgVectors: PChar): Boolean
-> UpdateSvcDacl('%s')
<- UpdateSvcDacl(ServiceName: PChar)
Removing service:
Stopping...
Waiting for stop...
Stopped ok, removing...
Removed successfully
Remove FAILED:
-> IsServiceRunning('%s','%s'): boolean
<- IsServiceRunning('%s','%s'): Result = %s
STOPPED
START_PENDING
STOP_PENDING
RUNNING
CONTINUE_PENDING
PAUSE_PENDING
PAUSED
SERVICE_
UNKNOWN
-> LocalServiceImagePath()
<- LocalServiceImagePath('%s')= '%s'
-> RemoveLocalService()
<- RemoveLocalService('%s')= %s
EPPCU: Updating config of A2ACC
epplib.dll
EPPCU: Library loaded
A2ACCUpdateConfiguration
EPPCU: Function found
EPPCU: Function called and returned success
UpdateA2AccConfiguration: function returned error %d
EPPCU: Function NOT found
EPPCU: Failed to load library
UpdateA2AccConfiguration
EPPCU: Updating config of CE
clean.dll
EPPCU: Library loaded
CEUpdateConfiguration
EPPCU: Function found
EPPCU: Function called and returned success
UpdateCleaningEngineConfiguration: function returned error %d
EPPCU: Function NOT found
EPPCU: Failed to load library
UpdateCleaningEngineConfiguration
EPPCU: Updating config of BBCore
a2core.dll
CoreInitialize
EPPCU: Library loaded
UpdateServices
EPPCU: Function found
EPPCU: Function called and returned success
UpdateBBCoreConfiguration: function returned false
EPPCU: Function NOT found
CoreUninitialize
EPPCU: Failed to load library
UpdateBBCoreConfiguration
EPPCU: Updating config of DDA
a2engine.dll
EPPCU: Library loaded
UpdateDdaDriver
EPPCU: Function found
EPPCU: Function called and returned success
UpdateDDAConfiguration: function returned error %d
EPPCU: Function NOT found
EPPCU: Failed to load library
UpdateDDAConfiguration
EPPCU: EPP update procedure started
EPPCU: EPP update procedure finished successfully
EPPCU: EPP update procedure finished. One or more failures detected
EPPCU: UpdateEppConfigurationEx failed
.old
a2acc.dll.old
cleanhlp32.dll.old
a2acc.dll
cleanhlp32.dll
epp.sys
a2accx86.sys
a2accx64.sys
EPPCU: EPP update procedure initiated after move to EPP driver
EPPCU: Stopping and removing old services
a2acc
a2injectiondriver
a2dda
a2util
cleanhlp
EPPCU: All service removal finished
EPPCU: EPP update procedure finished, RebootRequired = %s
EPPCU: removing obsolete files...
a2dix86.dll.old
a2dix64.dll.old
CleanHlp32.dll.old
a2engine.dll.old
a2core32.dll.old
a2util32.sys
a2util64.sys
a2ddax86.sys
a2ddax64.sys
cleanhlp32.sys
cleanhlp64.sys
EPPCU: remove done
epp32.sys
OECU: Removing obsolete files of old EPP...
a2dix64.dll
a2dix86.dll
epp.inf
epp64.sys
frme32.dll
frme64.dll
frme.dll
OECU: obsolete EPP files removed
A-SQUARED_PIPE
{F52E197D-628E-4C20-ABD0-B1C9B7F3EB3C}
\PIPE\
Connected. Protocol ver. 2
Connected
Code:
ATTFilter DBIntegrity
Stopping CacheThread for %s...
CacheThread is stopped
CREATE INDEX IF NOT EXISTS %s ON %s(%s);
DROP INDEX IF EXISTS %s;
UPDATE DBIntegrity SET LastSentID =
WHERE TableName = "
TLogsTable.GetMaxID
SELECT MAX(ID) FROM
TLogsTable.GetMinID
SELECT MIN(ID) FROM
GetMinID =
"table_info"(
TLogsTable.ExecuteSQL
asc
desc
%s order by %s %s limit %d
select * from %s where (id %s %d) %s
select * from %s where (id %s %d) and (id %s %d) %s
select max(id) from %s where (1 = 1) %s
select min(id) from %s where (1 = 1) %s
delete from %s where (id = %d) %s
delete from %s where (1 = 1) %s
select id from %s where (id > %d) %s order by id asc limit 1
select id from %s where (id < %d) %s order by id desc limit 1
TLogsTable.DoAction
TLogsTable.GetNextRows
TLogsTable.GetNextID
TLogsTable.GetSQLResult
UPDATE %s SET RecordsLimit = %d WHERE TableName = '%s';
TEXT
UPDATE
SET
WHERE
CREATE TABLE IF NOT EXISTS
Date
PRIMARY KEY
NOT NULL
INTEGER
DEFAULT
DEFAULT '
INSERT INTO DBIntegrity(TableName, Revision) VALUES('%s', %d);
CREATE TRIGGER
_AfterInsert AFTER INSERT ON
BEGIN
UPDATE
SET Date = CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END,
StrDate = DateTime(CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END, 'unixepoch')
WHERE ROWID = New.ROWID;
DELETE FROM
WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = '
') = 0 THEN 0
ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='
') END;
END;
DROP TABLE IF EXISTS
_Temp;
ALTER TABLE
RENAME TO
DELETE FROM
DROP TABLE
DELETE FROM %s WHERE TableName='%s';
INSERT INTO
SELECT
FROM
ALTER TABLE
ADD COLUMN
NOT NULL
DEFAULT
SELECT Revision FROM %s WHERE TableName='%s'
UPDATE DBIntegrity SET Revision=%d WHERE TableName='%s'
Cache thread started for %s
SELECT %s FROM %s WHERE %s='%s'
TLogsTable.FillRecordData
TLogsTable.FlushCache: %s
BEGIN TRANSACTION;
END TRANSACTION;
TLogsTable.GetValue_Str16
TLogsTable.GetLastInsertRowID
DBIntegrity
LastSentID
TableName
CDBSL: 2
CDBSL: 3
CDBSL: 4
CDBSL: 7
CDBSL: 8
CDBSL: 9
CDBSL: 10
TDatabaseItem.Destroy
INTEGER
-> TLogsCacheFlushThread.RunThreaded()
fired by TLogsCacheFlushThread
<- TLogsCacheFlushThread.RunThreaded()
INTEGER
Event
TEXT
Type
Date
Details
Source
StrDate
InfectionName
Location
InfectionType
RiskLevel
Action
Unic
SystemLogs
INTEGER
INSERT INTO %s(Type, InfectionName, Location, Unic, InfectionType, RiskLevel, Action, Source)VALUES(%d, '%s', '%s', '%s', %d, %d, %d, %d);
INSERT INTO %s(Event, Details, Type, Source, Location, InfectionType, Action)VALUES("%s", "%s", %d, %d, "%s", %d, %d);
INTEGER
Date
StrDate
TEXT
Event
FileName
PID
Infection
Info
Unic
IDSLogs
INTEGER
INSERT INTO %s(Event, FileName, PID, Infection, Info, Unic) VALUES(%d, '%s', %d, %d, '%s', '%s');
SP Event
IDS Event
TIDSLogsTable.Insert: Warning: log item with Infection=%d was not inserted.
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/
a2rules.ini
a2policies.ini
a2whitelist.ini
a2settings.ini
a2email.ini
a2networks.ini
a2scheduler.ini
Revision
SectionType
~Editor
~RevertEnabled
SHA1
GUID
Action
Worm
Dialer
Backdoor
Hijacker
Inject
Downloader
Spyware
Service
KeyLogger
Startup
HiddenInstall
Virus
Hosts
Rootkit
BrowserSettings
Debugger
RemoteControl
DirectDiskAccess
SystemPolicies
Exploit
CryptoMalware
FirewallInMode
FirewallOutMode
Protect
ID_PROTECT
Hash
ID_UPDATE_SHA1
Updated
ID_UPDATE
Inserted
ID_INSERT
FirewallInEnabled
FW_IN_ENABLED
FirewallOutEnabled
FW_OUT_ENABLED
BehaviorBlockerEnabled
BB_ENABLED
Name
Index
Type
Protocol
Resolution
Direction
NetworkType
Ports
Addresses
ObjectName
Enabled
ExecSecurityCenter
ID_EXEC_SC
ExecCmdLineScanner
ID_EXEC_CLS
CloseGuard
ID_CLOSE_GUARD
StartFileGuardScan
ID_START_OES
StartMalwareIDS
ID_START_IDS
StartSurfProtection
ID_START_CM
StartScheduledScan
ID_START_SS
StartAutoUpdate
ID_START_AU
EditQuarantinedObj
ID_EDIT_QO
EditGuardSettings
ID_EDIT_GS
EditAppRules
ID_EDIT_AR
EditHostRules
ID_EDIT_CR
EditSheduledScans
ID_EDIT_SS
EditAutoUpdate
ID_EDIT_AU
EditLicensing
ID_EDIT_LIC
ChangeLanguage
ID_EDIT_LANG
QuarantineFoundObj
ID_QUAR_FO
DeleteFoundObj
ID_DAL_FO
EditCommunity
ID_EDIT_COMMUNITY
EditFirewallRules
ID_EDIT_FR
StartFirewall
ID_START_FW
ResetImportSettings
ID_RESET_ST
EditPrivacySettings
ID_EDIT_PR
EditExclusions
ID_EDIT_EXC
Type
Exclusion
RealtimeDetection
QuarantineDirectory
CleanedDirectory
ScanIncoming
ScanOutgoing
AddResultsFooter
RealtimeDetectionResponse
SectionsCount
Language
Initialized
HideRewards
HideLikeUs
Product
EAM
RulesSortCol
RulesSortOrdr
WinFirewallPrevST
WSCRegistred
WSCAllowed
HideFullTrustedRules
QuarantineSortCol
QuarantineSortOrdr
NotifyNewVersion
InitScanComplete
HideFullTrustedProcs
SrvCrWSCh
StartupFApplied
StartupProtection
ExplorerIntegration
PreloadingDisable
ChangeConfirmation
RescanQOnStart
RemindPCRestart
Length
Code:
ATTFilter www
www
www
wwwwww
wwwwwp
pppppw
CQ3R3R3R-L
8R3R3R3R3R3-
3R3R3R3R3R3R3RU%
LQ3R3R3R3R3R3R3R3R3(
'3R3R3R3R3R3R3R3R3R3RPG
Q3R3R3R3R3R3R3R3R3R3R3R3
(3R3R3R3R3R3R3R3R3R3R3R3R3RP]
6R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
Q3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3Q
N3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3A
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R1
-3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3U
PR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R6
VQR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R-
33R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3P%
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RQ
33R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3Q%
]3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RP%
33R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3P
Q3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3-
P3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R36
83R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3K
UR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R[
\3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3C
C3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3
33R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3P
P3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3K
U3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3.
.R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R33
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R-
-3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3\
13R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3]
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3-
P3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3
(R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R33%
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RW
83R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3G
!R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3-
Q3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3A
[3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RQ
33R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3.
N3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RQ
%3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
'3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RQ
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R33A
>R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3P
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
(3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R%
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3(
PR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3Q
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
'R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3U
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3Y
83R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RU
%R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3
M3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RD
8R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3N
%R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RQ
A3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
WR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3?
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3W
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3
\R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3
-3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RA
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R33>
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RQ
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R1
G3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3
?R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3
'3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
-3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R%
/ P6pL
,/KPip
/-P?pR
/ P6pL
,/KPip
/-P?pR
/ P6pL
,/KPip
/-P?pR
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
V3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3(
LR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RN
?3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3K
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R6
K3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3P
c3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
-R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RR
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R%
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3%
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RR3
%R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RR
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3X
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3-
XR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
-3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3'
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3\
>3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RR.
\3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3Y
M3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RR]
D3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3%
V3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RR
RR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RR33
3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R6
PR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RN
UR3R3R3R3R3R3R3R3R3R3R3R3RR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RR?
\3R3R3R3R3R3R3RR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R
3R3R3R3R3R3R33R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3
VR3R3R3R3R3R3RRRRR3R3RR3R3RR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RR3RR3R3RR33RRR3R3R3RRR3R3R3R3R
R3R3R3R3R3R3333R3R333RR3R3R3RR3RR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RRR33R3RR3RRR33R3R3RR333R3R3R3R3P
QR3R3R3R3R3R3RRRR3R3RRR3R3RR3R33RR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R33RRRR3R3RRRRRR3RRR3RRR3R3RR3R'
WR3RR3RR3R3RX8>\[M
1'83R3RRR333R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RRRRRRQW1.CG
\U-RRR3R333R3R
[RR3R3RQ'MV
%G\8RRRRR3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RRR38[
A>XRRRRRR
RRR-
R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3R3RR3R6
[PRR3
QR3R3R3R3R3R3R3R3R3R3R3R3R3R3RR3R3R3R3\%
PR3R3R3R3R3R3R3R3R3R3R3R3R3R3RR3RQ.
AQR33R3R3R3R3R3R3R3R3R3R3R33RR3[
1R3R3R3R3R3R3R3R3R3R3R3R3RRU
-3R3R3R3R3R3R3R3R3R3R3RQD
3R3R3RR3R3R3R3R3R3RRW
Y3R3R3R3R3R3R3RR3R3
P3R3R3R3R3R333RXG
6RR3R3R3R3RRRP
WR3R3R3R33R8
URRR3R3R38
UR3R33R8
RR3R-
6RRP
LM(NN>
JEK
HOOM)
7NOOOOOC
COOOOOOOOL
HOOOOONOOOOO&
IOOOONC<LOONNN)
GOOOOK1#"(@OOONN
COOOOD("""""5MNNNN
5OOOOA%"""""""/LONNG
OOOOC%"""""""""/MNNN6
HOOOF%"""""""""""5NNNN
-ONOM+"""""""""""""?NNNB
MOOO9""""""""""""""'KNNN
,OONH%"""""""""""""""7NNN=
JOOO5""""""""""""""""%KNNN
OOOK%"""""""""""""""""<NNN'
:OOO<"""#"#""""""""""""-NNNA
LOON1""""""""""""""""""#KNNN
NOOM%""#"#"#""""""""""""BNNN
%OOOE#""""""""""""""""""";NNN&
6OOO@"#"#"#"#""""""""""""6NNN5
AOOO:#"#"#"#"#"""""""""""1NNN>
LOOO9#"#"#"#"#"""""""""""0NNNF
NOOO8#"#"#"#"#"""""""""""0NNNM
OOOO9#"#"#""#""""""""""""1NNNN
OOOO:"#"##"#"#"""""""""""4NNNN
OOOO?#""#"#"#""""""""""""9NNNN
OOOOC#"#"#"#"#""""""""""">NONI
NOOOJ'38;7/#"#""""#.8<:4'DNNNB
GOOOOMOOOOOG4""""3GNNNNOMNNON;
=OOOOOOOOOOON>##=NONNNNNNONNN/
3OOOOOOOOOOOOO@?ONNNNNNONNNNN!
"NOMDADKNNOOOOONNNONNNE@?CMNN
+JOOONNONNC
1NOONNJ
LNNC
;OOOOA
AOOOCOOO
BOO;(#
OOC
,COC
BOC
COC
OOC
COO$
COA
BOO2475*
:OOOOOOO:"!:OOOOOOO3
1OOOOOOOO<;OOOOOOOO)
5COOOOC,
!Do AcquireCredentialsHandle first"CompleteAuthToken is not supported
ZLib Error (%d)NUnable to retrieve a pointer to a running object registered with OLE for %s/%s
The domain controller certificate used for smartcard logon has been revoked. Please contact your system administrator with the contents of your system event log.IA signature operation must be performed before the user can authenticate.AOne or more of the parameters passed to the function was invalid.DClient policy does not allow credential delegation to target server.bClient policy does not allow credential delegation to target server with NLTM only authentication.1The recipient rejected the renegotiation request.-The required security context does not exist.`The PKU2U protocol encountered an error while attempting to utilize the associated certificates.:The identity of the server computer could not be verified.
Unknown error#SSPI %s returns error #%d(0x%x): %s0SSPI interface has failed to initialise properly
No PSecPkgInfo specified
No credential handle acquiredBCan not change credentials after handle aquired. Use Release first
Unknown credentials use
The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.7Client's supplied SSPI channel bindings were incorrect.9The received certificate was mapped to multiple accounts.
SEC_E_NO_KERB_KEY5The certificate is not valid for the requested usage.
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.
The smartcard certificate used for authentication has been revoked. Please contact your system administrator. There may be additional information in the event log.
An untrusted certificate authority was detected While processing the smartcard certificate used for authentication. Please contact your system administrator.
The revocation status of the smartcard certificate used for authentication could not be determined. Please contact your system administrator.lThe smartcard certificate used for authentication was not trusted. Please contact your system administrator.hThe smartcard certificate used for authentication has expired. Please contact your system administrator.
The Kerberos subsystem encountered an error. A service for user protocol request was made against a domain controller which does not support service for user.
An attempt was made by this server to make a Kerberos constrained delegation request for a target outside of the server's realm. This is not supported, and indicates a misconfiguration on this server's allowed to delegate to list. Please contact your administrator.
The revocation status of the domain controller certificate used for smartcard authentication could not be determined. There is additional information in the system event log. Please contact your system administrator.
An untrusted certificate authority was detected while processing the domain controller certificate used for authentication. There is additional information in the system event log. Please contact your system administrator.
The domain controller certificate used for smartcard logon has expired. Please contact your system administrator with the contents of your system event log.
mThe client is trying to negotiate a context and the server requires user-to-user but didn't send a TGT reply.aUnable to accomplish the requested task because the local machine does not have any IP addresses.bThe supplied credential handle does not match the credential associated with the security context.]The crypto system or checksum function is invalid because a required function is unavailable.9The number of maximum ticket referrals has been exceeded.KThe local machine must be a Kerberos KDC (domain controller) and it is not.qThe other end of the security negotiation is requires strong crypto but it is not supported on the local machine.5The KDC reply contained more than one principal name.OExpected to find PA data for a hint of what etype to use, but it was not found.
The client certificate does not contain a valid UPN, or does not match the client name in the logon request. Please contact your administrator.-Smartcard logon is required and was not used.!A system shutdown is in progress.'An invalid request was sent to the KDC.DThe KDC was unable to generate a referral for the service requested.:The encryption type requested is not supported by the KDC.QAn unsupported preauthentication mechanism was presented to the Kerberos package.
lThe credentials supplied were not complete, and could not be verified. The context could not be initialized.1The buffers supplied to a function was too small.
The credentials supplied were not complete, and could not be verified. Additional information can be returned from the context.4The context data must be renegotiated with the peer.'The target principal name is incorrect.:There is no LSA mode context associated with this context.8The clocks on the client and server machines are skewed.;The certificate chain was issued by an untrusted authority.7The message received was unexpected or badly formatted.;An unknown error occurred while processing the certificate.%The received certificate has expired.*The specified data could not be encrypted.*The specified data could not be decrypted.YThe client and server cannot communicate, because they do not possess a common algorithm.
The security context could not be established due to a failure in the requested quality of service (e.g. mutual authentication or delegation).dA security context was deleted before the context was completed. This is considered a logon failure.^The security package is not able to marshall the logon buffer, so the logon attempt has failedNThe per-message Quality of Protection is not supported by the security package?The security context does not allow impersonation of the client
The logon attempt failed;The credentials supplied to the package were not recognized4No credentials are available in the security packageCThe message or signature supplied for verification has been altered8The message supplied for verification is out of sequence3No authority could be contacted for authentication.UThe function completed successfully, but must be called again to complete the contextEThe function completed successfully, but CompleteToken must be calledtThe function completed successfully, but both CompleteToken and this function must be called to complete the contextsThe logon was completed, but no network authority was available. The logon was made using locally known information-The requested security package does not exist2The context has expired and can no longer be used.DThe supplied message is incomplete. The signature was not verified.
Connect Loop
Connect Error
Connect Failed
Connect Exit
Handshake Start
Handshake Done
Successfull API call7Not enough memory is available to complete this request
The handle specified is invalid'The function requested is not supported.The specified target is unknown or unreachable0The Local Security Authority cannot be contacted-The requested security package does not exist6The caller is not the owner of the desired credentialsBThe security package failed to initialize, and cannot be installed-The token supplied to the function is invalid
SSL negotiation failed.
Invalid Reply String.
Invalid Reply Class.
Unsupported operation./Could not encode header data using charset "%s"
Failed to load %s.
Mode has not been set.
Could not load SSL library.
SSL status: "%s"
%s Alert
%s Read Alert
%s Write Alert
Accept Loop
Accept Error
Accept Failed
Accept Exit
Error getting SSL method.%Error setting File Descriptor for SSL!Error binding data to SSL socket.+EOF was observed that violates the protocol
Message decoder not found
|
|
26.01.2017, 15:28
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,...... Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte: 1. Schritt: MBAM Downloade Dir bitte  Malwarebytes Anti-Malware
2. Schritt: ESET ESET Online Scanner
3. Schritt: SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.01.2017, 15:28
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,...... Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte: 1. Schritt: MBAM Downloade Dir bitte Malwarebytes Anti-Malware
2. Schritt: ESET ESET Online Scanner
3. Schritt: SecurityCheck Downloade Dir bitte SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.01.2017, 01:55
| #24 |
| | rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,...... erst mal mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 26.01.2017 Suchlaufzeit: 16:57 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2017.01.26.04 Rootkit-Datenbank: v2016.11.20.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Dragonfly Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 316666 Abgelaufene Zeit: 11 Min., 27 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d7b48b1497b8184bb1ed6e805abf9242
# end=init
# utc_time=2017-01-26 04:10:34
# local_time=2017-01-26 05:10:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 32198
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d7b48b1497b8184bb1ed6e805abf9242
# end=updated
# utc_time=2017-01-26 04:13:05
# local_time=2017-01-26 05:13:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d7b48b1497b8184bb1ed6e805abf9242
# engine=32198
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-01-26 05:41:33
# local_time=2017-01-26 06:41:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 165751 39266636 0 0
# scanned=241996
# found=1
# cleaned=0
# scan_time=5308
sh=619F85EB71F5EED638BA4C74FF199A22E463A794 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L eventuell unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-614321186-1851163967-905647231-1000\$R8F48ZM.msi"
|
|
27.01.2017, 09:41
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,......Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.01.2017, 15:24
| #26 |
| | rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,...... also könnt ihr mir auch nicht helfen?? dann hätte ich wie geplant lieber gleich wieder mit dbam alles plat gemacht als das noch ging. dürft inzwischen da mein pc schon lange nicht mehr mir gehört wieder ziemlich schwierig wird gespräch in den strings hat so ausgeschaut: komische zeichen info die ich nich versteh %s %d ... do you want that this all ends? just say yes dann hab ich yes eingegeben und meine grafik wurde wieder normal und es ging eine text Datei mit Anweisungen auf die mich auf eine seite gebracht hat won der ich ein kostenpflichtiges Programm downloaden sollte. ich hab gesagt dass ach ich nich wollte mein zeug retten und dann kommt von ihm die Nachricht : wenn du an deinen Dateien hängst bevolge meine Anweisungen. und er hat mir noch erzählr wie genau er mich gehacked hat. irgendwas mit 2 betriebssaystemen die nebn einander laufen oder so. war mir ein wenig zu hoch alles, noch dazu weils mitten in der nacht war und ich den ganzen tag nix gemacht hatte als rauszufinden wie ichmeinen pc fixen könnte Geändert von izockdi (28.01.2017 um 15:22 Uhr) |
|
29.01.2017, 13:02
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,...... Nö, ich hab den Eindruck, dass du dir da Mist einredest bzw Gespenster siehst. Und mehrere Dinge, die so nichts miteinander zu tun haben in einen Top knallst um es dann als Resultat von Hackern zu verkaufen  MBAM und ESET haben auch nix mehr gefunden bzw nix relevantes. Dafür fehlt immer noch das Log von SC.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.02.2017, 17:30
| #28 |
| | rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,......Code:
ATTFilter Results of screen317's Security Check version 1.009
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
|
|
01.02.2017, 21:48
| #29 | ||||||||||
| /// Winkelfunktion /// TB-Süch-Tiger™ | rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,...... Dann wären wir durch!  Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Abschließend müssen wir noch ein paar Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen - sofern benötigt, wenn nicht benötigt natürlich sinnigerweise deinstallieren oder Alternativen verwenden (und diese aktuell halten).
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Schutzsoftware: Vorab sei erwähnt, dass man niemals die Schutzwirkung eines Virenscanners überbewerten darf! Die Dinger sind mittlerweile auch unter Windows stark umstritten und können Probleme bereiten, die man so ohne AV einfach nicht haben wird. Zudem werden sie auch niemals jeden Schädling finden können. Aussagen der Anbieter dieser Software entpuppen sich regelmäßig als Marketinggeblubber. Lies mal => Aus aktuellem Anlass: Antivirus-Schlangenöl | Elias Schwerdtfeger und Antivirensoftware: Die Schlangenöl-Branche - Golem.de Verwende also MAXIMAL ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür. Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und/oder mit dem ESET Online Scanner scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. NoScript kann gerade bei technisch nicht allzu versierten Nutzern beim Surfen zum Nervfaktor werden; ob das Tool geeignet ist, muss jeder selbst mal ausprobieren und dann für sich entscheiden. Alternativen zu NoScript (wenn um das das Verhindern von Usertracking und Werbung auf Webseiten) geht wären da Ghostery oder uBlock. Ghostery ist eine sehr bekannte Erweiterung, die aber auch in Kritik geraten ist, vgl. dazu bitte diesen Thread => Ghostery schleift Werbung durch Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.02.2017, 23:52
| #30 |
| | rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,...... außer dass ich 100 programme runter geladen habe, hat sich ja nichts verändert. inzwischen ist der arbeitsspeicher in ruhe zu 38% ausgelastet, meine taskleiste funktioniert nicht mehr, und ich werde ständig vom internet getrennt. wie soll ich da zufrieden sein... trotzdem dabke für die mühe. |
|
| Themen zu rootkit? virus? festplatte zu 100% ausgelastet. hilfe mit frst. ereignis id: 1014, 7031, 10010, 5973, 69, 1000, 10016, 7006,...... |
| 100%, anleitung, antivirenprogramm, anwendungen, arbeitet, ausgelastet, festplatte, frst scan habe ich angehängt., funktionieren, komplett, kostenlose, laptop, lüfter, lösung, mal-ware, maus, nicht mehr, nichts, platte, programme, rootkit, system, update, verfügbar, viren befall ???, virus, virus?, win, win 10 update |
Linear-Darstellung
