| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Search.B1.org ,Popups und Werbe-weiterleitungen im Browser,Antivir/Adwcleaner finden nichtsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.02.2017, 01:45
| #1 |
| |  Search.B1.org ,Popups und Werbe-weiterleitungen im Browser,Antivir/Adwcleaner finden nichts Guten Abend, Ich habe seit geraumer Zeit Addware/Malware oder einen Visrus auf dem Rechner bzw. im Browser.Bei Opera und Firefox hatte ich mit einmal Bing als suchmaschine,die sich nicht wieder entfernen oder ändern ließ und egal auf welche seite ich ging es öffneten sich mehrere Popups mit Werbung .Ein Suchlauf mit Malwarebytes Anti-Malware war ergebnislos weswegen ich dieses wieder entfernt habe,Adwcleaner konnte ebenfalls nichts finden.Habe daraufhin alle Browser de-installiert, sämtliche Reste mittels RevoUninstaller entfernt und Opera neuinstalliert.Trotzdem waren sowohl Bing als auch die Werbung noch da. Jetzt habe ich gewechselt auf den Citrio Browser und bis gestern lief es einigermaßen normal ,nur ab und zu waren noch popups da,aber jetzt hat sich wieder eine andre Startseite und auch Suchmaschine eingeschlichen(Search.B1.org) die sich nicht entfernen lassen will-fast jede Seite die ich besuche hat 2-3 Popups zur Folge und Textzeilen enthalten grundsätzlich werbung die angezeigt wird sobald ich nur mit dem mauszeiger drüberfahre  Da ich mittlerweile mit meinem Latein am Ende bin ,wende ich mich nun an euch und hoffe das ihr mir behilflich sein könnt. Gruß,Schnarchnasä |
|
24.02.2017, 21:00
| #2 |
| /// TB-Ausbilder   |  Search.B1.org ,Popups und Werbe-weiterleitungen im Browser,Antivir/Adwcleaner finden nichts Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
25.02.2017, 00:08
| #3 |
| | Search.B1.org ,Popups und Werbe-weiterleitungen im Browser,Antivir/Adwcleaner finden nichts Herzlichen dank für die schnelle Bearbeitung,hier die angeforderten log-dateien:
__________________TDSS: Code:
ATTFilter 23:42:43.0453 0x13e4 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
23:42:46.0548 0x13e4 ============================================================
23:42:46.0548 0x13e4 Current date / time: 2017/02/24 23:42:46.0548
23:42:46.0548 0x13e4 SystemInfo:
23:42:46.0549 0x13e4
23:42:46.0549 0x13e4 OS Version: 6.1.7601 ServicePack: 1.0
23:42:46.0549 0x13e4 Product type: Workstation
23:42:46.0549 0x13e4 ComputerName: SCHNARCHNASE
23:42:46.0549 0x13e4 UserName: PsychoMantis
23:42:46.0549 0x13e4 Windows directory: C:\Windows
23:42:46.0549 0x13e4 System windows directory: C:\Windows
23:42:46.0549 0x13e4 Running under WOW64
23:42:46.0549 0x13e4 Processor architecture: Intel x64
23:42:46.0549 0x13e4 Number of processors: 4
23:42:46.0549 0x13e4 Page size: 0x1000
23:42:46.0549 0x13e4 Boot type: Normal boot
23:42:46.0549 0x13e4 CodeIntegrityOptions = 0x00000001
23:42:46.0549 0x13e4 ============================================================
23:42:48.0001 0x13e4 KLMD registered as C:\Windows\system32\drivers\69019604.sys
23:42:48.0001 0x13e4 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23418, osProperties = 0x1
23:42:48.0233 0x13e4 System UUID: {5CB2AFDE-D675-9D18-E61A-DBC637C8EA23}
23:42:48.0595 0x13e4 Drive \Device\Harddisk0\DR0 - Size: 0x2BAA1476000 ( 2794.52 Gb ), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:42:48.0598 0x13e4 ============================================================
23:42:48.0598 0x13e4 \Device\Harddisk0\DR0:
23:42:48.0598 0x13e4 MBR partitions:
23:42:48.0598 0x13e4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A768000
23:42:48.0598 0x13e4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4A768800, BlocksNum 0x64190000
23:42:48.0598 0x13e4 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAE8F8800, BlocksNum 0xAEC11800
23:42:48.0598 0x13e4 ============================================================
23:42:48.0615 0x13e4 C: <-> \Device\Harddisk0\DR0\Partition1
23:42:48.0649 0x13e4 D: <-> \Device\Harddisk0\DR0\Partition2
23:42:48.0686 0x13e4 E: <-> \Device\Harddisk0\DR0\Partition3
23:42:48.0686 0x13e4 ============================================================
23:42:48.0686 0x13e4 Initialize success
23:42:48.0686 0x13e4 ============================================================
23:43:14.0888 0x05f4 ============================================================
23:43:14.0888 0x05f4 Scan started
23:43:14.0888 0x05f4 Mode: Manual; SigCheck; TDLFS;
23:43:14.0888 0x05f4 ============================================================
23:43:14.0888 0x05f4 KSN ping started
23:43:14.0976 0x05f4 KSN ping finished: true
23:43:15.0856 0x05f4 ================ Scan system memory ========================
23:43:15.0856 0x05f4 System memory - ok
23:43:15.0857 0x05f4 ================ Scan services =============================
23:43:15.0930 0x05f4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:43:15.0960 0x05f4 1394ohci - ok
23:43:15.0975 0x05f4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:43:15.0987 0x05f4 ACPI - ok
23:43:16.0000 0x05f4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:43:16.0020 0x05f4 AcpiPmi - ok
23:43:16.0032 0x05f4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:43:16.0047 0x05f4 adp94xx - ok
23:43:16.0067 0x05f4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:43:16.0080 0x05f4 adpahci - ok
23:43:16.0086 0x05f4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:43:16.0096 0x05f4 adpu320 - ok
23:43:16.0121 0x05f4 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:43:16.0129 0x05f4 AeLookupSvc - ok
23:43:16.0152 0x05f4 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
23:43:16.0168 0x05f4 AFD - ok
23:43:16.0172 0x05f4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
23:43:16.0180 0x05f4 agp440 - ok
23:43:16.0204 0x05f4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
23:43:16.0212 0x05f4 ALG - ok
23:43:16.0234 0x05f4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
23:43:16.0241 0x05f4 aliide - ok
23:43:16.0244 0x05f4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
23:43:16.0250 0x05f4 amdide - ok
23:43:16.0265 0x05f4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:43:16.0272 0x05f4 AmdK8 - ok
23:43:16.0276 0x05f4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:43:16.0284 0x05f4 AmdPPM - ok
23:43:16.0301 0x05f4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:43:16.0309 0x05f4 amdsata - ok
23:43:16.0315 0x05f4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:43:16.0325 0x05f4 amdsbs - ok
23:43:16.0338 0x05f4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:43:16.0345 0x05f4 amdxata - ok
23:43:16.0380 0x05f4 [ 6474F8823C7188D2DA579F01FB6CED6B, 81D4E9D026CA60FB8840D520D151B8C2F4745A75DF90A4D6C80641F1A23AB605 ] AppID C:\Windows\system32\drivers\appid.sys
23:43:16.0388 0x05f4 AppID - ok
23:43:16.0402 0x05f4 [ 8F58BA1F7772D6D7CE45F03309608001, CDB109E0DD241042C058F7D81A1BDEBC34435CB2DC4A7A7A3692193DD5806097 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:43:16.0409 0x05f4 AppIDSvc - ok
23:43:16.0431 0x05f4 [ B62867835B41BCD839D9896AB4D7DF09, 98036D0202DB6171E90485898175833AC44873A85E6453EBE928E433B364CE07 ] Appinfo C:\Windows\System32\appinfo.dll
23:43:16.0439 0x05f4 Appinfo - ok
23:43:16.0496 0x05f4 [ 301AA64F9643BC453D90A66C4C0E7204, F9EDAD13F865B5F0A89FF59827EECB519F113EB037F2DA8367F1572629B503B1 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
23:43:16.0506 0x05f4 AppleCharger - ok
23:43:16.0516 0x05f4 [ 95EF7247C50C7241FDAE39A9B3AFF4AE, 6E08FB095C04B2E217B139D6431336C0F24C128A2A83082A3085DC8C44AA247D ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
23:43:16.0522 0x05f4 AppleChargerSrv - ok
23:43:16.0550 0x05f4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
23:43:16.0558 0x05f4 arc - ok
23:43:16.0563 0x05f4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:43:16.0571 0x05f4 arcsas - ok
23:43:16.0629 0x05f4 [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:43:16.0648 0x05f4 aspnet_state - ok
23:43:16.0675 0x05f4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:43:16.0696 0x05f4 AsyncMac - ok
23:43:16.0705 0x05f4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
23:43:16.0712 0x05f4 atapi - ok
23:43:16.0745 0x05f4 [ B4BDE3F758A34658A37DFED3D9783CD8, BC9F6B9BDD639457894DE0F596AB3A655374E078796762FE5E8E5414F0481208 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
23:43:16.0753 0x05f4 atksgt - ok
23:43:16.0787 0x05f4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:43:16.0806 0x05f4 AudioEndpointBuilder - ok
23:43:16.0821 0x05f4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:43:16.0840 0x05f4 AudioSrv - ok
23:43:16.0851 0x05f4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:43:16.0863 0x05f4 AxInstSV - ok
23:43:16.0880 0x05f4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:43:16.0895 0x05f4 b06bdrv - ok
23:43:16.0912 0x05f4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:43:16.0923 0x05f4 b57nd60a - ok
23:43:16.0933 0x05f4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
23:43:16.0941 0x05f4 BDESVC - ok
23:43:16.0953 0x05f4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
23:43:16.0975 0x05f4 Beep - ok
23:43:17.0063 0x05f4 [ D6BD4AE897D0DF163832AC75DF361BD0, E5F57A907EC557B2F29F49AA0A98AC90261DC44674F3066798AD622ECB24DBBE ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
23:43:17.0095 0x05f4 BEService - ok
23:43:17.0145 0x05f4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
23:43:17.0164 0x05f4 BFE - ok
23:43:17.0197 0x05f4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
23:43:17.0234 0x05f4 BITS - ok
23:43:17.0264 0x05f4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:43:17.0271 0x05f4 blbdrive - ok
23:43:17.0288 0x05f4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:43:17.0296 0x05f4 bowser - ok
23:43:17.0335 0x05f4 BRDriver64_1_3_3_E02B25FC - ok
23:43:17.0344 0x05f4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:43:17.0353 0x05f4 BrFiltLo - ok
23:43:17.0362 0x05f4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:43:17.0371 0x05f4 BrFiltUp - ok
23:43:17.0375 0x05f4 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:43:17.0399 0x05f4 BridgeMP - ok
23:43:17.0415 0x05f4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
23:43:17.0424 0x05f4 Browser - ok
23:43:17.0432 0x05f4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:43:17.0444 0x05f4 Brserid - ok
23:43:17.0448 0x05f4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:43:17.0457 0x05f4 BrSerWdm - ok
23:43:17.0460 0x05f4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:43:17.0469 0x05f4 BrUsbMdm - ok
23:43:17.0472 0x05f4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:43:17.0478 0x05f4 BrUsbSer - ok
23:43:17.0482 0x05f4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:43:17.0492 0x05f4 BTHMODEM - ok
23:43:17.0499 0x05f4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
23:43:17.0522 0x05f4 bthserv - ok
23:43:17.0526 0x05f4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:43:17.0550 0x05f4 cdfs - ok
23:43:17.0572 0x05f4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:43:17.0582 0x05f4 cdrom - ok
23:43:17.0594 0x05f4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
23:43:17.0616 0x05f4 CertPropSvc - ok
23:43:17.0620 0x05f4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
23:43:17.0629 0x05f4 circlass - ok
23:43:17.0654 0x05f4 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
23:43:17.0667 0x05f4 CLFS - ok
23:43:17.0712 0x05f4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:43:17.0720 0x05f4 clr_optimization_v2.0.50727_32 - ok
23:43:17.0743 0x05f4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:43:17.0752 0x05f4 clr_optimization_v2.0.50727_64 - ok
23:43:17.0788 0x05f4 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:43:17.0828 0x05f4 clr_optimization_v4.0.30319_32 - ok
23:43:17.0846 0x05f4 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:43:17.0862 0x05f4 clr_optimization_v4.0.30319_64 - ok
23:43:17.0882 0x05f4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
23:43:17.0890 0x05f4 CmBatt - ok
23:43:17.0897 0x05f4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:43:17.0904 0x05f4 cmdide - ok
23:43:17.0950 0x05f4 [ 8F4BE02699ED644E89C7818D965B30A3, 3EC02EEC564BA4A830BF448C8741A9F919793C6F9A1A8E4E4E51D9AA9C71BA98 ] cmuda3 C:\Windows\system32\drivers\cmudax3.sys
23:43:17.0976 0x05f4 cmuda3 - ok
23:43:18.0012 0x05f4 [ 3323F76352B0AF14B2CDC4DFBF3E980A, F8E3C3508C37E647497B6889F26819B1DB30275F48A994D1BBFBAA9454E5FD70 ] CNG C:\Windows\system32\Drivers\cng.sys
23:43:18.0031 0x05f4 CNG - ok
23:43:18.0043 0x05f4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:43:18.0049 0x05f4 Compbatt - ok
23:43:18.0062 0x05f4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:43:18.0071 0x05f4 CompositeBus - ok
23:43:18.0078 0x05f4 COMSysApp - ok
23:43:18.0081 0x05f4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:43:18.0088 0x05f4 crcdisk - ok
23:43:18.0111 0x05f4 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:43:18.0121 0x05f4 CryptSvc - ok
23:43:18.0181 0x05f4 [ EDBA1382E5D7D1E71442B43E170CF8D4, 10E7A90FDC8498EBB8043A4B8BAD14104E68EBAE91149C5D1C1660E0D73995C9 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
23:43:18.0191 0x05f4 CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
23:43:18.0255 0x05f4 Detect skipped due to KSN trusted
23:43:18.0255 0x05f4 CTAudSvcService - ok
23:43:18.0283 0x05f4 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch C:\Windows\system32\rpcss.dll
23:43:18.0299 0x05f4 DcomLaunch - ok
23:43:18.0321 0x05f4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
23:43:18.0348 0x05f4 defragsvc - ok
23:43:18.0361 0x05f4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:43:18.0383 0x05f4 DfsC - ok
23:43:18.0416 0x05f4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:43:18.0438 0x05f4 Dhcp - ok
23:43:18.0448 0x05f4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
23:43:18.0470 0x05f4 discache - ok
23:43:18.0492 0x05f4 [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk C:\Windows\system32\drivers\disk.sys
23:43:18.0500 0x05f4 Disk - ok
23:43:18.0522 0x05f4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:43:18.0532 0x05f4 Dnscache - ok
23:43:18.0545 0x05f4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
23:43:18.0570 0x05f4 dot3svc - ok
23:43:18.0580 0x05f4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
23:43:18.0603 0x05f4 DPS - ok
23:43:18.0629 0x05f4 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:43:18.0635 0x05f4 drmkaud - ok
23:43:18.0678 0x05f4 [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:43:18.0702 0x05f4 DXGKrnl - ok
23:43:18.0717 0x05f4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
23:43:18.0741 0x05f4 EapHost - ok
23:43:18.0762 0x05f4 EasyAntiCheat - ok
23:43:18.0844 0x05f4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:43:18.0911 0x05f4 ebdrv - ok
23:43:18.0930 0x05f4 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] EFS C:\Windows\System32\lsass.exe
23:43:18.0938 0x05f4 EFS - ok
23:43:18.0992 0x05f4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:43:19.0016 0x05f4 ehRecvr - ok
23:43:19.0032 0x05f4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
23:43:19.0041 0x05f4 ehSched - ok
23:43:19.0061 0x05f4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:43:19.0077 0x05f4 elxstor - ok
23:43:19.0088 0x05f4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:43:19.0095 0x05f4 ErrDev - ok
23:43:19.0137 0x05f4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
23:43:19.0166 0x05f4 EventSystem - ok
23:43:19.0173 0x05f4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
23:43:19.0198 0x05f4 exfat - ok
23:43:19.0204 0x05f4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:43:19.0229 0x05f4 fastfat - ok
23:43:19.0265 0x05f4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
23:43:19.0284 0x05f4 Fax - ok
23:43:19.0288 0x05f4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
23:43:19.0296 0x05f4 fdc - ok
23:43:19.0312 0x05f4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
23:43:19.0334 0x05f4 fdPHost - ok
23:43:19.0342 0x05f4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
23:43:19.0364 0x05f4 FDResPub - ok
23:43:19.0384 0x05f4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:43:19.0392 0x05f4 FileInfo - ok
23:43:19.0402 0x05f4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:43:19.0424 0x05f4 Filetrace - ok
23:43:19.0433 0x05f4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:43:19.0440 0x05f4 flpydisk - ok
23:43:19.0459 0x05f4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:43:19.0470 0x05f4 FltMgr - ok
23:43:19.0508 0x05f4 [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\Windows\system32\FntCache.dll
23:43:19.0536 0x05f4 FontCache - ok
23:43:19.0566 0x05f4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:43:19.0572 0x05f4 FontCache3.0.0.0 - ok
23:43:19.0585 0x05f4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:43:19.0593 0x05f4 FsDepends - ok
23:43:19.0615 0x05f4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:43:19.0622 0x05f4 Fs_Rec - ok
23:43:19.0640 0x05f4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:43:19.0653 0x05f4 fvevol - ok
23:43:19.0657 0x05f4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:43:19.0664 0x05f4 gagp30kx - ok
23:43:19.0672 0x05f4 gdrv - ok
23:43:19.0711 0x05f4 [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc C:\Windows\System32\gpsvc.dll
23:43:19.0732 0x05f4 gpsvc - ok
23:43:19.0737 0x05f4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:43:19.0744 0x05f4 hcw85cir - ok
23:43:19.0766 0x05f4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:43:19.0780 0x05f4 HdAudAddService - ok
23:43:19.0786 0x05f4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:43:19.0796 0x05f4 HDAudBus - ok
23:43:19.0800 0x05f4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:43:19.0807 0x05f4 HidBatt - ok
23:43:19.0811 0x05f4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:43:19.0821 0x05f4 HidBth - ok
23:43:19.0830 0x05f4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
23:43:19.0839 0x05f4 HidIr - ok
23:43:19.0853 0x05f4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
23:43:19.0875 0x05f4 hidserv - ok
23:43:19.0907 0x05f4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:43:19.0914 0x05f4 HidUsb - ok
23:43:19.0921 0x05f4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:43:19.0944 0x05f4 hkmsvc - ok
23:43:19.0957 0x05f4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:43:19.0968 0x05f4 HomeGroupListener - ok
23:43:19.0978 0x05f4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:43:19.0988 0x05f4 HomeGroupProvider - ok
23:43:20.0002 0x05f4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:43:20.0010 0x05f4 HpSAMD - ok
23:43:20.0038 0x05f4 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:43:20.0057 0x05f4 HTTP - ok
23:43:20.0069 0x05f4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:43:20.0076 0x05f4 hwpolicy - ok
23:43:20.0080 0x05f4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:43:20.0089 0x05f4 i8042prt - ok
23:43:20.0109 0x05f4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:43:20.0122 0x05f4 iaStorV - ok
23:43:20.0157 0x05f4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:43:20.0179 0x05f4 idsvc - ok
23:43:20.0193 0x05f4 IEEtwCollectorService - ok
23:43:20.0197 0x05f4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:43:20.0204 0x05f4 iirsp - ok
23:43:20.0240 0x05f4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
23:43:20.0262 0x05f4 IKEEXT - ok
23:43:20.0272 0x05f4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
23:43:20.0279 0x05f4 intelide - ok
23:43:20.0283 0x05f4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
23:43:20.0291 0x05f4 intelppm - ok
23:43:20.0300 0x05f4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:43:20.0323 0x05f4 IPBusEnum - ok
23:43:20.0328 0x05f4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:43:20.0351 0x05f4 IpFilterDriver - ok
23:43:20.0405 0x05f4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:43:20.0422 0x05f4 iphlpsvc - ok
23:43:20.0427 0x05f4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:43:20.0435 0x05f4 IPMIDRV - ok
23:43:20.0440 0x05f4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:43:20.0463 0x05f4 IPNAT - ok
23:43:20.0481 0x05f4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:43:20.0491 0x05f4 IRENUM - ok
23:43:20.0539 0x05f4 is3srv - ok
23:43:20.0547 0x05f4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:43:20.0553 0x05f4 isapnp - ok
23:43:20.0565 0x05f4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:43:20.0576 0x05f4 iScsiPrt - ok
23:43:20.0618 0x05f4 [ E489D12FF435AEEF4A5474C47D329590, 66A01F63EE4F66C0CD5BB9BF20E1722D57CC8252AC126780800806B536F4CEA9 ] ISODrive C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
23:43:20.0626 0x05f4 ISODrive - ok
23:43:20.0657 0x05f4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:43:20.0665 0x05f4 kbdclass - ok
23:43:20.0675 0x05f4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:43:20.0682 0x05f4 kbdhid - ok
23:43:20.0688 0x05f4 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] KeyIso C:\Windows\system32\lsass.exe
23:43:20.0695 0x05f4 KeyIso - ok
23:43:20.0719 0x05f4 [ 3974E5264A0481600370C5BEED061DDF, 6365DC2B3ECAF462F98481103F47B7550688D1A3AE96C88FDBCB3ED3BBB76EB6 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:43:20.0727 0x05f4 KSecDD - ok
23:43:20.0736 0x05f4 [ 6E85615A86FE86E76DAE49BF9F227483, 825F9906910C33A36D04D805402A8C0C8E09232407E077B85282E3208A9BFC25 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:43:20.0746 0x05f4 KSecPkg - ok
23:43:20.0749 0x05f4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:43:20.0771 0x05f4 ksthunk - ok
23:43:20.0794 0x05f4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
23:43:20.0823 0x05f4 KtmRm - ok
23:43:20.0853 0x05f4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
23:43:20.0879 0x05f4 LanmanServer - ok
23:43:20.0892 0x05f4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:43:20.0916 0x05f4 LanmanWorkstation - ok
23:43:20.0950 0x05f4 [ 955982BF4421B77722196552B62E8DC2, 3732449ACDBB78E1ED8436DF153C899C28573F458FDCFE345DFA1B305D085033 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
23:43:20.0956 0x05f4 lirsgt - ok
23:43:20.0970 0x05f4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:43:20.0992 0x05f4 lltdio - ok
23:43:21.0015 0x05f4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:43:21.0042 0x05f4 lltdsvc - ok
23:43:21.0045 0x05f4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:43:21.0067 0x05f4 lmhosts - ok
23:43:21.0080 0x05f4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:43:21.0091 0x05f4 LSI_FC - ok
23:43:21.0096 0x05f4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:43:21.0104 0x05f4 LSI_SAS - ok
23:43:21.0108 0x05f4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:43:21.0116 0x05f4 LSI_SAS2 - ok
23:43:21.0121 0x05f4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:43:21.0129 0x05f4 LSI_SCSI - ok
23:43:21.0144 0x05f4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
23:43:21.0167 0x05f4 luafv - ok
23:43:21.0185 0x05f4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:43:21.0194 0x05f4 Mcx2Svc - ok
23:43:21.0197 0x05f4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
23:43:21.0205 0x05f4 megasas - ok
23:43:21.0221 0x05f4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:43:21.0233 0x05f4 MegaSR - ok
23:43:21.0245 0x05f4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
23:43:21.0268 0x05f4 MMCSS - ok
23:43:21.0272 0x05f4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
23:43:21.0294 0x05f4 Modem - ok
23:43:21.0320 0x05f4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:43:21.0329 0x05f4 monitor - ok
23:43:21.0336 0x05f4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:43:21.0343 0x05f4 mouclass - ok
23:43:21.0347 0x05f4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:43:21.0354 0x05f4 mouhid - ok
23:43:21.0377 0x05f4 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:43:21.0385 0x05f4 mountmgr - ok
23:43:21.0398 0x05f4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
23:43:21.0407 0x05f4 mpio - ok
23:43:21.0416 0x05f4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:43:21.0440 0x05f4 mpsdrv - ok
23:43:21.0467 0x05f4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:43:21.0503 0x05f4 MpsSvc - ok
23:43:21.0517 0x05f4 [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:43:21.0526 0x05f4 MRxDAV - ok
23:43:21.0550 0x05f4 [ 10112D850C844606419C79EE24EE6016, 1668F47ED9C31D805542646A0AD6E572C3547FF822F5BCDF1BB3F521714F8B85 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:43:21.0559 0x05f4 mrxsmb - ok
23:43:21.0575 0x05f4 [ DCC4343B422A13B42C7678998449CE8A, 9C143543DC9B21A15C5E86640464A3A78C5E820857D0A6BE05D4FBC20D0BF866 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:43:21.0586 0x05f4 mrxsmb10 - ok
23:43:21.0596 0x05f4 [ 46C4F5BEE8D98BB1688752EAD0ABB7C0, C744F39E462798DC98D1C4603758AC43DB4A7961F3BAF9E5ABA22AD905E012F8 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:43:21.0604 0x05f4 mrxsmb20 - ok
23:43:21.0618 0x05f4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
23:43:21.0625 0x05f4 msahci - ok
23:43:21.0645 0x05f4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:43:21.0654 0x05f4 msdsm - ok
23:43:21.0669 0x05f4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
23:43:21.0679 0x05f4 MSDTC - ok
23:43:21.0701 0x05f4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:43:21.0733 0x05f4 Msfs - ok
23:43:21.0756 0x05f4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:43:21.0778 0x05f4 mshidkmdf - ok
23:43:21.0782 0x05f4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:43:21.0789 0x05f4 msisadrv - ok
23:43:21.0801 0x05f4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:43:21.0825 0x05f4 MSiSCSI - ok
23:43:21.0828 0x05f4 msiserver - ok
23:43:21.0847 0x05f4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:43:21.0868 0x05f4 MSKSSRV - ok
23:43:21.0877 0x05f4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:43:21.0898 0x05f4 MSPCLOCK - ok
23:43:21.0904 0x05f4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:43:21.0925 0x05f4 MSPQM - ok
23:43:21.0938 0x05f4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:43:21.0951 0x05f4 MsRPC - ok
23:43:21.0957 0x05f4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:43:21.0964 0x05f4 mssmbios - ok
23:43:21.0967 0x05f4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:43:21.0989 0x05f4 MSTEE - ok
23:43:21.0992 0x05f4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:43:21.0999 0x05f4 MTConfig - ok
23:43:22.0009 0x05f4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
23:43:22.0017 0x05f4 Mup - ok
23:43:22.0040 0x05f4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
23:43:22.0070 0x05f4 napagent - ok
23:43:22.0085 0x05f4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:43:22.0101 0x05f4 NativeWifiP - ok
23:43:22.0134 0x05f4 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:43:22.0158 0x05f4 NDIS - ok
23:43:22.0168 0x05f4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:43:22.0189 0x05f4 NdisCap - ok
23:43:22.0198 0x05f4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:43:22.0220 0x05f4 NdisTapi - ok
23:43:22.0232 0x05f4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:43:22.0253 0x05f4 Ndisuio - ok
23:43:22.0264 0x05f4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:43:22.0287 0x05f4 NdisWan - ok
23:43:22.0301 0x05f4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:43:22.0322 0x05f4 NDProxy - ok
23:43:22.0328 0x05f4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:43:22.0351 0x05f4 NetBIOS - ok
23:43:22.0374 0x05f4 [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:43:22.0385 0x05f4 NetBT - ok
23:43:22.0389 0x05f4 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] Netlogon C:\Windows\system32\lsass.exe
23:43:22.0396 0x05f4 Netlogon - ok
23:43:22.0419 0x05f4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
23:43:22.0447 0x05f4 Netman - ok
23:43:22.0499 0x05f4 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:43:22.0513 0x05f4 NetMsmqActivator - ok
23:43:22.0517 0x05f4 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:43:22.0525 0x05f4 NetPipeActivator - ok
23:43:22.0547 0x05f4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
23:43:22.0577 0x05f4 netprofm - ok
23:43:22.0582 0x05f4 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:43:22.0590 0x05f4 NetTcpActivator - ok
23:43:22.0594 0x05f4 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:43:22.0601 0x05f4 NetTcpPortSharing - ok
23:43:22.0605 0x05f4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:43:22.0612 0x05f4 nfrd960 - ok
23:43:22.0635 0x05f4 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
23:43:22.0648 0x05f4 NlaSvc - ok
23:43:22.0659 0x05f4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:43:22.0681 0x05f4 Npfs - ok
23:43:22.0704 0x05f4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
23:43:22.0727 0x05f4 nsi - ok
23:43:22.0737 0x05f4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:43:22.0758 0x05f4 nsiproxy - ok
23:43:22.0829 0x05f4 [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:43:22.0898 0x05f4 Ntfs - ok
23:43:22.0916 0x05f4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
23:43:22.0937 0x05f4 Null - ok
23:43:23.0043 0x05f4 [ 785298579B5F9B4032152DFBB992FDB6, 873346A9B2C71C4F3F8B9C6B6AF34AD3675D029DAEA93876350ACBCEE19145D5 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
23:43:23.0050 0x05f4 nusb3hub - ok
23:43:23.0126 0x05f4 [ DF2750481B4964814467C974F2B0EEF1, 573FE5B5867C207355F0D6BBAE744EC5D2539F02DDC25E1470AE2D1E00954C3C ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:43:23.0134 0x05f4 nusb3xhc - ok
23:43:23.0165 0x05f4 [ 64DA1993B1973F049C1347DA1B05185E, 2A04E263DB13751D033E2F9B9518820CF4942EEAFA5A32488570EEB699EE2A96 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
23:43:23.0178 0x05f4 NVHDA - ok
23:43:23.0498 0x05f4 [ B600B82E9CEB1C97B751B19E0914B520, ED0AE29B4A38A70792E7C5D4F0971068EE3BB4ACC66A9054ED35611F2008AA9F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:43:23.0761 0x05f4 nvlddmkm - ok
23:43:23.0802 0x05f4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:43:23.0811 0x05f4 nvraid - ok
23:43:23.0832 0x05f4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:43:23.0841 0x05f4 nvstor - ok
23:43:23.0851 0x05f4 nvvad_WaveExtensible - ok
23:43:23.0863 0x05f4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:43:23.0871 0x05f4 nv_agp - ok
23:43:23.0875 0x05f4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:43:23.0883 0x05f4 ohci1394 - ok
23:43:23.0995 0x05f4 [ 7D331DD034C85FB18DDF028F744FA37B, BF6ADD7AF05732340831CA7DE766B5C93323A190107F7570E2130398846F4430 ] Origin Client Service D:\Origin\OriginClientService.exe
23:43:24.0039 0x05f4 Origin Client Service - ok
23:43:24.0130 0x05f4 [ 2B099DEBCFCBE33036406739F94C529C, DBBACA632F39530F81D3AC28A350CAE49972156149835197053B8D61E00D8CEA ] Origin Web Helper Service D:\Origin\OriginWebHelperService.exe
23:43:24.0175 0x05f4 Origin Web Helper Service - ok
23:43:24.0208 0x05f4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:43:24.0220 0x05f4 p2pimsvc - ok
23:43:24.0236 0x05f4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
23:43:24.0251 0x05f4 p2psvc - ok
23:43:24.0262 0x05f4 PAExec - ok
23:43:24.0281 0x05f4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:43:24.0289 0x05f4 Parport - ok
23:43:24.0306 0x05f4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:43:24.0313 0x05f4 partmgr - ok
23:43:24.0333 0x05f4 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:43:24.0344 0x05f4 PcaSvc - ok
23:43:24.0355 0x05f4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
23:43:24.0365 0x05f4 pci - ok
23:43:24.0382 0x05f4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
23:43:24.0389 0x05f4 pciide - ok
23:43:24.0407 0x05f4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:43:24.0417 0x05f4 pcmcia - ok
23:43:24.0430 0x05f4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
23:43:24.0437 0x05f4 pcw - ok
23:43:24.0467 0x05f4 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:43:24.0485 0x05f4 PEAUTH - ok
23:43:24.0500 0x05f4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:43:24.0508 0x05f4 PerfHost - ok
23:43:24.0546 0x05f4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
23:43:24.0592 0x05f4 pla - ok
23:43:24.0625 0x05f4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:43:24.0640 0x05f4 PlugPlay - ok
23:43:24.0655 0x05f4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:43:24.0662 0x05f4 PNRPAutoReg - ok
23:43:24.0674 0x05f4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:43:24.0687 0x05f4 PNRPsvc - ok
23:43:24.0712 0x05f4 [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:43:24.0727 0x05f4 PolicyAgent - ok
23:43:24.0756 0x05f4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
23:43:24.0782 0x05f4 Power - ok
23:43:24.0812 0x05f4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:43:24.0834 0x05f4 PptpMiniport - ok
23:43:24.0838 0x05f4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
23:43:24.0846 0x05f4 Processor - ok
23:43:24.0857 0x05f4 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
23:43:24.0868 0x05f4 ProfSvc - ok
23:43:24.0879 0x05f4 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:43:24.0886 0x05f4 ProtectedStorage - ok
23:43:24.0911 0x05f4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:43:24.0934 0x05f4 Psched - ok
23:43:24.0976 0x05f4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:43:25.0010 0x05f4 ql2300 - ok
23:43:25.0018 0x05f4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:43:25.0026 0x05f4 ql40xx - ok
23:43:25.0040 0x05f4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
23:43:25.0055 0x05f4 QWAVE - ok
23:43:25.0063 0x05f4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:43:25.0073 0x05f4 QWAVEdrv - ok
23:43:25.0077 0x05f4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:43:25.0098 0x05f4 RasAcd - ok
23:43:25.0107 0x05f4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:43:25.0129 0x05f4 RasAgileVpn - ok
23:43:25.0139 0x05f4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
23:43:25.0163 0x05f4 RasAuto - ok
23:43:25.0176 0x05f4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:43:25.0199 0x05f4 Rasl2tp - ok
23:43:25.0223 0x05f4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
23:43:25.0251 0x05f4 RasMan - ok
23:43:25.0263 0x05f4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:43:25.0286 0x05f4 RasPppoe - ok
23:43:25.0296 0x05f4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:43:25.0320 0x05f4 RasSstp - ok
23:43:25.0336 0x05f4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:43:25.0362 0x05f4 rdbss - ok
23:43:25.0365 0x05f4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
23:43:25.0374 0x05f4 rdpbus - ok
23:43:25.0398 0x05f4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:43:25.0419 0x05f4 RDPCDD - ok
23:43:25.0429 0x05f4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:43:25.0451 0x05f4 RDPENCDD - ok
23:43:25.0455 0x05f4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:43:25.0477 0x05f4 RDPREFMP - ok
23:43:25.0504 0x05f4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:43:25.0514 0x05f4 RDPWD - ok
23:43:25.0545 0x05f4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:43:25.0555 0x05f4 rdyboost - ok
23:43:25.0571 0x05f4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:43:25.0595 0x05f4 RemoteAccess - ok
23:43:25.0610 0x05f4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:43:25.0635 0x05f4 RemoteRegistry - ok
23:43:25.0644 0x05f4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:43:25.0668 0x05f4 RpcEptMapper - ok
23:43:25.0675 0x05f4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
23:43:25.0682 0x05f4 RpcLocator - ok
23:43:25.0699 0x05f4 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs C:\Windows\system32\rpcss.dll
23:43:25.0715 0x05f4 RpcSs - ok
23:43:25.0720 0x05f4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:43:25.0742 0x05f4 rspndr - ok
23:43:25.0776 0x05f4 [ 4FBDA07EF0A3097CE14C5CABF723B278, 6F1E21362F0057E9C6A180D9189AEB51761F4C019A6835E50E4AD19ED1F58FE6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:43:25.0788 0x05f4 RTL8167 - ok
23:43:25.0796 0x05f4 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] SamSs C:\Windows\system32\lsass.exe
23:43:25.0803 0x05f4 SamSs - ok
23:43:25.0816 0x05f4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:43:25.0824 0x05f4 sbp2port - ok
23:43:25.0838 0x05f4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:43:25.0864 0x05f4 SCardSvr - ok
23:43:25.0876 0x05f4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:43:25.0897 0x05f4 scfilter - ok
23:43:25.0935 0x05f4 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
23:43:25.0962 0x05f4 Schedule - ok
23:43:25.0977 0x05f4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:43:25.0999 0x05f4 SCPolicySvc - ok
23:43:26.0010 0x05f4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:43:26.0020 0x05f4 SDRSVC - ok
23:43:26.0024 0x05f4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:43:26.0031 0x05f4 secdrv - ok
23:43:26.0048 0x05f4 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon C:\Windows\system32\seclogon.dll
23:43:26.0055 0x05f4 seclogon - ok
23:43:26.0068 0x05f4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
23:43:26.0091 0x05f4 SENS - ok
23:43:26.0100 0x05f4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:43:26.0107 0x05f4 SensrSvc - ok
23:43:26.0130 0x05f4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:43:26.0137 0x05f4 Serenum - ok
23:43:26.0150 0x05f4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:43:26.0159 0x05f4 Serial - ok
23:43:26.0162 0x05f4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:43:26.0169 0x05f4 sermouse - ok
23:43:26.0186 0x05f4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
23:43:26.0210 0x05f4 SessionEnv - ok
23:43:26.0213 0x05f4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:43:26.0221 0x05f4 sffdisk - ok
23:43:26.0225 0x05f4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:43:26.0233 0x05f4 sffp_mmc - ok
23:43:26.0237 0x05f4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:43:26.0245 0x05f4 sffp_sd - ok
23:43:26.0248 0x05f4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:43:26.0255 0x05f4 sfloppy - ok
23:43:26.0283 0x05f4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:43:26.0312 0x05f4 SharedAccess - ok
23:43:26.0328 0x05f4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:43:26.0356 0x05f4 ShellHWDetection - ok
23:43:26.0360 0x05f4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:43:26.0367 0x05f4 SiSRaid2 - ok
23:43:26.0371 0x05f4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:43:26.0379 0x05f4 SiSRaid4 - ok
23:43:26.0384 0x05f4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:43:26.0407 0x05f4 Smb - ok
23:43:26.0435 0x05f4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:43:26.0444 0x05f4 SNMPTRAP - ok
23:43:26.0447 0x05f4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
23:43:26.0454 0x05f4 spldr - ok
23:43:26.0480 0x05f4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
23:43:26.0498 0x05f4 Spooler - ok
23:43:26.0575 0x05f4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
23:43:26.0661 0x05f4 sppsvc - ok
23:43:26.0675 0x05f4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:43:26.0699 0x05f4 sppuinotify - ok
23:43:26.0727 0x05f4 [ F2F4B895296EE3ECCE781CC2A296A5D1, 126321EDDA8141A42DBE7C90675948433063E6D5B6DEFD805AA0797C95A461EE ] srv C:\Windows\system32\DRIVERS\srv.sys
23:43:26.0741 0x05f4 srv - ok
23:43:26.0760 0x05f4 [ FD0008BEDD2723170CCA7D61837DFD52, F9F576FA7B84CAB5180B9080D62B8A00B3E5D5BC73199B11C63193742529227D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:43:26.0774 0x05f4 srv2 - ok
23:43:26.0789 0x05f4 [ 63B5845D9379262083655D5C6AB8DFC5, 1813D2FC41ADCDAC6E3A522373B9DB934CC27B89E7185E0E4FC26E30CDAF1523 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:43:26.0799 0x05f4 srvnet - ok
23:43:26.0818 0x05f4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:43:26.0844 0x05f4 SSDPSRV - ok
23:43:26.0852 0x05f4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:43:26.0875 0x05f4 SstpSvc - ok
23:43:26.0986 0x05f4 [ 90E22D7CDE08E07446D238A569BCAB7C, 3D4F413D0B0C9CF28D06E0476F24AC6441C8678DF786D9971B39C91C9F9B8020 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
23:43:27.0018 0x05f4 Steam Client Service - ok
23:43:27.0041 0x05f4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:43:27.0048 0x05f4 stexstor - ok
23:43:27.0079 0x05f4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
23:43:27.0100 0x05f4 stisvc - ok
23:43:27.0110 0x05f4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:43:27.0117 0x05f4 swenum - ok
23:43:27.0136 0x05f4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
23:43:27.0168 0x05f4 swprv - ok
23:43:27.0227 0x05f4 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
23:43:27.0266 0x05f4 SysMain - ok
23:43:27.0288 0x05f4 szkg5 - ok
23:43:27.0313 0x05f4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:43:27.0326 0x05f4 TabletInputService - ok
23:43:27.0344 0x05f4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
23:43:27.0371 0x05f4 TapiSrv - ok
23:43:27.0408 0x05f4 [ 185C2170CFD84F9D708276FBB5ABD77D, FCA00B5CC62F2C160326DBA2F6BF31746324BBE7D5E96291C345DCF2583CE324 ] tapSF0901 C:\Windows\system32\DRIVERS\tapSF0901.sys
23:43:27.0415 0x05f4 tapSF0901 - ok
23:43:27.0473 0x05f4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:43:27.0514 0x05f4 Tcpip - ok
23:43:27.0562 0x05f4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:43:27.0602 0x05f4 TCPIP6 - ok
23:43:27.0621 0x05f4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:43:27.0628 0x05f4 tcpipreg - ok
23:43:27.0650 0x05f4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:43:27.0656 0x05f4 TDPIPE - ok
23:43:27.0670 0x05f4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:43:27.0677 0x05f4 TDTCP - ok
23:43:27.0693 0x05f4 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:43:27.0702 0x05f4 tdx - ok
23:43:27.0724 0x05f4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:43:27.0732 0x05f4 TermDD - ok
23:43:27.0765 0x05f4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
23:43:27.0785 0x05f4 TermService - ok
23:43:27.0791 0x05f4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
23:43:27.0803 0x05f4 Themes - ok
23:43:27.0820 0x05f4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
23:43:27.0843 0x05f4 THREADORDER - ok
23:43:27.0871 0x05f4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
23:43:27.0896 0x05f4 TrkWks - ok
23:43:27.0936 0x05f4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:43:27.0960 0x05f4 TrustedInstaller - ok
23:43:27.0980 0x05f4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:43:27.0987 0x05f4 tssecsrv - ok
23:43:28.0003 0x05f4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:43:28.0010 0x05f4 TsUsbFlt - ok
23:43:28.0014 0x05f4 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:43:28.0020 0x05f4 TsUsbGD - ok
23:43:28.0037 0x05f4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:43:28.0060 0x05f4 tunnel - ok
23:43:28.0064 0x05f4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:43:28.0071 0x05f4 uagp35 - ok
23:43:28.0080 0x05f4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:43:28.0107 0x05f4 udfs - ok
23:43:28.0154 0x05f4 [ 88A68DA9B38708A511CEAFEAB0383849, 27F1FD389E9C5FE202D888F89137FA30146CAF9439F0D101F9D7F1D3BA106F56 ] UHSfiltv C:\Windows\system32\drivers\UHSfiltv.sys
23:43:28.0160 0x05f4 UHSfiltv - ok
23:43:28.0165 0x05f4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:43:28.0174 0x05f4 UI0Detect - ok
23:43:28.0178 0x05f4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:43:28.0186 0x05f4 uliagpkx - ok
23:43:28.0210 0x05f4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:43:28.0218 0x05f4 umbus - ok
23:43:28.0226 0x05f4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
23:43:28.0233 0x05f4 UmPass - ok
23:43:28.0251 0x05f4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
23:43:28.0279 0x05f4 upnphost - ok
23:43:28.0304 0x05f4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:43:28.0312 0x05f4 usbaudio - ok
23:43:28.0336 0x05f4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:43:28.0344 0x05f4 usbccgp - ok
23:43:28.0379 0x05f4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:43:28.0387 0x05f4 usbcir - ok
23:43:28.0426 0x05f4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:43:28.0433 0x05f4 usbehci - ok
23:43:28.0454 0x05f4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:43:28.0466 0x05f4 usbhub - ok
23:43:28.0491 0x05f4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:43:28.0497 0x05f4 usbohci - ok
23:43:28.0519 0x05f4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:43:28.0528 0x05f4 usbprint - ok
23:43:28.0547 0x05f4 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:43:28.0554 0x05f4 USBSTOR - ok
23:43:28.0558 0x05f4 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:43:28.0565 0x05f4 usbuhci - ok
23:43:28.0594 0x05f4 [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
23:43:28.0601 0x05f4 usb_rndisx - ok
23:43:28.0615 0x05f4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
23:43:28.0638 0x05f4 UxSms - ok
23:43:28.0642 0x05f4 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] VaultSvc C:\Windows\system32\lsass.exe
23:43:28.0649 0x05f4 VaultSvc - ok
23:43:28.0660 0x05f4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:43:28.0667 0x05f4 vdrvroot - ok
23:43:28.0690 0x05f4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
23:43:28.0736 0x05f4 vds - ok
23:43:28.0760 0x05f4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:43:28.0768 0x05f4 vga - ok
23:43:28.0782 0x05f4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:43:28.0804 0x05f4 VgaSave - ok
23:43:28.0819 0x05f4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:43:28.0829 0x05f4 vhdmp - ok
23:43:28.0847 0x05f4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
23:43:28.0853 0x05f4 viaide - ok
23:43:28.0866 0x05f4 vmci - ok
23:43:28.0869 0x05f4 VMnetAdapter - ok
23:43:28.0881 0x05f4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:43:28.0889 0x05f4 volmgr - ok
23:43:28.0900 0x05f4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:43:28.0913 0x05f4 volmgrx - ok
23:43:28.0943 0x05f4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:43:28.0955 0x05f4 volsnap - ok
23:43:28.0961 0x05f4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:43:28.0970 0x05f4 vsmraid - ok
23:43:29.0017 0x05f4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
23:43:29.0067 0x05f4 VSS - ok
23:43:29.0079 0x05f4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:43:29.0088 0x05f4 vwifibus - ok
23:43:29.0105 0x05f4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
23:43:29.0134 0x05f4 W32Time - ok
23:43:29.0149 0x05f4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:43:29.0156 0x05f4 WacomPen - ok
23:43:29.0167 0x05f4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:43:29.0190 0x05f4 WANARP - ok
23:43:29.0201 0x05f4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:43:29.0223 0x05f4 Wanarpv6 - ok
23:43:29.0263 0x05f4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
23:43:29.0298 0x05f4 wbengine - ok
23:43:29.0322 0x05f4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:43:29.0336 0x05f4 WbioSrvc - ok
23:43:29.0350 0x05f4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:43:29.0367 0x05f4 wcncsvc - ok
23:43:29.0380 0x05f4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:43:29.0388 0x05f4 WcsPlugInService - ok
23:43:29.0406 0x05f4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
23:43:29.0412 0x05f4 Wd - ok
23:43:29.0446 0x05f4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:43:29.0468 0x05f4 Wdf01000 - ok
23:43:29.0478 0x05f4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:43:29.0498 0x05f4 WdiServiceHost - ok
23:43:29.0502 0x05f4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:43:29.0514 0x05f4 WdiSystemHost - ok
23:43:29.0534 0x05f4 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
23:43:29.0546 0x05f4 WebClient - ok
23:43:29.0557 0x05f4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:43:29.0584 0x05f4 Wecsvc - ok
23:43:29.0604 0x05f4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:43:29.0628 0x05f4 wercplsupport - ok
23:43:29.0651 0x05f4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
23:43:29.0675 0x05f4 WerSvc - ok
23:43:29.0685 0x05f4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:43:29.0707 0x05f4 WfpLwf - ok
23:43:29.0713 0x05f4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:43:29.0720 0x05f4 WIMMount - ok
23:43:29.0740 0x05f4 WinDefend - ok
23:43:29.0757 0x05f4 WinHttpAutoProxySvc - ok
23:43:29.0791 0x05f4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:43:29.0818 0x05f4 Winmgmt - ok
23:43:29.0873 0x05f4 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
23:43:29.0918 0x05f4 WinRM - ok
23:43:29.0967 0x05f4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:43:29.0976 0x05f4 WinUsb - ok
23:43:30.0003 0x05f4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:43:30.0030 0x05f4 Wlansvc - ok
23:43:30.0052 0x05f4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:43:30.0059 0x05f4 WmiAcpi - ok
23:43:30.0072 0x05f4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:43:30.0082 0x05f4 wmiApSrv - ok
23:43:30.0089 0x05f4 WMPNetworkSvc - ok
23:43:30.0099 0x05f4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:43:30.0107 0x05f4 WPCSvc - ok
23:43:30.0118 0x05f4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:43:30.0128 0x05f4 WPDBusEnum - ok
23:43:30.0147 0x05f4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:43:30.0169 0x05f4 ws2ifsl - ok
23:43:30.0182 0x05f4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
23:43:30.0195 0x05f4 wscsvc - ok
23:43:30.0198 0x05f4 WSearch - ok
23:43:30.0271 0x05f4 [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv C:\Windows\system32\wuaueng.dll
23:43:30.0326 0x05f4 wuauserv - ok
23:43:30.0357 0x05f4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:43:30.0364 0x05f4 WudfPf - ok
23:43:30.0393 0x05f4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:43:30.0402 0x05f4 WUDFRd - ok
23:43:30.0415 0x05f4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:43:30.0424 0x05f4 wudfsvc - ok
23:43:30.0452 0x05f4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
23:43:30.0463 0x05f4 WwanSvc - ok
23:43:30.0496 0x05f4 [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
23:43:30.0517 0x05f4 xnacc - ok
23:43:30.0530 0x05f4 ================ Scan global ===============================
23:43:30.0550 0x05f4 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
23:43:30.0578 0x05f4 [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
23:43:30.0588 0x05f4 [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
23:43:30.0607 0x05f4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:43:30.0637 0x05f4 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
23:43:30.0643 0x05f4 [ Global ] - ok
23:43:30.0643 0x05f4 ================ Scan MBR ==================================
23:43:30.0651 0x05f4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:43:30.0839 0x05f4 \Device\Harddisk0\DR0 - ok
23:43:30.0839 0x05f4 ================ Scan VBR ==================================
23:43:30.0841 0x05f4 [ 3F35A92857E02864F012FD74859202FD ] \Device\Harddisk0\DR0\Partition1
23:43:30.0843 0x05f4 \Device\Harddisk0\DR0\Partition1 - ok
23:43:30.0844 0x05f4 [ CA9EB3B3E0D57AC1BED29CEEDACF05F0 ] \Device\Harddisk0\DR0\Partition2
23:43:30.0845 0x05f4 \Device\Harddisk0\DR0\Partition2 - ok
23:43:30.0847 0x05f4 [ B4F96BF6B28EA1943F7CCD5AC8A6CAF2 ] \Device\Harddisk0\DR0\Partition3
23:43:30.0848 0x05f4 \Device\Harddisk0\DR0\Partition3 - ok
23:43:30.0848 0x05f4 ================ Scan generic autorun ======================
23:43:30.0882 0x05f4 [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\syswow64\RunDll32.exe
23:43:30.0891 0x05f4 CmPCIaudio - ok
23:43:30.0918 0x05f4 [ 087A06DB98D0E84C0DE90EE308707E63, 96E8CDC492115A93B1B244196947E45D3C30CF64F538EAB634E0B02BEFBF1607 ] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
23:43:30.0923 0x05f4 NUSB3MON - detected UnsignedFile.Multi.Generic ( 1 )
23:43:30.0987 0x05f4 Detect skipped due to KSN trusted
23:43:30.0987 0x05f4 NUSB3MON - ok
23:43:31.0051 0x05f4 [ 40BE6A84C767D503B8258248142F0366, D6499CF94C55552BCAE38A67D567C4DCDF426D195141401719219B305BA1A5B1 ] C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe
23:43:31.0092 0x05f4 Sound Blaster Tactic3D Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
23:43:31.0156 0x05f4 Detect skipped due to KSN trusted
23:43:31.0156 0x05f4 Sound Blaster Tactic3D Control Panel - ok
23:43:31.0188 0x05f4 [ E05782E0B697CADBBC17E78C67280B30, 87A142350F1BD9FF7ADDDBF80AC5C1EFDCE93F8E3142B95ACC8D85DDE77D42D8 ] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
23:43:31.0199 0x05f4 Lightshot - ok
23:43:31.0387 0x05f4 [ 40335C8877B6B84842AF03A40E1BB206, 33433ED8961B1AEEBD30F8DD53A541C711C403D019F1074406FF9C9D1E9F4113 ] C:\Program Files\CCleaner\CCleaner64.exe
23:43:31.0564 0x05f4 CCleaner Monitoring - ok
23:43:31.0644 0x05f4 [ 0174C36C61F536F201160DF5D75CA87E, FFCB4854B41A9C83417084A8B4946B74948D711CF1DB46C99ABF4EAA8672F145 ] C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
23:43:31.0652 0x05f4 CatalinaGroup Update - ok
23:43:31.0653 0x05f4 Waiting for KSN requests completion. In queue: 53
23:43:32.0664 0x05f4 Win FW state via NFP2: enabled ( trusted )
23:43:32.0785 0x05f4 ============================================================
23:43:32.0785 0x05f4 Scan finished
23:43:32.0785 0x05f4 ============================================================
23:43:32.0791 0x07b4 Detected object count: 0
23:43:32.0791 0x07b4 Actual detected object count: 0
|
|
25.02.2017, 00:11
| #4 |
| | Search.B1.org ,Popups und Werbe-weiterleitungen im Browser,Antivir/Adwcleaner finden nichts FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
durchgeführt von PsychoMantis (Administrator) auf SCHNARCHNASE (24-02-2017 23:18:37)
Gestartet von C:\Users\PsychoMantis\Desktop
Geladene Profile: PsychoMantis (Verfügbare Profile: PsychoMantis)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe" -- "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Sound Blaster Tactic3D Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe [2091008 2014-07-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\...\Run: [CatalinaGroup Update] => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [132104 2017-02-22] (Catalina Group Ltd.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{C117CC34-04E2-4F4E-8FC3-6ED867D0B4E2}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{D1A94081-FB24-49D1-BD93-0898002FF58F}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-1040861988-1898195639-2225626604-1000: @catalinahub.net/CatalinaGroup Update;version=3 -> C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll [2017-02-22] (Catalina Group Ltd.)
FF Plugin HKU\S-1-5-21-1040861988-1898195639-2225626604-1000: @catalinahub.net/CatalinaGroup Update;version=9 -> C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll [2017-02-22] (Catalina Group Ltd.)
FF Plugin HKU\S-1-5-21-1040861988-1898195639-2225626604-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PsychoMantis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-27] ()
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [Datei ist nicht signiert]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [400656 2017-02-16] (EasyAntiCheat Ltd)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
S4 Origin Client Service; D:\Origin\OriginClientService.exe [2122248 2017-02-20] (Electronic Arts)
S2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [2184208 2017-02-20] (Electronic Arts)
S4 PAExec; C:\Windows\PAExec.exe [189112 2016-05-05] (Power Admin LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2015-12-09] ()
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-10-23] (C-Media Inc)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2015-12-09] ()
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2004-03-05] () [Datei ist nicht signiert]
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2015-07-31] (Spotflux, Inc.)
R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2013-05-31] (Creative Technology Ltd.)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S0 szkg5; SySWOW64\drivers\szkg64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-24 23:18 - 2017-02-24 23:18 - 00009607 _____ C:\Users\PsychoMantis\Desktop\FRST.txt
2017-02-24 23:18 - 2017-02-24 23:18 - 00000000 ____D C:\FRST
2017-02-24 23:16 - 2017-02-24 23:16 - 04747704 _____ (AO Kaspersky Lab) C:\Users\PsychoMantis\Desktop\tdsskiller.exe
2017-02-24 23:14 - 2017-02-24 23:14 - 02423296 _____ (Farbar) C:\Users\PsychoMantis\Desktop\FRST64.exe
2017-02-24 17:56 - 2017-02-24 17:56 - 00000000 ____D C:\Users\PsychoMantis\Downloads\Uncut-Patch [Half-Life_Blue Shift]
2017-02-24 17:53 - 2017-02-24 17:53 - 00751263 _____ C:\Users\PsychoMantis\Downloads\Uncut-Patch [Half-Life_Blue Shift].rar
2017-02-24 12:58 - 2017-02-24 12:58 - 00000000 ____D C:\Users\PsychoMantis\Downloads\Gunman_Chronicles_Steam_Version.1
2017-02-24 12:43 - 2017-02-24 12:43 - 00000000 ____D C:\Users\PsychoMantis\Desktop\poke646_anniversary_edition
2017-02-24 12:40 - 2017-02-24 12:50 - 249058628 _____ C:\Users\PsychoMantis\Downloads\Gunman_Chronicles_Steam_Version.1.zip
2017-02-24 12:38 - 2017-02-24 12:42 - 151657053 _____ C:\Users\PsychoMantis\Downloads\poke646_anniversary_edition.zip
2017-02-24 00:47 - 2017-02-24 00:47 - 06406240 _____ (Reason Software Company Inc.) C:\Users\PsychoMantis\Downloads\reason-core-security-setup.exe
2017-02-22 19:57 - 2017-02-24 23:07 - 00001178 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA.job
2017-02-22 19:57 - 2017-02-24 20:07 - 00001126 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core.job
2017-02-22 19:57 - 2017-02-22 20:02 - 00004166 _____ C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA
2017-02-22 19:57 - 2017-02-22 20:02 - 00003770 _____ C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core
2017-02-22 19:57 - 2017-02-22 19:57 - 00002489 _____ C:\Users\PsychoMantis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrio.lnk
2017-02-22 19:57 - 2017-02-22 19:57 - 00002464 _____ C:\Users\PsychoMantis\Desktop\Citrio.lnk
2017-02-22 19:57 - 2017-02-22 19:57 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\CatalinaGroup
2017-02-22 19:56 - 2017-02-22 19:56 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\webkit
2017-02-22 19:56 - 2017-02-22 19:56 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\midori
2017-02-22 19:56 - 2017-02-22 19:56 - 00000000 ____D C:\Users\PsychoMantis\.dbus-keyrings
2017-02-22 19:45 - 2017-02-22 19:46 - 00271440 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-22 19:35 - 2017-02-22 19:35 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Battle.net
2017-02-22 19:28 - 2017-02-22 19:28 - 00000000 ____D C:\Users\PsychoMantis\Desktop\RevoUninstaller_Portable
2017-02-22 19:24 - 2017-02-22 19:24 - 04015056 _____ C:\Users\PsychoMantis\Desktop\AdwCleaner_6.043.exe
2017-02-22 19:23 - 2017-02-22 19:23 - 00800608 _____ C:\Users\PsychoMantis\Desktop\palemoon-websetup.exe
2017-02-22 19:22 - 2017-02-22 19:23 - 00726224 _____ (Catalina Group Ltd.) C:\Users\PsychoMantis\Desktop\CitrioSetup.exe
2017-02-22 18:58 - 2017-02-22 18:58 - 00058984 _____ C:\Users\PsychoMantis\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-22 10:43 - 2017-02-22 10:43 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\Camfrog
2017-02-22 10:42 - 2017-02-22 10:55 - 00000000 ____D C:\Program Files (x86)\Camfrog
2017-02-22 10:42 - 2017-02-22 10:45 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Camfrog
2017-02-22 10:42 - 2017-02-22 10:42 - 00000000 ____D C:\ProgramData\Camfrog Update
2017-02-20 13:51 - 2017-02-20 13:51 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\dungeon
2017-02-16 06:23 - 2017-02-16 06:20 - 00400656 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-01-29 21:55 - 2017-01-29 21:55 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\NVIDIA
2017-01-28 00:36 - 2017-01-28 00:46 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\NVIDIA Corporation
2017-01-27 20:35 - 2017-01-27 20:35 - 00000000 __SHD C:\ProgramData\DSS
2017-01-27 20:14 - 2017-01-27 20:14 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Lionhead Studios
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-24 22:58 - 2016-05-16 09:52 - 00000402 _____ C:\Windows\Tasks\update-S-1-5-21-1040861988-1898195639-2225626604-1000.job
2017-02-24 21:39 - 2015-11-03 09:02 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\TS3Client
2017-02-24 19:51 - 2017-01-19 11:51 - 00000524 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0dc4d1a2-623c-450a-96f6-58a57bdaf4dc.job
2017-02-24 17:59 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-24 17:59 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-24 17:55 - 2011-04-12 08:43 - 00696132 _____ C:\Windows\system32\perfh007.dat
2017-02-24 17:55 - 2011-04-12 08:43 - 00147428 _____ C:\Windows\system32\perfc007.dat
2017-02-24 17:55 - 2009-07-14 06:13 - 01611160 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-24 17:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-02-24 17:50 - 2016-05-05 02:37 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-24 17:50 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-24 02:00 - 2017-01-19 11:51 - 00000524 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4b37f26b-dacc-4734-84f0-a87226293be8.job
2017-02-24 01:07 - 2016-09-04 06:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reality Pump
2017-02-24 01:07 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-24 00:56 - 2017-01-14 08:20 - 00000000 ____D C:\AdwCleaner
2017-02-23 22:16 - 2016-02-06 23:32 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\CrashDumps
2017-02-23 20:31 - 2015-11-03 08:44 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-02-23 00:12 - 2016-03-27 02:12 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\vlc
2017-02-22 21:05 - 2016-01-20 20:05 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\Google
2017-02-22 19:58 - 2015-09-27 17:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-22 19:58 - 2015-09-27 17:04 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-22 19:56 - 2015-09-26 05:50 - 00000000 ____D C:\Users\PsychoMantis
2017-02-22 19:43 - 2015-11-15 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-02-22 19:43 - 2015-11-15 13:27 - 00000000 ____D C:\GOG Games
2017-02-22 19:42 - 2016-12-01 22:45 - 00000000 ____D C:\Hex-Editor MX
2017-02-22 19:41 - 2016-02-11 19:00 - 00000000 ____D C:\Program Files (x86)\Smart Mod Manager
2017-02-22 19:40 - 2016-08-25 06:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-22 19:39 - 2016-05-17 23:48 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\GlarySoft
2017-02-22 19:37 - 2015-09-28 00:14 - 00000000 ____D C:\Users\PsychoMantis\Documents\My Games
2017-02-22 19:37 - 2015-09-26 06:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-22 19:36 - 2016-07-23 00:22 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2017-02-22 19:34 - 2016-09-02 06:08 - 00000000 ____D C:\Users\PsychoMantis\Documents\PCSX2
2017-02-22 19:33 - 2015-11-03 19:54 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\Mozilla
2017-02-22 19:33 - 2015-11-02 16:16 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Mozilla
2017-02-22 19:31 - 2015-09-26 06:20 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Opera Software
2017-02-22 19:31 - 2015-09-26 06:20 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\Opera Software
2017-02-22 19:31 - 2015-09-26 05:51 - 00001425 _____ C:\Users\PsychoMantis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-22 10:25 - 2016-01-19 09:01 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Origin
2017-02-22 10:25 - 2016-01-19 09:00 - 00000000 ____D C:\ProgramData\Origin
2017-02-22 05:37 - 2016-12-22 12:58 - 00000000 ____D C:\Users\PsychoMantis\AppData\LocalLow\Mozilla
2017-02-17 16:48 - 2015-09-26 06:50 - 00000000 ____D C:\Users\PsychoMantis\Desktop\Verknüpfungen
2017-02-17 16:47 - 2015-09-26 06:51 - 00000000 ___RD C:\Users\PsychoMantis\Desktop\Games
2017-02-06 05:17 - 2017-01-12 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RGSS-RTP Standard
2017-02-06 05:17 - 2017-01-12 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker 2000 1.05
2017-02-06 01:07 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-06 01:06 - 2016-05-20 22:50 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Soldat
2017-02-06 01:02 - 2017-01-12 19:05 - 00000000 ____D C:\Program Files (x86)\rpg2003
2017-01-28 15:54 - 2015-09-26 20:09 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\DVDVideoSoft
2017-01-28 01:50 - 2016-10-30 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-28 01:50 - 2016-05-04 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-01-28 01:50 - 2016-05-03 00:34 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-28 01:50 - 2016-02-04 08:57 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\NVIDIA
2017-01-28 01:50 - 2015-09-26 06:25 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-28 01:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\security
2017-01-28 01:49 - 2016-05-05 02:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-28 01:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2017-01-28 01:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2017-01-28 01:46 - 2016-05-05 02:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-27 22:37 - 2015-11-05 01:33 - 00007636 _____ C:\Users\PsychoMantis\AppData\Local\Resmon.ResmonCfg
2017-01-26 22:04 - 2015-12-23 18:23 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\Ubisoft Game Launcher
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-01-04 19:44 - 2016-01-04 19:47 - 0000626 _____ () C:\Users\PsychoMantis\AppData\Roaming\All CPU MeterV3_Settings.ini
2016-05-05 00:37 - 2016-05-05 00:49 - 0000056 _____ () C:\Users\PsychoMantis\AppData\Roaming\coreavc.ini
2015-11-13 18:37 - 2015-11-13 18:37 - 26602416 _____ () C:\Users\PsychoMantis\AppData\Roaming\gameboxsetup.exe
2015-11-05 01:33 - 2017-01-27 22:37 - 0007636 _____ () C:\Users\PsychoMantis\AppData\Local\Resmon.ResmonCfg
2015-11-07 23:02 - 2015-11-07 23:02 - 0000003 _____ () C:\Users\PsychoMantis\AppData\Local\updater.log
2015-11-07 23:02 - 2016-08-06 21:30 - 0000424 _____ () C:\Users\PsychoMantis\AppData\Local\UserProducts.xml
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-02-23 12:08
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
durchgeführt von PsychoMantis (24-02-2017 23:19:12)
Gestartet von C:\Users\PsychoMantis\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-09-26 04:50:41)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1040861988-1898195639-2225626604-500 - Administrator - Disabled)
Gast (S-1-5-21-1040861988-1898195639-2225626604-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1040861988-1898195639-2225626604-1002 - Limited - Enabled)
PsychoMantis (S-1-5-21-1040861988-1898195639-2225626604-1000 - Administrator - Enabled) => C:\Users\PsychoMantis
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)
7-Zip 15.12 (HKLM-x32\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Anno 1404 - Gold Edition (HKLM-x32\...\1440426004_is1) (Version: 2.0.0.2 - GOG.com)
Anno 1503 A.D. (HKLM-x32\...\1438074791_is1) (Version: 2.0.0.5 - GOG.com)
Anno 1602 - Creation of a New World (HKLM-x32\...\1438168222_is1) (Version: 2.0.0.6 - GOG.com)
Anno 1701 A.D. (HKLM-x32\...\1438075172_is1) (Version: 2.0.0.4 - GOG.com)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.4.1036 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)
Call of Pripyat Complete v1.0.2 (HKLM-x32\...\Call of Pripyat Complete_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version: - Cheat Engine)
Citrio (HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\...\Citrio) (Version: 50.0.2661.274 - © Catalinagroup Ltd.)
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - )
Command & Conquerâ„¢ and The Covert Operationsâ„¢ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquerâ„¢ Red Alert, Counterstrike and The Aftermath (HKLM-x32\...\{B9A7CCBE-48F7-4B3E-BD20-76ADDD4DC69F}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command and Conquer 3 Tiberium Wars Complete Collection Version 1.02 (HKLM-x32\...\{01BB7046-6217-4225-BFA8-A5E5DB2B0977}_is1) (Version: 1.02 - Electronic Arts)
Company of Heroes (HKLM\...\Steam App 4560) (Version: - Relic Entertainment)
Company of Heroes (New Steam Version) (HKLM\...\Steam App 228200) (Version: - Relic)
Company of Heroes: Opposing Fronts (HKLM\...\Steam App 9340) (Version: - Relic Entertainment)
Company of Heroes: Tales of Valor (HKLM\...\Steam App 20540) (Version: - Relic Entertainment)
Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)
Counter-Strike: Condition Zero (HKLM\...\Steam App 80) (Version: - Valve)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Cry of Fear (HKLM\...\Steam App 223710) (Version: - Team Psykskallar)
Crysis 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.9.0.0 - Electronic Arts)
DARK (HKLM\...\Steam App 225360) (Version: - Realmforge Studios)
Dark Matter (HKLM\...\Steam App 251410) (Version: - InterWave Studios)
Day of Defeat: Source (HKLM\...\Steam App 300) (Version: - Valve)
Dead Age (HKLM\...\Steam App 363930) (Version: - Silent Dreams)
Dead Spaceâ„¢ 2 (HKLM-x32\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.943.0 - Electronic Arts)
Deus Ex: Human Revolution - Director's Cut (HKLM\...\Steam App 238010) (Version: - Eidos Montreal)
Die Simsâ„¢ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
Die Simsâ„¢ 3 Late Night (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Late Night) (Version: 1.0.0.0 - Electronic Arts Inc.)
Die Simsâ„¢ 3 Supernatural (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Supernatural) (Version: 1.0.0.0 - Electronic Arts Inc.)
Die Simsâ„¢ 3 Traumkarrieren (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Ambitions) (Version: 1.0.0.0 - Electronic Arts Inc.)
Divine Divinity (HKLM\...\Steam App 214170) (Version: - Larian Studios)
Dungeon Warfare (HKLM-x32\...\Steam App 355980) (Version: - Valsar)
Fable III (HKLM-x32\...\GFWL_{4D53090A-9B45-437B-A66A-831000008300}) (Version: 1.0.0000.131 - Microsoft Game Studios)
Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
Fallout (HKLM-x32\...\1440148836_is1) (Version: 2.1.0.18 - GOG.com)
Far Cry 3 (HKLM-x32\...\Uplay Install 46) (Version: - Ubisoft)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
Final Fantasy VII Steam Edition Version 1.0.9 (HKLM-x32\...\{625A041D-65DA-4E68-9010-419ECD204314}_is1) (Version: 1.0.9 - Square Enix)
FINAL FANTASY VIII (HKLM\...\Steam App 39150) (Version: - SQUARE ENIX)
Half-Life (HKLM\...\Steam App 70) (Version: - Valve)
Half-Life 2: Update (HKLM\...\Steam App 290930) (Version: - Filip Victor)
Half-Life: Blue Shift (HKLM\...\Steam App 130) (Version: - Gearbox Software)
Half-Life: Source (HKLM\...\Steam App 280) (Version: - Valve)
Hitman: Absolution (HKLM\...\Steam App 203140) (Version: - IO Interactive)
Infectonator : Survivors (HKLM\...\Steam App 269310) (Version: - Toge Productions)
Jagged Alliance - Back in Action (HKLM\...\Steam App 57740) (Version: - Coreplay GmbH)
Jagged Alliance 2 Wildfire (HKLM-x32\...\1207658743_is1) (Version: 2.1.0.8 - GOG.com)
Jagged Alliance Flashback (HKLM\...\Steam App 256010) (Version: - Full Control)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
Legend of Grimrock II (HKLM-x32\...\1207666193_is1) (Version: 2.1.0.5 - GOG.com)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Lucius II (HKLM\...\Steam App 296830) (Version: - Shiver Games)
Mass Effectâ„¢ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
Metro: Last Light (HKLM\...\Steam App 43160) (Version: - 4A Games)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Might & Magic X Legacy (HKLM-x32\...\Uplay Install 401) (Version: - Ubisoft)
MOBIUS FINAL FANTASY (HKLM\...\Steam App 536930) (Version: - SQUARE ENIX CO., LTD.)
Mount & Blade (HKLM\...\Steam App 22100) (Version: - TaleWorlds Entertainment)
Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM\...\Steam App 48720) (Version: - TaleWorlds Entertainment)
Mozilla Thunderbird 45.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.6.0 (x86 de)) (Version: 45.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
Need for Speedâ„¢ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Nether (HKLM\...\Steam App 247730) (Version: - Phosphor Games Studio)
NOX (HKLM-x32\...\{BF152F35-9708-452C-862C-F7E3B62DF732}) (Version: 2.0.0.20 - Electronic Arts, Inc.)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Orcs Must Die! Unchained (HKLM\...\Steam App 427270) (Version: - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version: - The Indie Stone)
RAGE (HKLM-x32\...\Steam App 9200) (Version: - id Software)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
S.T.A.L.K.E.R. - Clear Sky [v1.00010] (HKLM-x32\...\S.T.A.L.K.E.R. - Clear Sky_is1) (Version: 1.00010 - Deep Silver)
S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version: - GSC Game World)
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM\...\Steam App 4500) (Version: - GSC Game World)
Saboteurâ„¢ (HKLM-x32\...\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}) (Version: 1.0.0.0 - Electronic Arts)
Silver (HKLM-x32\...\1207659041_is1) (Version: 2.0.0.15 - GOG.com)
Skyrim Script Extender (SKSE) (HKLM\...\Steam App 365720) (Version: - The SKSE Team)
Soda Dungeon (HKLM\...\Steam App 564710) (Version: - AN Productions)
Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version: - Valve)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader 2 (HKLM\...\Steam App 232890) (Version: - FireFly Studios)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold HD (HKLM\...\Steam App 40950) (Version: - FireFly Studios)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Tempest (HKLM\...\Steam App 418180) (Version: - Lion's Shade)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Sims(TM) 3 (HKLM\...\Steam App 47890) (Version: - The Sims Studio)
Trine Enhanced Edition (HKLM-x32\...\1207659020_is1) (Version: 2.0.0.2 - GOG.com)
Two Worlds (HKLM-x32\...\Two Worlds) (Version: 1.7.0 - )
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - )
Unepic (HKLM-x32\...\GOGPACKUNEPIC_is1) (Version: 2.2.0.7 - GOG.com)
Unity Web Player (HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.8.1 (HKLM\...\VulkanRT1.0.8.1) (Version: 1.0.8.1 - LunarG, Inc.)
Warzone 2100-3.1.2 (HKLM-x32\...\Warzone 2100-3.1.2) (Version: 3.1.2 - Warzone 2100 Project)
Wasteland 2 - Ranger Edition (HKLM-x32\...\{52CC6D4B-B565-4908-A524-5DA978EB4D3B}_is1) (Version: 1.0 - inXile Entertainment)
WinRAR 5.21 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wizardry 8 (HKLM\...\Steam App 245450) (Version: - Sir-Tech Canada)
Worms Clan Wars (HKLM\...\Steam App 233840) (Version: - Team17 Digital Ltd)
Worms Reloaded (HKLM\...\Steam App 22600) (Version: - Team17 Digital Ltd)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.3 - Xvid Team)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CLSID\{01E9FAE9-3819-4dd9-B1D9-998A1C62D1F8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CLSID\{9CF1512B-6019-4573-9466-57AA61960209}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {6B69E57D-FDD0-4E27-8EB7-9F10151A62DA} - System32\Tasks\SUPERAntiSpyware Scheduled Task 0dc4d1a2-623c-450a-96f6-58a57bdaf4dc => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {6D53FC9D-0825-4777-BFB5-EEED6F8E0984} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
Task: {82A5FE1D-ACA2-470A-BE55-9DDA5F8FA86C} - System32\Tasks\SUPERAntiSpyware Scheduled Task 4b37f26b-dacc-4734-84f0-a87226293be8 => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {89BE678F-262C-4A73-8DE7-9EE6D419FFD3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {C5061727-7814-4763-A14E-EAE7210DBC1E} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2017-02-22] (Catalina Group Ltd.)
Task: {E2AE0D16-0BB9-40CE-8486-DF58225F18D9} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2017-02-22] (Catalina Group Ltd.)
Task: {F13D00DA-C4E1-4FAC-A389-CF384F682F98} - System32\Tasks\update-S-1-5-21-1040861988-1898195639-2225626604-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core.job => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA.job => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0dc4d1a2-623c-450a-96f6-58a57bdaf4dc.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4b37f26b-dacc-4734-84f0-a87226293be8.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\update-S-1-5-21-1040861988-1898195639-2225626604-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-05-05 02:37 - 2016-10-25 21:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-11-16 17:55 - 2015-11-16 17:55 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-11-03 08:52 - 2014-03-24 10:37 - 00074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2015-11-03 08:52 - 2014-03-24 10:33 - 00274944 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2017-02-22 19:57 - 2017-02-18 04:45 - 01622912 _____ () C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\50.0.2661.274\libglesv2.dll
2017-02-22 19:57 - 2017-02-18 04:45 - 00078208 _____ () C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\50.0.2661.274\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\exefile: <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2017-01-17 00:02 - 00000042 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost
127.0.0.1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: DigitalWave.Update.Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HDD Observer Service => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: PAExec => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvid\CheckUpdate.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{2DF2F9C7-C7FD-4EEF-903D-9440259ECF30}C:\program files (x86)\warzone 2100-3.1.2\warzone2100.exe] => (Allow) C:\program files (x86)\warzone 2100-3.1.2\warzone2100.exe
FirewallRules: [UDP Query User{178180C1-905A-4E8F-9D3B-288A540125B3}C:\program files (x86)\warzone 2100-3.1.2\warzone2100.exe] => (Allow) C:\program files (x86)\warzone 2100-3.1.2\warzone2100.exe
FirewallRules: [{E186F0A6-0332-40C6-B50D-0CCB6EB981DA}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{458307DC-DC3B-4E44-B1B6-E57B619E9B97}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{9235C082-A288-4602-92CC-3F4374272BBD}] => (Allow) E:\Steam\steamapps\common\Dungeon Warfare\DW.exe
FirewallRules: [{08943D30-7454-44F7-993D-7C85412E858F}] => (Allow) E:\Steam\steamapps\common\Dungeon Warfare\DW.exe
FirewallRules: [{42EEAA17-AAAF-4AA2-B074-A35E76348756}] => (Allow) E:\Steam\steamapps\common\RAGE\Rage.exe
FirewallRules: [{7E26F1BE-038F-4A79-B705-A2C27A2B159D}] => (Allow) E:\Steam\steamapps\common\RAGE\Rage.exe
FirewallRules: [{D572C638-F50E-45F6-A84E-D620594DBEFF}] => (Allow) E:\Steam\steamapps\common\RAGE\Rage64.exe
FirewallRules: [{AD830741-3499-492B-97D7-6A53B4D2F28F}] => (Allow) E:\Steam\steamapps\common\RAGE\Rage64.exe
FirewallRules: [{1932BC1E-156B-451C-A40E-6A8B4E09D3D7}] => (Allow) C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe
FirewallRules: [{737EDB2B-75DA-473F-9EC0-E192DDB65462}] => (Allow) C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe
FirewallRules: [{7D5B8A88-D6C0-46C1-8EA9-D939D0D2AA64}] => (Allow) C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe
FirewallRules: [{4BA4C04B-5EC6-4BD4-B0A8-1987BF6E8D83}] => (Allow) C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe
FirewallRules: [{00A6AF7E-5EB7-4916-A019-334A2E68E6A6}] => (Allow) E:\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{1804D4C0-02C5-4708-BF4E-D23AFAEF2FB8}] => (Allow) E:\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{5288ECDA-F481-491F-8EC3-39A153956AB0}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{13B8D26C-7FEC-4278-AD89-F28823033947}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{E1073460-7150-4CF4-BC34-B3709A91C19B}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{16A90A91-4C03-460A-B997-6A4AA64B02F6}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [TCP Query User{B2FFD18C-3BCE-439C-93F8-B98FA3289D95}D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{01871491-AFE7-455A-9214-E07E635AA0F7}D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{B041CC71-CACD-46E5-85B9-A6ADB9E2266A}D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [UDP Query User{4BF7D26D-B963-4F6B-B7AC-E6848DE4465B}D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{4E2813A1-F980-4BF5-96BF-57C110EDEC31}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{C29F9DCA-D631-4592-B916-D4C34B0FAA03}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{FCCEAA7B-A4B4-4904-8ED1-4ED1F42B5301}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{B74105CA-75FC-40A6-A35F-EB1818BD5D4E}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{91B4C70D-5F86-4A35-B15B-A415F5D29829}] => (Allow) E:\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{84121DCB-4583-4880-B3F3-7A2A77E60FBD}] => (Allow) E:\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{1FA3539B-5B56-43C9-AB6F-AE717555AA20}] => (Allow) E:\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{1C8AD1DF-4F09-4FB6-A337-70D395B89D43}] => (Allow) E:\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{A3D3C5AA-5F38-4AAE-BE11-5646550ABD89}] => (Allow) D:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{B89C54FE-38C0-4542-9FA7-7A980A995D58}] => (Allow) D:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{145406CD-8204-4D5F-930B-28A07156CB27}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{370AA135-5D1A-45B4-B94F-E9C322CAE4B1}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{842EA3AE-42E6-4099-B389-2AC7092BF23A}] => (Allow) D:\Ubisoft Game Launcher\games\Might & Magic® X Legacy\Might and Magic X Legacy.exe
FirewallRules: [TCP Query User{13AE2AE4-90EB-49B4-9757-41E1B181BB27}E:\steam\steamapps\common\cry of fear\cof.exe] => (Allow) E:\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{E69C5EEB-2452-42C8-A98B-2FF6EADBDCFD}E:\steam\steamapps\common\cry of fear\cof.exe] => (Allow) E:\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{6A5D9B59-564F-4954-AF9A-EEC11C53D2A4}] => (Allow) E:\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [{EC11A1BD-6EB4-4935-BF85-6AFF4FAF294B}] => (Allow) E:\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [TCP Query User{47F1FFAB-E697-42EE-909D-A57E2F42CF0A}E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [UDP Query User{CDD2EF06-CC75-4B4E-8E23-8454A5EF8C67}E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [{DCF489D1-DF48-48DA-AE95-393005878F96}] => (Allow) E:\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{89EE68A3-C44E-4574-A811-CF18C8CB4313}] => (Allow) E:\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{3BCEEA0F-34C7-480C-A23C-0453B963DF97}] => (Allow) E:\Steam\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{EB56EFF9-CE9E-40BF-990F-9C5E7E82D354}] => (Allow) E:\Steam\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{54FC0C36-54F3-4D08-A599-A68263E957B4}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{C6462AAB-C84D-4930-A1FE-0D1372FC81F5}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{4C97E880-7E45-4145-B41C-4872C6114CF3}] => (Allow) E:\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{03678835-CDCB-48C0-8BA9-9FFF68916C0E}] => (Allow) E:\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [TCP Query User{040E1D32-38D6-40D9-9429-55F49E0ABB1F}E:\steam\steamapps\common\projectzomboid\jre\bin\java.exe] => (Allow) E:\steam\steamapps\common\projectzomboid\jre\bin\java.exe
FirewallRules: [UDP Query User{BC02739F-7C12-4D0F-B945-8A9CA77E1FF6}E:\steam\steamapps\common\projectzomboid\jre\bin\java.exe] => (Allow) E:\steam\steamapps\common\projectzomboid\jre\bin\java.exe
FirewallRules: [{418701CC-E5F9-4915-B968-A22EE40FFC34}] => (Allow) E:\Steam\steamapps\common\Mount and Blade\runme.exe
FirewallRules: [{7FDDDD50-9E59-4EEE-BF36-B0C2F70A5A14}] => (Allow) E:\Steam\steamapps\common\Mount and Blade\runme.exe
FirewallRules: [{29947EED-E41B-4AF1-9BC8-59A8DAFC8D09}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{D3FA6522-562C-4A69-AAEA-07FCADE1370E}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{260FBA99-FB69-4496-B64E-DC717B59CDCA}] => (Allow) E:\Steam\steamapps\common\divine_divinity\div.exe
FirewallRules: [{F4844D3B-9ADC-43FD-86B0-2B9E714CE70B}] => (Allow) E:\Steam\steamapps\common\divine_divinity\div.exe
FirewallRules: [{06DDA994-1246-4A8D-84FA-3AC5BAFCCBC2}] => (Allow) E:\Steam\steamapps\common\divine_divinity\configtool.exe
FirewallRules: [{79DD0C66-F8D7-43E7-B4D4-1010F00B31C9}] => (Allow) E:\Steam\steamapps\common\divine_divinity\configtool.exe
FirewallRules: [{2A7D588D-E3CD-48D5-A7AF-AB806A90A3C9}] => (Allow) E:\Steam\steamapps\common\Wizardry8\Wiz8.exe
FirewallRules: [{C8B7C5F7-A973-4E2E-BD77-74A96CB88D83}] => (Allow) E:\Steam\steamapps\common\Wizardry8\Wiz8.exe
FirewallRules: [{9ED81E86-44A2-4373-AD19-D7B9CA9BCE24}] => (Allow) E:\Steam\steamapps\common\Wizardry8\3DSetup.exe
FirewallRules: [{50754A9B-808D-456F-8141-D16864AD7C47}] => (Allow) E:\Steam\steamapps\common\Wizardry8\3DSetup.exe
FirewallRules: [{DDEC4005-F653-4CD3-B09C-3A8713A23805}] => (Allow) E:\Steam\steamapps\common\Wizardry8\nglide_config.exe
FirewallRules: [{722A7734-844A-465C-A9CD-23360C927BC9}] => (Allow) E:\Steam\steamapps\common\Wizardry8\nglide_config.exe
FirewallRules: [{EE4F29D5-84DA-461A-9AE1-76A87F7D8F16}] => (Allow) E:\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{198A0E5E-790A-4C88-A118-29FCD8AE79EC}] => (Allow) E:\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{16531EFE-8083-4A5F-8C6E-C4A4F077A916}] => (Allow) E:\Steam\steamapps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{0D336776-E2CD-43B5-A3F1-6328555092C4}] => (Allow) E:\Steam\steamapps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [TCP Query User{694A6F46-106F-4345-B825-FF13D67ABFDF}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{6F0D6AA6-2C47-49FF-A617-8C17E6548B26}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{FFF5E0DA-3C4C-427A-AD00-044531D520CC}] => (Allow) E:\Steam\steamapps\common\Dark\DarkApp.exe
FirewallRules: [{FBBD43D1-5CEA-45CE-8993-2305815F076E}] => (Allow) E:\Steam\steamapps\common\Dark\DarkApp.exe
FirewallRules: [{25283AD8-0424-4D80-8323-031B2385489C}] => (Allow) E:\Steam\steamapps\common\Infectonator Survivors\Survivors.exe
FirewallRules: [{0BE33B6F-1667-4801-ACF6-89BACDDAE4E1}] => (Allow) E:\Steam\steamapps\common\Infectonator Survivors\Survivors.exe
FirewallRules: [{7DEC3B47-2711-4FA2-9CD1-32DCA3C17AD5}] => (Allow) E:\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{2946C77D-F96F-431A-86D6-384E47A826FF}] => (Allow) E:\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{F49FF3F9-8EC3-448D-95C6-FA3F720175B7}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert\RA95Launcher.exe
FirewallRules: [{11188EC5-2591-41F6-B823-2AB4BB202FE9}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert\RA95Launcher.exe
FirewallRules: [{635AE084-5393-4D4D-9618-D39F46E1C713}] => (Allow) D:\Program Files (x86)\Origin Games\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{F60568DF-0C97-40BA-BCB3-784BD49F5EFE}] => (Allow) D:\Program Files (x86)\Origin Games\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{E5A6F64F-C441-4501-A35B-E92DE9D248F5}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds.exe
FirewallRules: [{88BD701C-84A1-4A66-9455-29241A126A12}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds.exe
FirewallRules: [{34FC09BD-DE65-4782-862C-0DA222857A82}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{B8DFD8FF-4BEC-48A3-830A-E50F5CBECC44}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{FDE7F0A6-FD85-4191-9AD4-0D1FC65CB5DB}] => (Allow) D:\Program Files (x86)\Origin Games\Crysis 2\bin32\Crysis2.exe
FirewallRules: [{32D2EBB3-A2BD-4E9B-8162-E88462FEAF62}] => (Allow) D:\Program Files (x86)\Origin Games\Crysis 2\bin32\Crysis2.exe
FirewallRules: [TCP Query User{16504E92-6EA7-4C81-86BC-0E5E5EF49196}C:\gog games\anno 1404 gold edition\tools\anno4web.exe] => (Allow) C:\gog games\anno 1404 gold edition\tools\anno4web.exe
FirewallRules: [UDP Query User{E7DC6F7C-5E40-4986-9E6D-9B96832070DA}C:\gog games\anno 1404 gold edition\tools\anno4web.exe] => (Allow) C:\gog games\anno 1404 gold edition\tools\anno4web.exe
FirewallRules: [TCP Query User{60BE6388-8956-46C1-90E9-154AB57ACF9E}C:\gog games\anno 1404 gold edition\tools\addonweb.exe] => (Allow) C:\gog games\anno 1404 gold edition\tools\addonweb.exe
FirewallRules: [UDP Query User{11FD80DF-D210-449C-8DED-D530D72FAAFD}C:\gog games\anno 1404 gold edition\tools\addonweb.exe] => (Allow) C:\gog games\anno 1404 gold edition\tools\addonweb.exe
FirewallRules: [TCP Query User{36E2F920-C909-44F2-8FE9-81FDC9638211}C:\gog games\anno 1701 ad\anno1701.exe] => (Block) C:\gog games\anno 1701 ad\anno1701.exe
FirewallRules: [UDP Query User{195E86DC-92B2-44B0-A261-2FED6115A963}C:\gog games\anno 1701 ad\anno1701.exe] => (Block) C:\gog games\anno 1701 ad\anno1701.exe
FirewallRules: [{ED0F6A68-EFF1-4577-9669-64312916C3E8}] => (Allow) E:\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{5DD41378-C4B5-4398-91E8-989B68315F89}] => (Allow) E:\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [TCP Query User{0C925492-2CE0-407F-AAEA-E25254DC4D64}C:\program files (x86)\ea games\dead space 2\deadspace2.exe] => (Allow) C:\program files (x86)\ea games\dead space 2\deadspace2.exe
FirewallRules: [UDP Query User{0F1386EF-1479-460D-BA37-1858A4F77A19}C:\program files (x86)\ea games\dead space 2\deadspace2.exe] => (Allow) C:\program files (x86)\ea games\dead space 2\deadspace2.exe
FirewallRules: [TCP Query User{2C385A7E-406E-411E-A52A-279D9AB9E8DA}C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe
FirewallRules: [UDP Query User{11E62554-4DD5-49C0-B876-036448A0EF2F}C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe
FirewallRules: [{64037DE9-3E4F-4787-A6B2-25D7A0C1BDBC}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{A30BE363-2B9F-4DEB-8510-C1942EB0B11C}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{34C1A6F9-54F5-4092-A879-9EEDCD86E7AF}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{F0B158C3-A5AE-4B14-9F8B-5B5CF07656E5}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{FCB6AF31-40FF-4918-A7AC-65A7E1267160}] => (Allow) E:\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{B78F1E9C-252C-41ED-AFC6-26DF8C5EA783}] => (Allow) E:\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{3992AA66-F08D-4427-BA72-73D674143F34}] => (Allow) E:\Steam\steamapps\common\Nether\Game\Binaries\Win64\Nether.exe
FirewallRules: [{6893D4F0-4DD1-4602-A0A9-EAB1E797CAE3}] => (Allow) E:\Steam\steamapps\common\Nether\Game\Binaries\Win64\Nether.exe
FirewallRules: [{8FEF6526-215B-41E4-BE00-23E9B5D3EC61}] => (Allow) E:\Steam\steamapps\common\Jagged Alliance Flashback\game.exe
FirewallRules: [{F57658C5-502C-4266-9457-D19A7CE7518A}] => (Allow) E:\Steam\steamapps\common\Jagged Alliance Flashback\game.exe
FirewallRules: [{B6DAC352-61C0-4E72-97DE-2E3577C6FCD3}] => (Allow) E:\Steam\steamapps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe
FirewallRules: [{7B78E859-62D1-484C-AD8D-8F3B7ACE3A06}] => (Allow) E:\Steam\steamapps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe
FirewallRules: [{28D2ADF4-416B-4FAD-A765-A09677CA2048}] => (Allow) E:\Steam\steamapps\common\Tempest\Tempest.exe
FirewallRules: [{45827811-9DB9-4244-A4FE-273563A461F0}] => (Allow) E:\Steam\steamapps\common\Tempest\Tempest.exe
FirewallRules: [{8B56524A-D441-4886-A4FE-392BD8C83CA6}] => (Allow) E:\Steam\steamapps\common\JABIA\JaggedAllianceBIA.exe
FirewallRules: [{ED6C1226-E4DE-4035-9379-2BF574BFF6E5}] => (Allow) E:\Steam\steamapps\common\JABIA\JaggedAllianceBIA.exe
FirewallRules: [{400D4721-22A4-4249-8D92-22AFF79C2BB7}] => (Allow) E:\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{FF234DF1-8935-4B8E-94A1-2BA3E2D6F6C6}] => (Allow) E:\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{58A4C62B-2D65-4FF4-9A55-5A747672B4C6}] => (Allow) E:\Steam\steamapps\common\dark matter iw\darkmatter.exe
FirewallRules: [{0064812B-23E2-4814-A69D-DF516592024C}] => (Allow) E:\Steam\steamapps\common\dark matter iw\darkmatter.exe
FirewallRules: [{E550E41B-B14D-4C67-A71C-0AAF4A6D9BEB}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C9E21792-CB51-470B-AB69-9D6AC3E26A45}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FAFC7B48-477E-42DC-92CC-A9D638449840}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BCE84615-2A7F-48D3-87C9-876702FBAA2F}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{40B66E86-32D0-4D44-A9C7-31736428B338}] => (Allow) E:\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{E155D1AE-60D0-4EF1-AB91-6CC1A6523A83}] => (Allow) E:\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{89F42CB6-9B5D-47FD-A342-690A01188B2D}] => (Allow) E:\Steam\steamapps\common\Stronghold\Stronghold.exe
FirewallRules: [{6E00144A-255B-4F79-91DA-89214D8DB40D}] => (Allow) E:\Steam\steamapps\common\Stronghold\Stronghold.exe
FirewallRules: [{F686AD16-66C6-48EE-B138-5EE216A78A31}] => (Allow) E:\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{DE865DEF-8656-42D0-B393-7FF97B15CBF6}] => (Allow) E:\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{7EB5DF75-E967-4D65-84F1-FE3E42F750C6}] => (Allow) E:\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{FD4F13DC-1AAA-4328-AAEE-4D0AE9B7E8C2}] => (Allow) E:\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{035AC799-FC93-456C-82D7-7C926086FB1A}] => (Allow) E:\Steam\steamapps\common\Dead Age\DeadAge.exe
FirewallRules: [{0256CD68-378F-4C34-A9B7-3127CEF4F259}] => (Allow) E:\Steam\steamapps\common\Dead Age\DeadAge.exe
FirewallRules: [{6A094FF6-5CF9-4C5F-818B-9CAACFCB5308}] => (Allow) E:\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{626765FE-95B8-4076-ABBA-EC750CE4DFCC}] => (Allow) E:\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{78187502-186B-4AF9-9928-45205AF5C177}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{DAD562D5-6DCC-4F40-8B8E-327A10419D49}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{B2CEBBBB-1D4D-47D5-B006-2B0C94C9E7D9}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{9DCDB133-BF7C-4C61-AEB1-E6B49C6BA16C}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{3E16B1F4-59A3-4D96-8CF1-5BE4D4AF9A97}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{B4E69F6A-E78A-4381-AB6A-82884A7EFE85}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{FF66C954-32BE-487F-9230-653D94504CC4}] => (Allow) D:\Fable3\Fable3.exe
FirewallRules: [{2CD94E65-01A5-4253-80F7-59B9B8E931EA}] => (Allow) D:\Fable3\Fable3.exe
FirewallRules: [{C10AF9EA-6F64-4185-992E-C4099C5A3C43}] => (Allow) E:\Steam\steamapps\common\MOBIUS FINAL FANTASY\mobiusff.exe
FirewallRules: [{23B698BD-7B9F-4DAE-A8B8-F33749673458}] => (Allow) E:\Steam\steamapps\common\MOBIUS FINAL FANTASY\mobiusff.exe
FirewallRules: [{3C0D2895-BCFD-4B36-90D7-48D3D1ACA5A5}] => (Allow) E:\Steam\steamapps\common\Soda Dungeon\dungeon.exe
FirewallRules: [{37C773D3-E70B-41D4-8ACE-C98D902BD939}] => (Allow) E:\Steam\steamapps\common\Soda Dungeon\dungeon.exe
FirewallRules: [{6730A466-0FC3-4B29-97DC-70748F30F627}] => (Allow) E:\Steam\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe
FirewallRules: [{BDFF083A-A905-493B-BB94-68DC9F714E1D}] => (Allow) E:\Steam\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe
FirewallRules: [{42BB2F06-48F5-4CA0-A7C2-F6EBF351DD06}] => (Allow) E:\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{C90F413A-502E-429E-A175-5CC8A2E14B2C}] => (Allow) E:\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{CAAC04BB-2424-4AA1-90CA-09F1B44A8E3C}] => (Allow) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
FirewallRules: [{E85B123F-3716-4E33-B654-126FA0E7F1D5}] => (Allow) E:\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{5E7BACF8-C17C-43F4-89DE-8B3CA7FF3C47}] => (Allow) E:\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{E05AF301-C036-4566-9589-091CF8A3B917}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{6E703A90-81EB-4B99-B662-20038244756B}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{8BD94752-A8A9-4EE8-8681-EA6EFF09EDEB}] => (Allow) E:\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{2B386774-FE37-4ACF-9B4C-16577B027193}] => (Allow) E:\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
==================== Wiederherstellungspunkte =========================
22-02-2017 19:30:35 Revo Uninstaller's restore point - Opera Stable 43.0.2442.991
22-02-2017 19:32:38 Revo Uninstaller's restore point - Mozilla Firefox 51.0.1 (x86 de)
22-02-2017 19:34:07 Revo Uninstaller's restore point - Xvid Video Codec
22-02-2017 19:34:35 Revo Uninstaller's restore point - PCSX2 - Playstation 2 Emulator
22-02-2017 19:34:59 Revo Uninstaller's restore point - Smart Mod Manager
22-02-2017 19:36:51 Entfernt Command & Conquer Die ersten 10 Jahre
22-02-2017 19:37:27 Crysis(R) entfernt.
22-02-2017 19:39:36 Removed GTA2
22-02-2017 19:41:40 Removed Smart Mod Manager
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (02/23/2017 10:16:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x56130448
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xcbc
Startzeit der fehlerhaften Anwendung: 0x01d28e0ebe166212
Pfad der fehlerhaften Anwendung: E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 5938a40e-fa0d-11e6-885f-1c6f65878e2c
Error: (02/23/2017 08:51:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x56130448
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x928
Startzeit der fehlerhaften Anwendung: 0x01d28e0c5078fbab
Pfad der fehlerhaften Anwendung: E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 68c4a91c-fa01-11e6-885f-1c6f65878e2c
Error: (02/22/2017 07:40:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamtray.exe, Version: 3.0.0.912, Zeitstempel: 0x58811d74
Name des fehlerhaften Moduls: mbamtray.exe, Version: 3.0.0.912, Zeitstempel: 0x58811d74
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00054645
ID des fehlerhaften Prozesses: 0x136c
Startzeit der fehlerhaften Anwendung: 0x01d28d3b1a9b3093
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Berichtskennung: 5c7334ee-f92e-11e6-a750-1c6f65878e2c
Error: (02/22/2017 07:34:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48ce8271-5b6e-4b27-b3a4-8019b5e3085c}
Error: (02/22/2017 07:34:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48ce8271-5b6e-4b27-b3a4-8019b5e3085c}
Error: (02/22/2017 07:34:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48ce8271-5b6e-4b27-b3a4-8019b5e3085c}
Error: (02/22/2017 07:32:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48ce8271-5b6e-4b27-b3a4-8019b5e3085c}
Error: (02/22/2017 07:30:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48ce8271-5b6e-4b27-b3a4-8019b5e3085c}
Systemfehler:
=============
Error: (02/24/2017 05:51:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
is3srv
szkg5
Error: (02/24/2017 05:51:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" ist vom Dienst "RAS-Verbindungsverwaltung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.
Error: (02/24/2017 05:51:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Error: (02/24/2017 05:51:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (02/24/2017 05:51:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.
Error: (02/24/2017 05:50:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎24.‎02.‎2017 um 17:48:50 unerwartet heruntergefahren.
Error: (02/24/2017 12:14:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
is3srv
szkg5
Error: (02/24/2017 12:14:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" ist vom Dienst "RAS-Verbindungsverwaltung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.
Error: (02/24/2017 12:14:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Error: (02/24/2017 12:14:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
CodeIntegrity:
===================================
Date: 2016-07-23 17:52:09.662
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-07-23 17:52:09.622
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-07-23 17:52:09.584
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-07-23 17:52:09.546
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-02-13 07:49:15.211
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-02-13 07:49:15.186
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Speicherinformationen ===========================
Prozessor: AMD Phenom(tm) II X4 970 Processor
Prozentuale Nutzung des RAM: 21%
Installierter physikalischer RAM: 8189.55 MB
Verfügbarer physikalischer RAM: 6469.39 MB
Summe virtueller Speicher: 16377.29 MB
Verfügbarer virtueller Speicher: 14679.65 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:595.7 GB) (Free:354.89 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:800.78 GB) (Free:606.89 GB) NTFS
Drive e: () (Fixed) (Total:1398.03 GB) (Free:1014.01 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 000A31F2)
Partition 1: (Active) - (Size=595.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=800.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1398 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
25.02.2017, 16:28
| #5 |
| /// TB-Ausbilder | Search.B1.org ,Popups und Werbe-weiterleitungen im Browser,Antivir/Adwcleaner finden nichts Servus, auch wenn die Tools nicht fündig wurden, bitte trotzdem alles genau so ausführen: Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
26.02.2017, 05:35
| #6 |
| | Search.B1.org ,Popups und Werbe-weiterleitungen im Browser,Antivir/Adwcleaner finden nichts Guten morgen, alles in der Reihenfolge erledigt wie vorgegeben,-wieder waren die Scans ergebnislos,Problematik besteht nach wie vor....Notfalls werde ich wohl windows neu aufsetzen müssen.Die Werbung an sich ist ja nicht das schlimmste aber wenn sich mit einmal ein Popup öffnet das man nicht auf normalem Wege beenden kann dann ist das schon recht nervig. Hier erstmal die Logs AdwCleaner: Code:
ATTFilter # AdwCleaner v6.043 - Bericht erstellt am 25/02/2017 um 18:46:51
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-02-24.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : PsychoMantis - SCHNARCHNASE
# Gestartet von : C:\Users\PsychoMantis\Desktop\AdwCleaner_6.043 (1).exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Image File Execution Options" Schlüssel gelöscht
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1707 Bytes] - [14/01/2017 08:23:51]
C:\AdwCleaner\AdwCleaner[C2].txt - [1364 Bytes] - [02/02/2017 00:54:22]
C:\AdwCleaner\AdwCleaner[C3].txt - [1204 Bytes] - [25/02/2017 18:46:51]
C:\AdwCleaner\AdwCleaner[S0].txt - [1782 Bytes] - [14/01/2017 08:21:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [1524 Bytes] - [16/01/2017 12:51:03]
C:\AdwCleaner\AdwCleaner[S2].txt - [1626 Bytes] - [02/02/2017 00:54:09]
C:\AdwCleaner\AdwCleaner[S3].txt - [1743 Bytes] - [06/02/2017 01:11:04]
C:\AdwCleaner\AdwCleaner[S4].txt - [1816 Bytes] - [22/02/2017 19:56:06]
C:\AdwCleaner\AdwCleaner[S5].txt - [1889 Bytes] - [24/02/2017 00:42:37]
C:\AdwCleaner\AdwCleaner[S6].txt - [1961 Bytes] - [24/02/2017 00:56:43]
C:\AdwCleaner\AdwCleaner[S7].txt - [2039 Bytes] - [25/02/2017 18:46:29]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1861 Bytes] ##########
MBAM: Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 26.02.17
Scan-Zeit: 01:42
Protokolldatei: MBAM.txt
Administrator: Ja
-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.50
Version des Aktualisierungspakets: 1.0.1358
Lizenz: Kostenlos
-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Schnarchnase\PsychoMantis
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 344909
Abgelaufene Zeit: 5 Min., 34 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64
Ran by PsychoMantis (Administrator) on 26.02.2017 at 4:43:21,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 12
Successfully deleted: C:\Users\PsychoMantis\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\PsychoMantis\AppData\Local\nico mak computing (Folder)
Successfully deleted: C:\Windows\system32\Tasks\update-S-1-5-21-1040861988-1898195639-2225626604-1000 (Task)
Successfully deleted: C:\Windows\Tasks\update-S-1-5-21-1040861988-1898195639-2225626604-1000.job (Task)
Successfully deleted: C:\Users\PsychoMantis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2S9APO6J (Temporary Internet Files Folder)
Successfully deleted: C:\Users\PsychoMantis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJKA0SVC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\PsychoMantis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV3WJ9W2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\PsychoMantis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W51I691H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2S9APO6J (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJKA0SVC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV3WJ9W2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W51I691H (Temporary Internet Files Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.02.2017 at 4:44:56,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
durchgeführt von PsychoMantis (Administrator) auf SCHNARCHNASE (26-02-2017 04:53:17)
Gestartet von C:\Users\PsychoMantis\Desktop
Geladene Profile: PsychoMantis (Verfügbare Profile: PsychoMantis)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe" -- "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CatalinaGroup Ltd.) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Sound Blaster Tactic3D Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe [2091008 2014-07-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\...\Run: [CatalinaGroup Update] => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [132104 2017-02-22] (Catalina Group Ltd.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{C117CC34-04E2-4F4E-8FC3-6ED867D0B4E2}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{D1A94081-FB24-49D1-BD93-0898002FF58F}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-1040861988-1898195639-2225626604-1000: @catalinahub.net/CatalinaGroup Update;version=3 -> C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll [2017-02-22] (Catalina Group Ltd.)
FF Plugin HKU\S-1-5-21-1040861988-1898195639-2225626604-1000: @catalinahub.net/CatalinaGroup Update;version=9 -> C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll [2017-02-22] (Catalina Group Ltd.)
FF Plugin HKU\S-1-5-21-1040861988-1898195639-2225626604-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PsychoMantis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-27] ()
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [Datei ist nicht signiert]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [400656 2017-02-16] (EasyAntiCheat Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
S4 Origin Client Service; D:\Origin\OriginClientService.exe [2122248 2017-02-20] (Electronic Arts)
S2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [2184208 2017-02-20] (Electronic Arts)
S4 PAExec; C:\Windows\PAExec.exe [189112 2016-05-05] (Power Admin LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2015-12-09] ()
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-10-23] (C-Media Inc)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2015-12-09] ()
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2004-03-05] () [Datei ist nicht signiert]
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2015-07-31] (Spotflux, Inc.)
R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2013-05-31] (Creative Technology Ltd.)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S0 szkg5; SySWOW64\drivers\szkg64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-26 04:53 - 2017-02-26 04:53 - 00008204 _____ C:\Users\PsychoMantis\Desktop\FRST.txt
2017-02-26 04:52 - 2017-02-26 04:52 - 02423296 _____ (Farbar) C:\Users\PsychoMantis\Desktop\FRST64.exe
2017-02-26 04:44 - 2017-02-26 04:44 - 00002284 _____ C:\Users\PsychoMantis\Desktop\JRT.txt
2017-02-26 04:42 - 2017-02-26 04:42 - 00001255 _____ C:\Users\PsychoMantis\Desktop\MBAM.txt
2017-02-26 04:40 - 2017-02-26 04:40 - 01663040 _____ (Malwarebytes) C:\Users\PsychoMantis\Desktop\JRT.exe
2017-02-26 01:46 - 2017-02-25 18:46 - 00001940 _____ C:\Users\PsychoMantis\Desktop\AdwCleaner[C3].txt
2017-02-26 01:40 - 2017-02-26 04:41 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-26 01:40 - 2017-02-26 01:40 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-26 01:40 - 2017-02-26 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-26 01:40 - 2017-02-26 01:40 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-26 01:40 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-26 01:39 - 2017-02-26 01:39 - 55566792 _____ (Malwarebytes ) C:\Users\PsychoMantis\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-02-25 18:40 - 2017-02-25 18:40 - 04015056 _____ C:\Users\PsychoMantis\Desktop\AdwCleaner_6.043 (1).exe
2017-02-24 23:42 - 2017-02-25 00:04 - 00184168 _____ C:\TDSSKiller.3.1.0.12_24.02.2017_23.42.43_log.txt
2017-02-24 23:18 - 2017-02-26 04:53 - 00000000 ____D C:\FRST
2017-02-24 23:16 - 2017-02-24 23:16 - 04747704 _____ (AO Kaspersky Lab) C:\Users\PsychoMantis\Desktop\tdsskiller.exe
2017-02-24 17:56 - 2017-02-24 17:56 - 00000000 ____D C:\Users\PsychoMantis\Downloads\Uncut-Patch [Half-Life_Blue Shift]
2017-02-24 17:53 - 2017-02-24 17:53 - 00751263 _____ C:\Users\PsychoMantis\Downloads\Uncut-Patch [Half-Life_Blue Shift].rar
2017-02-24 12:58 - 2017-02-24 12:58 - 00000000 ____D C:\Users\PsychoMantis\Downloads\Gunman_Chronicles_Steam_Version.1
2017-02-24 12:43 - 2017-02-24 12:43 - 00000000 ____D C:\Users\PsychoMantis\Desktop\poke646_anniversary_edition
2017-02-24 12:40 - 2017-02-24 12:50 - 249058628 _____ C:\Users\PsychoMantis\Downloads\Gunman_Chronicles_Steam_Version.1.zip
2017-02-24 12:38 - 2017-02-24 12:42 - 151657053 _____ C:\Users\PsychoMantis\Downloads\poke646_anniversary_edition.zip
2017-02-24 00:47 - 2017-02-24 00:47 - 06406240 _____ (Reason Software Company Inc.) C:\Users\PsychoMantis\Downloads\reason-core-security-setup.exe
2017-02-22 19:57 - 2017-02-26 04:07 - 00001178 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA.job
2017-02-22 19:57 - 2017-02-25 20:07 - 00001126 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core.job
2017-02-22 19:57 - 2017-02-22 20:02 - 00004166 _____ C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA
2017-02-22 19:57 - 2017-02-22 20:02 - 00003770 _____ C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core
2017-02-22 19:57 - 2017-02-22 19:57 - 00002489 _____ C:\Users\PsychoMantis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrio.lnk
2017-02-22 19:57 - 2017-02-22 19:57 - 00002464 _____ C:\Users\PsychoMantis\Desktop\Citrio.lnk
2017-02-22 19:57 - 2017-02-22 19:57 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\CatalinaGroup
2017-02-22 19:56 - 2017-02-22 19:56 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\webkit
2017-02-22 19:56 - 2017-02-22 19:56 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\midori
2017-02-22 19:56 - 2017-02-22 19:56 - 00000000 ____D C:\Users\PsychoMantis\.dbus-keyrings
2017-02-22 19:45 - 2017-02-22 19:46 - 00271440 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-22 19:35 - 2017-02-22 19:35 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Battle.net
2017-02-22 19:28 - 2017-02-22 19:28 - 00000000 ____D C:\Users\PsychoMantis\Desktop\RevoUninstaller_Portable
2017-02-22 19:24 - 2017-02-22 19:24 - 04015056 _____ C:\Users\PsychoMantis\Desktop\AdwCleaner_6.043.exe
2017-02-22 19:23 - 2017-02-22 19:23 - 00800608 _____ C:\Users\PsychoMantis\Desktop\palemoon-websetup.exe
2017-02-22 19:22 - 2017-02-22 19:23 - 00726224 _____ (Catalina Group Ltd.) C:\Users\PsychoMantis\Desktop\CitrioSetup.exe
2017-02-22 18:58 - 2017-02-22 18:58 - 00058984 _____ C:\Users\PsychoMantis\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-22 10:43 - 2017-02-22 10:43 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\Camfrog
2017-02-22 10:42 - 2017-02-22 10:55 - 00000000 ____D C:\Program Files (x86)\Camfrog
2017-02-22 10:42 - 2017-02-22 10:45 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Camfrog
2017-02-22 10:42 - 2017-02-22 10:42 - 00000000 ____D C:\ProgramData\Camfrog Update
2017-02-20 13:51 - 2017-02-20 13:51 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\dungeon
2017-02-16 06:23 - 2017-02-16 06:20 - 00400656 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-01-29 21:55 - 2017-01-29 21:55 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\NVIDIA
2017-01-28 00:36 - 2017-01-28 00:46 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\NVIDIA Corporation
2017-01-27 20:35 - 2017-01-27 20:35 - 00000000 __SHD C:\ProgramData\DSS
2017-01-27 20:14 - 2017-01-27 20:14 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Lionhead Studios
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-26 03:51 - 2017-01-19 11:51 - 00000524 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0dc4d1a2-623c-450a-96f6-58a57bdaf4dc.job
2017-02-26 02:00 - 2017-01-19 11:51 - 00000524 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4b37f26b-dacc-4734-84f0-a87226293be8.job
2017-02-26 01:40 - 2016-08-25 06:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-26 01:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-02-25 19:04 - 2017-01-14 08:20 - 00000000 ____D C:\AdwCleaner
2017-02-25 18:57 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-25 18:57 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-25 18:55 - 2011-04-12 08:43 - 00696132 _____ C:\Windows\system32\perfh007.dat
2017-02-25 18:55 - 2011-04-12 08:43 - 00147428 _____ C:\Windows\system32\perfc007.dat
2017-02-25 18:55 - 2009-07-14 06:13 - 01611160 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-25 18:49 - 2016-05-05 02:37 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-25 18:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-24 21:39 - 2015-11-03 09:02 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\TS3Client
2017-02-24 01:07 - 2016-10-08 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super nude patch 3
2017-02-24 01:07 - 2016-09-04 06:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reality Pump
2017-02-24 01:07 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-23 22:16 - 2016-02-06 23:32 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\CrashDumps
2017-02-23 20:31 - 2015-11-03 08:44 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-02-23 00:12 - 2016-03-27 02:12 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\vlc
2017-02-22 21:05 - 2016-01-20 20:05 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\Google
2017-02-22 19:58 - 2015-09-27 17:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-22 19:58 - 2015-09-27 17:04 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-22 19:56 - 2015-09-26 05:50 - 00000000 ____D C:\Users\PsychoMantis
2017-02-22 19:43 - 2015-11-15 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-02-22 19:43 - 2015-11-15 13:27 - 00000000 ____D C:\GOG Games
2017-02-22 19:42 - 2016-12-01 22:45 - 00000000 ____D C:\Hex-Editor MX
2017-02-22 19:41 - 2016-02-11 19:00 - 00000000 ____D C:\Program Files (x86)\Smart Mod Manager
2017-02-22 19:39 - 2016-05-17 23:48 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\GlarySoft
2017-02-22 19:37 - 2015-09-28 00:14 - 00000000 ____D C:\Users\PsychoMantis\Documents\My Games
2017-02-22 19:37 - 2015-09-26 06:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-22 19:36 - 2016-07-23 00:22 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2017-02-22 19:34 - 2016-09-02 06:08 - 00000000 ____D C:\Users\PsychoMantis\Documents\PCSX2
2017-02-22 19:33 - 2015-11-03 19:54 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\Mozilla
2017-02-22 19:33 - 2015-11-02 16:16 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Mozilla
2017-02-22 19:31 - 2015-09-26 06:20 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Opera Software
2017-02-22 19:31 - 2015-09-26 06:20 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\Opera Software
2017-02-22 19:31 - 2015-09-26 05:51 - 00001425 _____ C:\Users\PsychoMantis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-22 10:25 - 2016-01-19 09:01 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Origin
2017-02-22 10:25 - 2016-01-19 09:00 - 00000000 ____D C:\ProgramData\Origin
2017-02-22 05:37 - 2016-12-22 12:58 - 00000000 ____D C:\Users\PsychoMantis\AppData\LocalLow\Mozilla
2017-02-17 16:48 - 2015-09-26 06:50 - 00000000 ____D C:\Users\PsychoMantis\Desktop\Verknüpfungen
2017-02-17 16:47 - 2015-09-26 06:51 - 00000000 ___RD C:\Users\PsychoMantis\Desktop\Games
2017-02-06 05:17 - 2017-01-12 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RGSS-RTP Standard
2017-02-06 05:17 - 2017-01-12 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker 2000 1.05
2017-02-06 01:07 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-06 01:06 - 2016-05-20 22:50 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Soldat
2017-02-06 01:02 - 2017-01-12 19:05 - 00000000 ____D C:\Program Files (x86)\rpg2003
2017-01-28 15:54 - 2015-09-26 20:09 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\DVDVideoSoft
2017-01-28 01:50 - 2016-10-30 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-28 01:50 - 2016-05-04 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-01-28 01:50 - 2016-05-03 00:34 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-01-28 01:50 - 2016-02-04 08:57 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\NVIDIA
2017-01-28 01:50 - 2015-09-26 06:25 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-28 01:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\security
2017-01-28 01:49 - 2016-05-05 02:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-28 01:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2017-01-28 01:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2017-01-28 01:46 - 2016-05-05 02:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-27 22:37 - 2015-11-05 01:33 - 00007636 _____ C:\Users\PsychoMantis\AppData\Local\Resmon.ResmonCfg
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-01-04 19:44 - 2016-01-04 19:47 - 0000626 _____ () C:\Users\PsychoMantis\AppData\Roaming\All CPU MeterV3_Settings.ini
2016-05-05 00:37 - 2016-05-05 00:49 - 0000056 _____ () C:\Users\PsychoMantis\AppData\Roaming\coreavc.ini
2015-11-13 18:37 - 2015-11-13 18:37 - 26602416 _____ () C:\Users\PsychoMantis\AppData\Roaming\gameboxsetup.exe
2015-11-05 01:33 - 2017-01-27 22:37 - 0007636 _____ () C:\Users\PsychoMantis\AppData\Local\Resmon.ResmonCfg
2015-11-07 23:02 - 2015-11-07 23:02 - 0000003 _____ () C:\Users\PsychoMantis\AppData\Local\updater.log
2015-11-07 23:02 - 2016-08-06 21:30 - 0000424 _____ () C:\Users\PsychoMantis\AppData\Local\UserProducts.xml
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-02-23 12:08
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25-02-2017
durchgeführt von PsychoMantis (26-02-2017 04:53:47)
Gestartet von C:\Users\PsychoMantis\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-09-26 04:50:41)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1040861988-1898195639-2225626604-500 - Administrator - Disabled)
Gast (S-1-5-21-1040861988-1898195639-2225626604-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1040861988-1898195639-2225626604-1002 - Limited - Enabled)
PsychoMantis (S-1-5-21-1040861988-1898195639-2225626604-1000 - Administrator - Enabled) => C:\Users\PsychoMantis
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)
7-Zip 15.12 (HKLM-x32\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Anno 1404 - Gold Edition (HKLM-x32\...\1440426004_is1) (Version: 2.0.0.2 - GOG.com)
Anno 1503 A.D. (HKLM-x32\...\1438074791_is1) (Version: 2.0.0.5 - GOG.com)
Anno 1602 - Creation of a New World (HKLM-x32\...\1438168222_is1) (Version: 2.0.0.6 - GOG.com)
Anno 1701 A.D. (HKLM-x32\...\1438075172_is1) (Version: 2.0.0.4 - GOG.com)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.4.1036 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)
Call of Pripyat Complete v1.0.2 (HKLM-x32\...\Call of Pripyat Complete_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version: - Cheat Engine)
Citrio (HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\...\Citrio) (Version: 50.0.2661.274 - © Catalinagroup Ltd.)
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - )
Command & Conquerâ„¢ and The Covert Operationsâ„¢ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquerâ„¢ Red Alert, Counterstrike and The Aftermath (HKLM-x32\...\{B9A7CCBE-48F7-4B3E-BD20-76ADDD4DC69F}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command and Conquer 3 Tiberium Wars Complete Collection Version 1.02 (HKLM-x32\...\{01BB7046-6217-4225-BFA8-A5E5DB2B0977}_is1) (Version: 1.02 - Electronic Arts)
Company of Heroes (HKLM\...\Steam App 4560) (Version: - Relic Entertainment)
Company of Heroes (New Steam Version) (HKLM\...\Steam App 228200) (Version: - Relic)
Company of Heroes: Opposing Fronts (HKLM\...\Steam App 9340) (Version: - Relic Entertainment)
Company of Heroes: Tales of Valor (HKLM\...\Steam App 20540) (Version: - Relic Entertainment)
Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)
Counter-Strike: Condition Zero (HKLM\...\Steam App 80) (Version: - Valve)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Cry of Fear (HKLM\...\Steam App 223710) (Version: - Team Psykskallar)
Crysis 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.9.0.0 - Electronic Arts)
DARK (HKLM\...\Steam App 225360) (Version: - Realmforge Studios)
Dark Matter (HKLM\...\Steam App 251410) (Version: - InterWave Studios)
Day of Defeat: Source (HKLM\...\Steam App 300) (Version: - Valve)
Dead Spaceâ„¢ 2 (HKLM-x32\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.943.0 - Electronic Arts)
Deus Ex: Human Revolution - Director's Cut (HKLM\...\Steam App 238010) (Version: - Eidos Montreal)
Die Simsâ„¢ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
Die Simsâ„¢ 3 Late Night (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Late Night) (Version: 1.0.0.0 - Electronic Arts Inc.)
Die Simsâ„¢ 3 Supernatural (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Supernatural) (Version: 1.0.0.0 - Electronic Arts Inc.)
Die Simsâ„¢ 3 Traumkarrieren (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Ambitions) (Version: 1.0.0.0 - Electronic Arts Inc.)
Divine Divinity (HKLM\...\Steam App 214170) (Version: - Larian Studios)
Dungeon Warfare (HKLM-x32\...\Steam App 355980) (Version: - Valsar)
Fable III (HKLM-x32\...\GFWL_{4D53090A-9B45-437B-A66A-831000008300}) (Version: 1.0.0000.131 - Microsoft Game Studios)
Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
Fallout (HKLM-x32\...\1440148836_is1) (Version: 2.1.0.18 - GOG.com)
Far Cry 3 (HKLM-x32\...\Uplay Install 46) (Version: - Ubisoft)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
Final Fantasy VII Steam Edition Version 1.0.9 (HKLM-x32\...\{625A041D-65DA-4E68-9010-419ECD204314}_is1) (Version: 1.0.9 - Square Enix)
FINAL FANTASY VIII (HKLM\...\Steam App 39150) (Version: - SQUARE ENIX)
Half-Life (HKLM\...\Steam App 70) (Version: - Valve)
Half-Life 2: Update (HKLM\...\Steam App 290930) (Version: - Filip Victor)
Half-Life: Blue Shift (HKLM\...\Steam App 130) (Version: - Gearbox Software)
Half-Life: Opposing Force (HKLM\...\Steam App 50) (Version: - Gearbox Software)
Half-Life: Source (HKLM\...\Steam App 280) (Version: - Valve)
Hitman: Absolution (HKLM\...\Steam App 203140) (Version: - IO Interactive)
Infectonator : Survivors (HKLM\...\Steam App 269310) (Version: - Toge Productions)
Jagged Alliance - Back in Action (HKLM\...\Steam App 57740) (Version: - Coreplay GmbH)
Jagged Alliance 2 Wildfire (HKLM-x32\...\1207658743_is1) (Version: 2.1.0.8 - GOG.com)
Jagged Alliance Flashback (HKLM\...\Steam App 256010) (Version: - Full Control)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
Legend of Grimrock II (HKLM-x32\...\1207666193_is1) (Version: 2.1.0.5 - GOG.com)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Lucius II (HKLM\...\Steam App 296830) (Version: - Shiver Games)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mass Effectâ„¢ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
Metro: Last Light (HKLM\...\Steam App 43160) (Version: - 4A Games)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Might & Magic X Legacy (HKLM-x32\...\Uplay Install 401) (Version: - Ubisoft)
MOBIUS FINAL FANTASY (HKLM\...\Steam App 536930) (Version: - SQUARE ENIX CO., LTD.)
Mount & Blade (HKLM\...\Steam App 22100) (Version: - TaleWorlds Entertainment)
Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM\...\Steam App 48720) (Version: - TaleWorlds Entertainment)
Mozilla Thunderbird 45.7.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.7.1 (x86 de)) (Version: 45.7.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
Need for Speedâ„¢ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Nether (HKLM\...\Steam App 247730) (Version: - Phosphor Games Studio)
NOX (HKLM-x32\...\{BF152F35-9708-452C-862C-F7E3B62DF732}) (Version: 2.0.0.20 - Electronic Arts, Inc.)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Orcs Must Die! Unchained (HKLM\...\Steam App 427270) (Version: - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version: - The Indie Stone)
RAGE (HKLM-x32\...\Steam App 9200) (Version: - id Software)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
S.T.A.L.K.E.R. - Clear Sky [v1.00010] (HKLM-x32\...\S.T.A.L.K.E.R. - Clear Sky_is1) (Version: 1.00010 - Deep Silver)
S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version: - GSC Game World)
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM\...\Steam App 4500) (Version: - GSC Game World)
Saboteurâ„¢ (HKLM-x32\...\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}) (Version: 1.0.0.0 - Electronic Arts)
Silver (HKLM-x32\...\1207659041_is1) (Version: 2.0.0.15 - GOG.com)
Skyrim Script Extender (SKSE) (HKLM\...\Steam App 365720) (Version: - The SKSE Team)
Soda Dungeon (HKLM\...\Steam App 564710) (Version: - AN Productions)
Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version: - Valve)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader 2 (HKLM\...\Steam App 232890) (Version: - FireFly Studios)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold HD (HKLM\...\Steam App 40950) (Version: - FireFly Studios)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Tempest (HKLM\...\Steam App 418180) (Version: - Lion's Shade)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Sims(TM) 3 (HKLM\...\Steam App 47890) (Version: - The Sims Studio)
Trine Enhanced Edition (HKLM-x32\...\1207659020_is1) (Version: 2.0.0.2 - GOG.com)
Two Worlds (HKLM-x32\...\Two Worlds) (Version: 1.7.0 - )
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - )
Unepic (HKLM-x32\...\GOGPACKUNEPIC_is1) (Version: 2.2.0.7 - GOG.com)
Unity Web Player (HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.8.1 (HKLM\...\VulkanRT1.0.8.1) (Version: 1.0.8.1 - LunarG, Inc.)
Warzone 2100-3.1.2 (HKLM-x32\...\Warzone 2100-3.1.2) (Version: 3.1.2 - Warzone 2100 Project)
Wasteland 2 - Ranger Edition (HKLM-x32\...\{52CC6D4B-B565-4908-A524-5DA978EB4D3B}_is1) (Version: 1.0 - inXile Entertainment)
WinRAR 5.21 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wizardry 8 (HKLM\...\Steam App 245450) (Version: - Sir-Tech Canada)
Worms Clan Wars (HKLM\...\Steam App 233840) (Version: - Team17 Digital Ltd)
Worms Reloaded (HKLM\...\Steam App 22600) (Version: - Team17 Digital Ltd)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.3 - Xvid Team)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CLSID\{01E9FAE9-3819-4dd9-B1D9-998A1C62D1F8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CLSID\{9CF1512B-6019-4573-9466-57AA61960209}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {6B69E57D-FDD0-4E27-8EB7-9F10151A62DA} - System32\Tasks\SUPERAntiSpyware Scheduled Task 0dc4d1a2-623c-450a-96f6-58a57bdaf4dc => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {6D53FC9D-0825-4777-BFB5-EEED6F8E0984} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
Task: {82A5FE1D-ACA2-470A-BE55-9DDA5F8FA86C} - System32\Tasks\SUPERAntiSpyware Scheduled Task 4b37f26b-dacc-4734-84f0-a87226293be8 => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {89BE678F-262C-4A73-8DE7-9EE6D419FFD3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {C5061727-7814-4763-A14E-EAE7210DBC1E} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2017-02-22] (Catalina Group Ltd.)
Task: {E2AE0D16-0BB9-40CE-8486-DF58225F18D9} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2017-02-22] (Catalina Group Ltd.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core.job => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA.job => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0dc4d1a2-623c-450a-96f6-58a57bdaf4dc.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4b37f26b-dacc-4734-84f0-a87226293be8.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-11-16 17:55 - 2015-11-16 17:55 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2017-02-22 19:57 - 2017-02-18 04:45 - 01622912 _____ () C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\50.0.2661.274\libglesv2.dll
2017-02-22 19:57 - 2017-02-18 04:45 - 00078208 _____ () C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\50.0.2661.274\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\exefile: <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2017-01-17 00:02 - 00000042 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost
127.0.0.1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: DigitalWave.Update.Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HDD Observer Service => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: PAExec => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvid\CheckUpdate.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{2DF2F9C7-C7FD-4EEF-903D-9440259ECF30}C:\program files (x86)\warzone 2100-3.1.2\warzone2100.exe] => (Allow) C:\program files (x86)\warzone 2100-3.1.2\warzone2100.exe
FirewallRules: [UDP Query User{178180C1-905A-4E8F-9D3B-288A540125B3}C:\program files (x86)\warzone 2100-3.1.2\warzone2100.exe] => (Allow) C:\program files (x86)\warzone 2100-3.1.2\warzone2100.exe
FirewallRules: [{E186F0A6-0332-40C6-B50D-0CCB6EB981DA}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{458307DC-DC3B-4E44-B1B6-E57B619E9B97}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{9235C082-A288-4602-92CC-3F4374272BBD}] => (Allow) E:\Steam\steamapps\common\Dungeon Warfare\DW.exe
FirewallRules: [{08943D30-7454-44F7-993D-7C85412E858F}] => (Allow) E:\Steam\steamapps\common\Dungeon Warfare\DW.exe
FirewallRules: [{42EEAA17-AAAF-4AA2-B074-A35E76348756}] => (Allow) E:\Steam\steamapps\common\RAGE\Rage.exe
FirewallRules: [{7E26F1BE-038F-4A79-B705-A2C27A2B159D}] => (Allow) E:\Steam\steamapps\common\RAGE\Rage.exe
FirewallRules: [{D572C638-F50E-45F6-A84E-D620594DBEFF}] => (Allow) E:\Steam\steamapps\common\RAGE\Rage64.exe
FirewallRules: [{AD830741-3499-492B-97D7-6A53B4D2F28F}] => (Allow) E:\Steam\steamapps\common\RAGE\Rage64.exe
FirewallRules: [{1932BC1E-156B-451C-A40E-6A8B4E09D3D7}] => (Allow) C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe
FirewallRules: [{737EDB2B-75DA-473F-9EC0-E192DDB65462}] => (Allow) C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe
FirewallRules: [{7D5B8A88-D6C0-46C1-8EA9-D939D0D2AA64}] => (Allow) C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe
FirewallRules: [{4BA4C04B-5EC6-4BD4-B0A8-1987BF6E8D83}] => (Allow) C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe
FirewallRules: [{00A6AF7E-5EB7-4916-A019-334A2E68E6A6}] => (Allow) E:\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{1804D4C0-02C5-4708-BF4E-D23AFAEF2FB8}] => (Allow) E:\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{5288ECDA-F481-491F-8EC3-39A153956AB0}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{13B8D26C-7FEC-4278-AD89-F28823033947}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{E1073460-7150-4CF4-BC34-B3709A91C19B}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{16A90A91-4C03-460A-B997-6A4AA64B02F6}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [TCP Query User{B2FFD18C-3BCE-439C-93F8-B98FA3289D95}D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{01871491-AFE7-455A-9214-E07E635AA0F7}D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{B041CC71-CACD-46E5-85B9-A6ADB9E2266A}D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [UDP Query User{4BF7D26D-B963-4F6B-B7AC-E6848DE4465B}D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{4E2813A1-F980-4BF5-96BF-57C110EDEC31}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{C29F9DCA-D631-4592-B916-D4C34B0FAA03}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{FCCEAA7B-A4B4-4904-8ED1-4ED1F42B5301}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{B74105CA-75FC-40A6-A35F-EB1818BD5D4E}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{91B4C70D-5F86-4A35-B15B-A415F5D29829}] => (Allow) E:\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{84121DCB-4583-4880-B3F3-7A2A77E60FBD}] => (Allow) E:\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{1FA3539B-5B56-43C9-AB6F-AE717555AA20}] => (Allow) E:\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{1C8AD1DF-4F09-4FB6-A337-70D395B89D43}] => (Allow) E:\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{A3D3C5AA-5F38-4AAE-BE11-5646550ABD89}] => (Allow) D:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{B89C54FE-38C0-4542-9FA7-7A980A995D58}] => (Allow) D:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{145406CD-8204-4D5F-930B-28A07156CB27}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{370AA135-5D1A-45B4-B94F-E9C322CAE4B1}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{842EA3AE-42E6-4099-B389-2AC7092BF23A}] => (Allow) D:\Ubisoft Game Launcher\games\Might & Magic® X Legacy\Might and Magic X Legacy.exe
FirewallRules: [TCP Query User{13AE2AE4-90EB-49B4-9757-41E1B181BB27}E:\steam\steamapps\common\cry of fear\cof.exe] => (Allow) E:\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{E69C5EEB-2452-42C8-A98B-2FF6EADBDCFD}E:\steam\steamapps\common\cry of fear\cof.exe] => (Allow) E:\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{6A5D9B59-564F-4954-AF9A-EEC11C53D2A4}] => (Allow) E:\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [{EC11A1BD-6EB4-4935-BF85-6AFF4FAF294B}] => (Allow) E:\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [TCP Query User{47F1FFAB-E697-42EE-909D-A57E2F42CF0A}E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [UDP Query User{CDD2EF06-CC75-4B4E-8E23-8454A5EF8C67}E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [{DCF489D1-DF48-48DA-AE95-393005878F96}] => (Allow) E:\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{89EE68A3-C44E-4574-A811-CF18C8CB4313}] => (Allow) E:\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{3BCEEA0F-34C7-480C-A23C-0453B963DF97}] => (Allow) E:\Steam\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{EB56EFF9-CE9E-40BF-990F-9C5E7E82D354}] => (Allow) E:\Steam\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{54FC0C36-54F3-4D08-A599-A68263E957B4}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{C6462AAB-C84D-4930-A1FE-0D1372FC81F5}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{4C97E880-7E45-4145-B41C-4872C6114CF3}] => (Allow) E:\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{03678835-CDCB-48C0-8BA9-9FFF68916C0E}] => (Allow) E:\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [TCP Query User{040E1D32-38D6-40D9-9429-55F49E0ABB1F}E:\steam\steamapps\common\projectzomboid\jre\bin\java.exe] => (Allow) E:\steam\steamapps\common\projectzomboid\jre\bin\java.exe
FirewallRules: [UDP Query User{BC02739F-7C12-4D0F-B945-8A9CA77E1FF6}E:\steam\steamapps\common\projectzomboid\jre\bin\java.exe] => (Allow) E:\steam\steamapps\common\projectzomboid\jre\bin\java.exe
FirewallRules: [{418701CC-E5F9-4915-B968-A22EE40FFC34}] => (Allow) E:\Steam\steamapps\common\Mount and Blade\runme.exe
FirewallRules: [{7FDDDD50-9E59-4EEE-BF36-B0C2F70A5A14}] => (Allow) E:\Steam\steamapps\common\Mount and Blade\runme.exe
FirewallRules: [{29947EED-E41B-4AF1-9BC8-59A8DAFC8D09}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{D3FA6522-562C-4A69-AAEA-07FCADE1370E}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{260FBA99-FB69-4496-B64E-DC717B59CDCA}] => (Allow) E:\Steam\steamapps\common\divine_divinity\div.exe
FirewallRules: [{F4844D3B-9ADC-43FD-86B0-2B9E714CE70B}] => (Allow) E:\Steam\steamapps\common\divine_divinity\div.exe
FirewallRules: [{06DDA994-1246-4A8D-84FA-3AC5BAFCCBC2}] => (Allow) E:\Steam\steamapps\common\divine_divinity\configtool.exe
FirewallRules: [{79DD0C66-F8D7-43E7-B4D4-1010F00B31C9}] => (Allow) E:\Steam\steamapps\common\divine_divinity\configtool.exe
FirewallRules: [{2A7D588D-E3CD-48D5-A7AF-AB806A90A3C9}] => (Allow) E:\Steam\steamapps\common\Wizardry8\Wiz8.exe
FirewallRules: [{C8B7C5F7-A973-4E2E-BD77-74A96CB88D83}] => (Allow) E:\Steam\steamapps\common\Wizardry8\Wiz8.exe
FirewallRules: [{9ED81E86-44A2-4373-AD19-D7B9CA9BCE24}] => (Allow) E:\Steam\steamapps\common\Wizardry8\3DSetup.exe
FirewallRules: [{50754A9B-808D-456F-8141-D16864AD7C47}] => (Allow) E:\Steam\steamapps\common\Wizardry8\3DSetup.exe
FirewallRules: [{DDEC4005-F653-4CD3-B09C-3A8713A23805}] => (Allow) E:\Steam\steamapps\common\Wizardry8\nglide_config.exe
FirewallRules: [{722A7734-844A-465C-A9CD-23360C927BC9}] => (Allow) E:\Steam\steamapps\common\Wizardry8\nglide_config.exe
FirewallRules: [{EE4F29D5-84DA-461A-9AE1-76A87F7D8F16}] => (Allow) E:\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{198A0E5E-790A-4C88-A118-29FCD8AE79EC}] => (Allow) E:\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{16531EFE-8083-4A5F-8C6E-C4A4F077A916}] => (Allow) E:\Steam\steamapps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{0D336776-E2CD-43B5-A3F1-6328555092C4}] => (Allow) E:\Steam\steamapps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [TCP Query User{694A6F46-106F-4345-B825-FF13D67ABFDF}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{6F0D6AA6-2C47-49FF-A617-8C17E6548B26}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{FFF5E0DA-3C4C-427A-AD00-044531D520CC}] => (Allow) E:\Steam\steamapps\common\Dark\DarkApp.exe
FirewallRules: [{FBBD43D1-5CEA-45CE-8993-2305815F076E}] => (Allow) E:\Steam\steamapps\common\Dark\DarkApp.exe
FirewallRules: [{25283AD8-0424-4D80-8323-031B2385489C}] => (Allow) E:\Steam\steamapps\common\Infectonator Survivors\Survivors.exe
FirewallRules: [{0BE33B6F-1667-4801-ACF6-89BACDDAE4E1}] => (Allow) E:\Steam\steamapps\common\Infectonator Survivors\Survivors.exe
FirewallRules: [{7DEC3B47-2711-4FA2-9CD1-32DCA3C17AD5}] => (Allow) E:\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{2946C77D-F96F-431A-86D6-384E47A826FF}] => (Allow) E:\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{F49FF3F9-8EC3-448D-95C6-FA3F720175B7}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert\RA95Launcher.exe
FirewallRules: [{11188EC5-2591-41F6-B823-2AB4BB202FE9}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert\RA95Launcher.exe
FirewallRules: [{635AE084-5393-4D4D-9618-D39F46E1C713}] => (Allow) D:\Program Files (x86)\Origin Games\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{F60568DF-0C97-40BA-BCB3-784BD49F5EFE}] => (Allow) D:\Program Files (x86)\Origin Games\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{E5A6F64F-C441-4501-A35B-E92DE9D248F5}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds.exe
FirewallRules: [{88BD701C-84A1-4A66-9455-29241A126A12}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds.exe
FirewallRules: [{34FC09BD-DE65-4782-862C-0DA222857A82}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{B8DFD8FF-4BEC-48A3-830A-E50F5CBECC44}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{FDE7F0A6-FD85-4191-9AD4-0D1FC65CB5DB}] => (Allow) D:\Program Files (x86)\Origin Games\Crysis 2\bin32\Crysis2.exe
FirewallRules: [{32D2EBB3-A2BD-4E9B-8162-E88462FEAF62}] => (Allow) D:\Program Files (x86)\Origin Games\Crysis 2\bin32\Crysis2.exe
FirewallRules: [TCP Query User{16504E92-6EA7-4C81-86BC-0E5E5EF49196}C:\gog games\anno 1404 gold edition\tools\anno4web.exe] => (Allow) C:\gog games\anno 1404 gold edition\tools\anno4web.exe
FirewallRules: [UDP Query User{E7DC6F7C-5E40-4986-9E6D-9B96832070DA}C:\gog games\anno 1404 gold edition\tools\anno4web.exe] => (Allow) C:\gog games\anno 1404 gold edition\tools\anno4web.exe
FirewallRules: [TCP Query User{60BE6388-8956-46C1-90E9-154AB57ACF9E}C:\gog games\anno 1404 gold edition\tools\addonweb.exe] => (Allow) C:\gog games\anno 1404 gold edition\tools\addonweb.exe
FirewallRules: [UDP Query User{11FD80DF-D210-449C-8DED-D530D72FAAFD}C:\gog games\anno 1404 gold edition\tools\addonweb.exe] => (Allow) C:\gog games\anno 1404 gold edition\tools\addonweb.exe
FirewallRules: [TCP Query User{36E2F920-C909-44F2-8FE9-81FDC9638211}C:\gog games\anno 1701 ad\anno1701.exe] => (Block) C:\gog games\anno 1701 ad\anno1701.exe
FirewallRules: [UDP Query User{195E86DC-92B2-44B0-A261-2FED6115A963}C:\gog games\anno 1701 ad\anno1701.exe] => (Block) C:\gog games\anno 1701 ad\anno1701.exe
FirewallRules: [{ED0F6A68-EFF1-4577-9669-64312916C3E8}] => (Allow) E:\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{5DD41378-C4B5-4398-91E8-989B68315F89}] => (Allow) E:\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [TCP Query User{0C925492-2CE0-407F-AAEA-E25254DC4D64}C:\program files (x86)\ea games\dead space 2\deadspace2.exe] => (Allow) C:\program files (x86)\ea games\dead space 2\deadspace2.exe
FirewallRules: [UDP Query User{0F1386EF-1479-460D-BA37-1858A4F77A19}C:\program files (x86)\ea games\dead space 2\deadspace2.exe] => (Allow) C:\program files (x86)\ea games\dead space 2\deadspace2.exe
FirewallRules: [TCP Query User{2C385A7E-406E-411E-A52A-279D9AB9E8DA}C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe
FirewallRules: [UDP Query User{11E62554-4DD5-49C0-B876-036448A0EF2F}C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe
FirewallRules: [{64037DE9-3E4F-4787-A6B2-25D7A0C1BDBC}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{A30BE363-2B9F-4DEB-8510-C1942EB0B11C}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{34C1A6F9-54F5-4092-A879-9EEDCD86E7AF}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{F0B158C3-A5AE-4B14-9F8B-5B5CF07656E5}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{FCB6AF31-40FF-4918-A7AC-65A7E1267160}] => (Allow) E:\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{B78F1E9C-252C-41ED-AFC6-26DF8C5EA783}] => (Allow) E:\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{3992AA66-F08D-4427-BA72-73D674143F34}] => (Allow) E:\Steam\steamapps\common\Nether\Game\Binaries\Win64\Nether.exe
FirewallRules: [{6893D4F0-4DD1-4602-A0A9-EAB1E797CAE3}] => (Allow) E:\Steam\steamapps\common\Nether\Game\Binaries\Win64\Nether.exe
FirewallRules: [{8FEF6526-215B-41E4-BE00-23E9B5D3EC61}] => (Allow) E:\Steam\steamapps\common\Jagged Alliance Flashback\game.exe
FirewallRules: [{F57658C5-502C-4266-9457-D19A7CE7518A}] => (Allow) E:\Steam\steamapps\common\Jagged Alliance Flashback\game.exe
FirewallRules: [{B6DAC352-61C0-4E72-97DE-2E3577C6FCD3}] => (Allow) E:\Steam\steamapps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe
FirewallRules: [{7B78E859-62D1-484C-AD8D-8F3B7ACE3A06}] => (Allow) E:\Steam\steamapps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe
FirewallRules: [{28D2ADF4-416B-4FAD-A765-A09677CA2048}] => (Allow) E:\Steam\steamapps\common\Tempest\Tempest.exe
FirewallRules: [{45827811-9DB9-4244-A4FE-273563A461F0}] => (Allow) E:\Steam\steamapps\common\Tempest\Tempest.exe
FirewallRules: [{8B56524A-D441-4886-A4FE-392BD8C83CA6}] => (Allow) E:\Steam\steamapps\common\JABIA\JaggedAllianceBIA.exe
FirewallRules: [{ED6C1226-E4DE-4035-9379-2BF574BFF6E5}] => (Allow) E:\Steam\steamapps\common\JABIA\JaggedAllianceBIA.exe
FirewallRules: [{400D4721-22A4-4249-8D92-22AFF79C2BB7}] => (Allow) E:\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{FF234DF1-8935-4B8E-94A1-2BA3E2D6F6C6}] => (Allow) E:\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{58A4C62B-2D65-4FF4-9A55-5A747672B4C6}] => (Allow) E:\Steam\steamapps\common\dark matter iw\darkmatter.exe
FirewallRules: [{0064812B-23E2-4814-A69D-DF516592024C}] => (Allow) E:\Steam\steamapps\common\dark matter iw\darkmatter.exe
FirewallRules: [{E550E41B-B14D-4C67-A71C-0AAF4A6D9BEB}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C9E21792-CB51-470B-AB69-9D6AC3E26A45}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FAFC7B48-477E-42DC-92CC-A9D638449840}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BCE84615-2A7F-48D3-87C9-876702FBAA2F}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{40B66E86-32D0-4D44-A9C7-31736428B338}] => (Allow) E:\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{E155D1AE-60D0-4EF1-AB91-6CC1A6523A83}] => (Allow) E:\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{89F42CB6-9B5D-47FD-A342-690A01188B2D}] => (Allow) E:\Steam\steamapps\common\Stronghold\Stronghold.exe
FirewallRules: [{6E00144A-255B-4F79-91DA-89214D8DB40D}] => (Allow) E:\Steam\steamapps\common\Stronghold\Stronghold.exe
FirewallRules: [{F686AD16-66C6-48EE-B138-5EE216A78A31}] => (Allow) E:\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{DE865DEF-8656-42D0-B393-7FF97B15CBF6}] => (Allow) E:\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{7EB5DF75-E967-4D65-84F1-FE3E42F750C6}] => (Allow) E:\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{FD4F13DC-1AAA-4328-AAEE-4D0AE9B7E8C2}] => (Allow) E:\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{6A094FF6-5CF9-4C5F-818B-9CAACFCB5308}] => (Allow) E:\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{626765FE-95B8-4076-ABBA-EC750CE4DFCC}] => (Allow) E:\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{78187502-186B-4AF9-9928-45205AF5C177}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{DAD562D5-6DCC-4F40-8B8E-327A10419D49}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{B2CEBBBB-1D4D-47D5-B006-2B0C94C9E7D9}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{9DCDB133-BF7C-4C61-AEB1-E6B49C6BA16C}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{3E16B1F4-59A3-4D96-8CF1-5BE4D4AF9A97}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{B4E69F6A-E78A-4381-AB6A-82884A7EFE85}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{FF66C954-32BE-487F-9230-653D94504CC4}] => (Allow) D:\Fable3\Fable3.exe
FirewallRules: [{2CD94E65-01A5-4253-80F7-59B9B8E931EA}] => (Allow) D:\Fable3\Fable3.exe
FirewallRules: [{C10AF9EA-6F64-4185-992E-C4099C5A3C43}] => (Allow) E:\Steam\steamapps\common\MOBIUS FINAL FANTASY\mobiusff.exe
FirewallRules: [{23B698BD-7B9F-4DAE-A8B8-F33749673458}] => (Allow) E:\Steam\steamapps\common\MOBIUS FINAL FANTASY\mobiusff.exe
FirewallRules: [{3C0D2895-BCFD-4B36-90D7-48D3D1ACA5A5}] => (Allow) E:\Steam\steamapps\common\Soda Dungeon\dungeon.exe
FirewallRules: [{37C773D3-E70B-41D4-8ACE-C98D902BD939}] => (Allow) E:\Steam\steamapps\common\Soda Dungeon\dungeon.exe
FirewallRules: [{6730A466-0FC3-4B29-97DC-70748F30F627}] => (Allow) E:\Steam\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe
FirewallRules: [{BDFF083A-A905-493B-BB94-68DC9F714E1D}] => (Allow) E:\Steam\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe
FirewallRules: [{42BB2F06-48F5-4CA0-A7C2-F6EBF351DD06}] => (Allow) E:\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{C90F413A-502E-429E-A175-5CC8A2E14B2C}] => (Allow) E:\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{CAAC04BB-2424-4AA1-90CA-09F1B44A8E3C}] => (Allow) C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
FirewallRules: [{E85B123F-3716-4E33-B654-126FA0E7F1D5}] => (Allow) E:\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{5E7BACF8-C17C-43F4-89DE-8B3CA7FF3C47}] => (Allow) E:\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{E05AF301-C036-4566-9589-091CF8A3B917}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{6E703A90-81EB-4B99-B662-20038244756B}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{8BD94752-A8A9-4EE8-8681-EA6EFF09EDEB}] => (Allow) E:\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{2B386774-FE37-4ACF-9B4C-16577B027193}] => (Allow) E:\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
==================== Wiederherstellungspunkte =========================
22-02-2017 19:30:35 Revo Uninstaller's restore point - Opera Stable 43.0.2442.991
22-02-2017 19:32:38 Revo Uninstaller's restore point - Mozilla Firefox 51.0.1 (x86 de)
22-02-2017 19:34:07 Revo Uninstaller's restore point - Xvid Video Codec
22-02-2017 19:34:35 Revo Uninstaller's restore point - PCSX2 - Playstation 2 Emulator
22-02-2017 19:34:59 Revo Uninstaller's restore point - Smart Mod Manager
22-02-2017 19:36:51 Entfernt Command & Conquer Die ersten 10 Jahre
22-02-2017 19:37:27 Crysis(R) entfernt.
22-02-2017 19:39:36 Removed GTA2
22-02-2017 19:41:40 Removed Smart Mod Manager
26-02-2017 04:43:23 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (02/23/2017 10:16:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x56130448
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xcbc
Startzeit der fehlerhaften Anwendung: 0x01d28e0ebe166212
Pfad der fehlerhaften Anwendung: E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 5938a40e-fa0d-11e6-885f-1c6f65878e2c
Error: (02/23/2017 08:51:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x56130448
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x928
Startzeit der fehlerhaften Anwendung: 0x01d28e0c5078fbab
Pfad der fehlerhaften Anwendung: E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 68c4a91c-fa01-11e6-885f-1c6f65878e2c
Error: (02/22/2017 07:40:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamtray.exe, Version: 3.0.0.912, Zeitstempel: 0x58811d74
Name des fehlerhaften Moduls: mbamtray.exe, Version: 3.0.0.912, Zeitstempel: 0x58811d74
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00054645
ID des fehlerhaften Prozesses: 0x136c
Startzeit der fehlerhaften Anwendung: 0x01d28d3b1a9b3093
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Berichtskennung: 5c7334ee-f92e-11e6-a750-1c6f65878e2c
Error: (02/22/2017 07:34:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48ce8271-5b6e-4b27-b3a4-8019b5e3085c}
Error: (02/22/2017 07:34:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48ce8271-5b6e-4b27-b3a4-8019b5e3085c}
Error: (02/22/2017 07:34:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48ce8271-5b6e-4b27-b3a4-8019b5e3085c}
Error: (02/22/2017 07:32:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48ce8271-5b6e-4b27-b3a4-8019b5e3085c}
Error: (02/22/2017 07:30:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48ce8271-5b6e-4b27-b3a4-8019b5e3085c}
Systemfehler:
=============
Error: (02/25/2017 06:49:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
is3srv
szkg5
Error: (02/25/2017 06:49:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" ist vom Dienst "RAS-Verbindungsverwaltung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.
Error: (02/25/2017 06:49:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Error: (02/25/2017 06:49:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (02/25/2017 06:49:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.
Error: (02/25/2017 06:47:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst konnte wegen einer fehlerhaften Anmeldung nicht gestartet werden.
Error: (02/25/2017 06:47:09 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
Die Anforderung wird nicht unterstützt.
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (02/25/2017 06:46:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/25/2017 06:46:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/25/2017 06:46:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA Display Container LS" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2016-07-23 17:52:09.662
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-07-23 17:52:09.622
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-07-23 17:52:09.584
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-07-23 17:52:09.546
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-02-13 07:49:15.211
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-02-13 07:49:15.186
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Speicherinformationen ===========================
Prozessor: AMD Phenom(tm) II X4 970 Processor
Prozentuale Nutzung des RAM: 18%
Installierter physikalischer RAM: 8189.55 MB
Verfügbarer physikalischer RAM: 6671.52 MB
Summe virtueller Speicher: 16377.29 MB
Verfügbarer virtueller Speicher: 15086.13 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:595.7 GB) (Free:351.42 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:800.78 GB) (Free:606.89 GB) NTFS
Drive e: () (Fixed) (Total:1398.03 GB) (Free:1015.35 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 000A31F2)
Partition 1: (Active) - (Size=595.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=800.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1398 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
26.02.2017, 11:17
| #7 |
| /// TB-Ausbilder | Search.B1.org ,Popups und Werbe-weiterleitungen im Browser,Antivir/Adwcleaner finden nichts Servus, mit dem Neuaufsetzen kannst du ja noch warten... wir sind ja hier noch nicht fertig.  Seit wann genau hast du denn die genannten Probleme? Schritt 1
Schritt 2 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\...\Run: [CatalinaGroup Update] => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [132104 2017-02-22] (Catalina Group Ltd.)
C:\Users\PsychoMantis\AppData\Local\CatalinaGroup
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
FF Plugin HKU\S-1-5-21-1040861988-1898195639-2225626604-1000: @catalinahub.net/CatalinaGroup Update;version=3 -> C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll [2017-02-22] (Catalina Group Ltd.)
FF Plugin HKU\S-1-5-21-1040861988-1898195639-2225626604-1000: @catalinahub.net/CatalinaGroup Update;version=9 -> C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll [2017-02-22] (Catalina Group Ltd.)
2017-02-22 19:57 - 2017-02-22 19:57 - 00002489 _____ C:\Users\PsychoMantis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrio.lnk
2017-02-22 19:57 - 2017-02-22 19:57 - 00002464 _____ C:\Users\PsychoMantis\Desktop\Citrio.lnk
2017-02-22 19:57 - 2017-02-22 19:57 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\CatalinaGroup
2017-02-22 19:56 - 2017-02-22 19:56 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\webkit
2017-02-22 19:56 - 2017-02-22 19:56 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\midori
2017-02-22 19:22 - 2017-02-22 19:23 - 00726224 _____ (Catalina Group Ltd.) C:\Users\PsychoMantis\Desktop\CitrioSetup.exe
Task: {C5061727-7814-4763-A14E-EAE7210DBC1E} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2017-02-22] (Catalina Group Ltd.)
Task: {E2AE0D16-0BB9-40CE-8486-DF58225F18D9} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2017-02-22] (Catalina Group Ltd.)
Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core.job => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA.job => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\exefile: <===== ACHTUNG
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 3 Bitte setze deine Brower wie folgt zurück: IE ::: Setze folgendermassen den Internet Explorer zurück:
EDGE ::: Edge zurücksetzen FF ::: setze bitte Firefox wie folgt zurück: Firefox zurücksetzen CHR::: Setze Google Chrome nach dieser Anleitung zurück. Schritt 4 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Schritt 5
Bitte poste mit deiner nächsten Antwort
|
|
28.02.2017, 18:46
| #8 |
| | Search.B1.org ,Popups und Werbe-weiterleitungen im Browser,Antivir/Adwcleaner finden nichts Guten Abend, ich bitte um entschuldigung für die Verspätung: -die genannten Probleme hab ich seit ca. 3 Monaten.Erst waren es nur Werbeinblendungen auf so ziemlich jeder Seite die ich besucht habe aber da es mittlerweile kaum noch Seiten im Netz gibt ohne Werbung hab ich mir nichts dabei gedacht obwohl es mehr war als normal.Erst als mir Popups von sunmaker,Bauxe usw. auf Google und youtube um die Ohren flogen wurd ich misstrauisch. Habe jetzt alle Schritte deiner Anleitung durch,hier die Logs: FRST Fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25-02-2017
durchgeführt von PsychoMantis (28-02-2017 18:05:59) Run:1
Gestartet von C:\Users\PsychoMantis\Desktop
Geladene Profile: PsychoMantis (Verfügbare Profile: PsychoMantis)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\...\Run: [CatalinaGroup Update] => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [132104 2017-02-22] (Catalina Group Ltd.)
C:\Users\PsychoMantis\AppData\Local\CatalinaGroup
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
FF Plugin HKU\S-1-5-21-1040861988-1898195639-2225626604-1000: @catalinahub.net/CatalinaGroup Update;version=3 -> C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll [2017-02-22] (Catalina Group Ltd.)
FF Plugin HKU\S-1-5-21-1040861988-1898195639-2225626604-1000: @catalinahub.net/CatalinaGroup Update;version=9 -> C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll [2017-02-22] (Catalina Group Ltd.)
2017-02-22 19:57 - 2017-02-22 19:57 - 00002489 _____ C:\Users\PsychoMantis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrio.lnk
2017-02-22 19:57 - 2017-02-22 19:57 - 00002464 _____ C:\Users\PsychoMantis\Desktop\Citrio.lnk
2017-02-22 19:57 - 2017-02-22 19:57 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\CatalinaGroup
2017-02-22 19:56 - 2017-02-22 19:56 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\webkit
2017-02-22 19:56 - 2017-02-22 19:56 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\midori
2017-02-22 19:22 - 2017-02-22 19:23 - 00726224 _____ (Catalina Group Ltd.) C:\Users\PsychoMantis\Desktop\CitrioSetup.exe
Task: {C5061727-7814-4763-A14E-EAE7210DBC1E} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2017-02-22] (Catalina Group Ltd.)
Task: {E2AE0D16-0BB9-40CE-8486-DF58225F18D9} - System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [2017-02-22] (Catalina Group Ltd.)
Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core.job => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
Task: C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA.job => C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\exefile: <===== ACHTUNG
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozesse erfolgreich geschlossen.
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CatalinaGroup Update => Wert erfolgreich entfernt
C:\Users\PsychoMantis\AppData\Local\CatalinaGroup => erfolgreich verschoben
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=3 => Schlüssel erfolgreich entfernt
C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll => nicht gefunden.
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\MozillaPlugins\@catalinahub.net/CatalinaGroup Update;version=9 => Schlüssel erfolgreich entfernt
C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll => nicht gefunden.
"C:\Users\PsychoMantis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrio.lnk" => nicht gefunden.
"C:\Users\PsychoMantis\Desktop\Citrio.lnk" => nicht gefunden.
"C:\Users\PsychoMantis\AppData\Local\CatalinaGroup" => nicht gefunden.
C:\Users\PsychoMantis\AppData\Local\webkit => erfolgreich verschoben
C:\Users\PsychoMantis\AppData\Local\midori => erfolgreich verschoben
C:\Users\PsychoMantis\Desktop\CitrioSetup.exe => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5061727-7814-4763-A14E-EAE7210DBC1E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5061727-7814-4763-A14E-EAE7210DBC1E} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2AE0D16-0BB9-40CE-8486-DF58225F18D9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2AE0D16-0BB9-40CE-8486-DF58225F18D9} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core => Schlüssel erfolgreich entfernt
C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core.job => erfolgreich verschoben
C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA.job => erfolgreich verschoben
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\exefile => Schlüssel erfolgreich entfernt
========= dir "%ProgramFiles%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 40B2-A193
Verzeichnis von C:\Program Files
26.02.2017 01:40 <DIR> .
26.02.2017 01:40 <DIR> ..
29.11.2015 05:12 <DIR> CCleaner
16.10.2016 06:47 <DIR> Common Files
04.05.2016 19:45 <DIR> CPUID
03.11.2015 08:53 <DIR> Creative
12.04.2011 08:55 <DIR> DVD Maker
23.05.2016 20:07 <DIR> Euthanasia
26.09.2015 06:02 <DIR> GIGABYTE
14.07.2016 08:19 <DIR> Internet Explorer
20.05.2016 18:18 <DIR> KPLab
26.02.2017 01:40 <DIR> Malwarebytes
12.04.2011 08:55 <DIR> Microsoft Games
14.07.2009 06:32 <DIR> MSBuild
18.12.2016 10:46 <DIR> Nexus Mod Manager
28.01.2017 01:50 <DIR> NVIDIA Corporation
14.07.2009 06:32 <DIR> Reference Assemblies
23.02.2017 20:31 <DIR> TeamSpeak 3 Client
26.09.2015 18:06 <DIR> Windows Defender
14.07.2016 08:19 <DIR> Windows Journal
12.04.2011 08:43 <DIR> Windows Mail
10.05.2016 17:48 <DIR> Windows Media Player
26.09.2015 05:50 <DIR> Windows NT
12.04.2011 08:43 <DIR> Windows Photo Viewer
21.11.2010 04:31 <DIR> Windows Portable Devices
12.04.2011 08:43 <DIR> Windows Sidebar
0 Datei(en), 0 Bytes
26 Verzeichnis(se), 376.335.384.576 Bytes frei
========= Ende von CMD: =========
========= dir "%ProgramFiles(x86)%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 40B2-A193
Verzeichnis von C:\Program Files (x86)
22.02.2017 19:45 <DIR> .
22.02.2017 19:45 <DIR> ..
12.12.2015 17:58 <DIR> 7-Zip
17.03.2016 04:02 <DIR> AdwCleaner
12.01.2017 15:10 <DIR> ASCII
16.05.2016 17:18 <DIR> Bandicam
16.05.2016 17:18 <DIR> BandiMPEG1
22.02.2017 19:36 <DIR> Bethesda.net Launcher
22.02.2017 10:55 <DIR> Camfrog
23.08.2016 18:58 <DIR> Cheat Engine 6.5.1
22.02.2017 19:41 <DIR> Common Files
03.11.2015 08:53 <DIR> Creative
12.05.2016 20:16 <DIR> creepy
09.12.2015 17:12 <DIR> Deep Silver
20.05.2016 16:30 <DIR> directx
24.10.2016 09:05 <DIR> EA Games
12.01.2017 20:15 <DIR> Enterbrain
26.09.2015 20:10 <DIR> FreeCodecPack
26.09.2015 06:02 <DIR> GIGABYTE
09.08.2016 16:39 <DIR> Google
14.07.2016 08:19 <DIR> Internet Explorer
05.10.2016 23:13 <DIR> Legend of Grimrock
10.05.2016 15:01 <DIR> Microsoft ASP.NET
20.01.2017 19:42 <DIR> Microsoft.NET
19.12.2016 08:10 <DIR> Mod Organizer
14.07.2009 06:32 <DIR> MSBuild
12.12.2015 16:43 <DIR> MSXML 4.0
26.09.2015 06:01 <DIR> NEC Electronics
28.01.2017 01:49 <DIR> NVIDIA Corporation
25.08.2016 09:16 <DIR> Razer
04.09.2016 06:13 <DIR> Reality Pump
26.09.2015 06:00 <DIR> Realtek
14.07.2009 06:32 <DIR> Reference Assemblies
15.01.2017 23:28 <DIR> ResidentEvilRPGRv1
06.02.2017 01:02 <DIR> rpg2003
07.11.2015 23:02 <DIR> Skillbrains
22.02.2017 19:41 <DIR> Smart Mod Manager
09.11.2016 06:03 <DIR> StarCraft II
09.05.2016 08:38 <DIR> Stardock
19.12.2015 16:46 <DIR> UltraISO
27.03.2016 02:12 <DIR> VideoLAN
16.10.2016 06:48 <DIR> VMware
28.01.2017 01:50 <DIR> VulkanRT
26.09.2015 07:50 <DIR> Warzone 2100-3.1.2
17.07.2016 23:15 <DIR> Wildfire Software
26.09.2015 18:06 <DIR> Windows Defender
12.04.2011 08:43 <DIR> Windows Mail
10.05.2016 17:48 <DIR> Windows Media Player
14.07.2009 06:32 <DIR> Windows NT
12.04.2011 08:43 <DIR> Windows Photo Viewer
21.11.2010 04:31 <DIR> Windows Portable Devices
12.04.2011 08:43 <DIR> Windows Sidebar
15.11.2015 13:24 <DIR> WinRAR
15.01.2017 23:27 <DIR> Xvid
0 Datei(en), 0 Bytes
54 Verzeichnis(se), 376.335.384.576 Bytes frei
========= Ende von CMD: =========
========= dir "%ProgramData%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 40B2-A193
Verzeichnis von C:\ProgramData
22.02.2017 10:42 <DIR> .
22.02.2017 10:42 <DIR> ..
23.07.2016 09:11 <DIR> Apple
06.07.2016 11:11 <DIR> Apple Computer
07.11.2016 14:11 <DIR> Battle.net
08.11.2016 14:15 <DIR> Blizzard Entertainment
20.07.2016 21:47 <DIR> BlueStacksSetup
19.01.2017 00:41 <DIR> boost_interprocess
22.02.2017 10:42 <DIR> Camfrog Update
03.11.2015 08:54 <DIR> Creative
20.01.2016 02:14 <DIR> EA Core
27.09.2016 04:53 <DIR> EA Logs
20.01.2016 02:14 <DIR> Electronic Arts
16.07.2016 11:03 <DIR> Gaijin
26.09.2015 06:02 <DIR> InstallShield
02.12.2016 07:10 <DIR> Intel
26.02.2017 01:40 <DIR> Malwarebytes
28.02.2017 18:06 <DIR> NVIDIA
28.01.2017 01:46 <DIR> NVIDIA Corporation
01.12.2016 18:48 <DIR> Oracle
22.02.2017 10:25 <DIR> Origin
14.01.2017 09:33 <DIR> Package Cache
25.08.2016 09:16 <DIR> Razer
24.10.2016 09:40 <DIR> Solidshield
08.01.2017 16:56 <DIR> spotflux
27.09.2015 05:18 <DIR> Steam
17.01.2017 07:59 <DIR> STOPzilla!
19.01.2017 11:51 <DIR> SUPERAntiSpyware.com
16.10.2016 06:47 <DIR> VMware
27.11.2015 02:34 <DIR> WinZip
0 Datei(en), 0 Bytes
30 Verzeichnis(se), 376.335.380.480 Bytes frei
========= Ende von CMD: =========
========= dir "%Appdata%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 40B2-A193
Verzeichnis von C:\Users\PsychoMantis\AppData\Roaming
22.02.2017 19:43 <DIR> .
22.02.2017 19:43 <DIR> ..
04.08.2016 15:38 <DIR> 11bitstudios
13.08.2016 00:27 <DIR> 7DaysToDie
26.09.2015 18:53 <DIR> Adobe
04.01.2016 19:47 626 All CPU MeterV3_Settings.ini
16.10.2016 06:48 <DIR> Andy
06.07.2016 11:11 <DIR> Apple Computer
16.05.2016 17:19 <DIR> BANDISOFT
22.02.2017 19:35 <DIR> Battle.net
13.11.2015 18:37 <DIR> Brotsoft
22.02.2017 10:45 <DIR> Camfrog
05.08.2016 19:03 <DIR> com.togeproductions.survivors
08.10.2016 08:22 <DIR> Command and Conquer 3 Kanes Wrath
08.10.2016 09:08 <DIR> Command and Conquer 3 Tiberium Wars
05.05.2016 00:49 56 coreavc.ini
04.12.2015 23:50 <DIR> Daimonin
02.03.2016 16:29 <DIR> Daoisoft
17.05.2016 23:48 <DIR> DiskDefrag
07.08.2016 13:34 <DIR> dp3d
20.02.2017 13:51 <DIR> dungeon
28.01.2017 15:54 <DIR> DVDVideoSoft
03.08.2016 07:13 <DIR> Fallout
19.11.2015 01:20 <DIR> Fallout2
19.07.2016 04:56 <DIR> Firefly Studios
28.09.2015 01:13 <DIR> FreeOrion
13.11.2015 18:37 26.602.416 gameboxsetup.exe
22.02.2017 19:39 <DIR> GlarySoft
26.09.2015 05:50 <DIR> Identities
12.03.2016 11:33 <DIR> InstallShield
16.01.2017 12:41 <DIR> Kalypso Media
27.01.2017 20:14 <DIR> Lionhead Studios
21.05.2016 00:22 <DIR> LostSectorOnline
03.11.2015 20:05 <DIR> Macromedia
12.04.2011 08:54 <DIR> Media Center Programs
11.12.2015 22:14 <DIR> Microsoft Games
09.08.2016 16:40 <DIR> Moonchild Productions
29.06.2016 23:20 <DIR> Mount&Blade
01.07.2016 03:32 <DIR> Mount&Blade Warband
30.06.2016 01:06 <DIR> Mount&Blade With Fire and Sword
22.02.2017 19:33 <DIR> Mozilla
29.01.2017 21:55 <DIR> NVIDIA
20.08.2016 21:19 <DIR> Omerta
22.02.2017 19:31 <DIR> Opera Software
22.02.2017 10:25 <DIR> Origin
17.11.2015 00:39 <DIR> ProtectDISC
22.12.2016 07:08 <DIR> RenPy
29.11.2015 13:08 <DIR> Shooter
12.02.2016 05:04 <DIR> Smart Mod Manager
06.02.2017 01:06 <DIR> Soldat
01.12.2016 18:48 <DIR> Sun
19.01.2017 11:51 <DIR> SUPERAntiSpyware.com
01.04.2016 17:26 <DIR> TeamViewer
02.11.2015 16:16 <DIR> Thunderbird
15.11.2015 13:39 <DIR> Trine1
24.02.2017 21:39 <DIR> TS3Client
28.09.2016 01:24 <DIR> Ubisoft
31.12.2015 16:42 <DIR> Unity
19.01.2017 00:36 <DIR> Vendetta
28.02.2017 17:12 <DIR> vlc
16.10.2016 06:18 <DIR> VMware
07.08.2016 14:10 <DIR> WinFellow
15.11.2015 13:24 <DIR> WinRAR
11.12.2015 14:35 <DIR> XRay Engine
3 Datei(en), 26.603.098 Bytes
61 Verzeichnis(se), 376.335.376.384 Bytes frei
========= Ende von CMD: =========
========= dir "%LocalAppdata%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 40B2-A193
Verzeichnis von C:\Users\PsychoMantis\AppData\Local
28.02.2017 18:06 <DIR> .
28.02.2017 18:06 <DIR> ..
30.06.2016 15:37 <DIR> 2K Games
03.02.2016 15:53 <DIR> 4A Games
03.11.2015 20:05 <DIR> Adobe
06.07.2016 11:10 <DIR> Apple
06.07.2016 11:11 <DIR> Apple Computer
25.12.2016 13:35 <DIR> Arktos Entertainment
23.07.2016 00:23 <DIR> Bethesda.net Launcher
15.02.2016 01:14 <DIR> BigHugeEngine
18.12.2016 10:46 <DIR> Black_Tree_Gaming
08.11.2016 14:15 <DIR> Blizzard Entertainment
22.02.2017 10:43 <DIR> Camfrog
03.06.2016 19:21 <DIR> Campbell Wild
18.06.2016 14:56 <DIR> CAPCOM
06.11.2015 11:50 <DIR> CEF
16.04.2016 03:50 <DIR> Chromium
23.02.2017 22:16 <DIR> CrashDumps
03.11.2015 08:54 <DIR> Creative
06.01.2017 19:51 <DIR> DayZ
11.12.2015 11:16 <DIR> Diagnostics
20.05.2016 22:30 <DIR> Downloaded Installations
05.12.2016 18:33 <DIR> dxhr
24.10.2016 09:40 <DIR> EA Games
28.10.2016 17:13 <DIR> ESET
09.12.2016 01:26 <DIR> fabi.me
09.06.2016 18:29 <DIR> Fallout4
27.11.2015 11:26 <DIR> FalloutNV
25.12.2016 13:18 <DIR> FredaikisAB
08.03.2016 22:21 <DIR> GameMaker8.1
22.02.2017 18:58 58.984 GDIPFONTCACHEV1.DAT
22.02.2017 21:05 <DIR> Google
06.11.2015 01:52 <DIR> GWX
27.07.2016 00:19 <DIR> KADOKAWA
18.12.2016 08:01 <DIR> LOOT
03.11.2015 20:05 <DIR> Macromedia
08.03.2016 18:16 <DIR> Mentalmeisters
19.08.2016 22:45 <DIR> Microsoft
25.08.2016 15:10 <DIR> Microsoft Games
19.07.2016 01:43 <DIR> Moonchild Productions
22.02.2017 19:33 <DIR> Mozilla
27.12.2015 03:52 <DIR> My Games
19.12.2016 07:05 <DIR> Nexus
28.01.2017 01:50 <DIR> NVIDIA
28.01.2017 00:46 <DIR> NVIDIA Corporation
22.02.2017 19:31 <DIR> Opera Software
07.10.2016 13:51 <DIR> Origin
17.01.2016 08:57 <DIR> PAYDAY
17.01.2016 09:39 <DIR> PAYDAY 2
20.01.2016 02:14 <DIR> PopCap Games
26.09.2015 20:09 <DIR> Programs
27.12.2015 03:49 <DIR> PunkBuster
25.08.2016 09:16 <DIR> Razer
27.01.2017 22:37 7.636 Resmon.ResmonCfg
26.03.2016 07:08 <DIR> Risen
19.08.2016 22:27 <DIR> Rockstar Games
18.12.2016 06:52 <DIR> Skyrim
22.08.2016 10:14 <DIR> Sniper3
20.08.2016 05:40 <DIR> SniperV2
09.05.2016 08:38 <DIR> Stardock
12.09.2016 18:34 <DIR> Star_Vault
13.12.2016 02:33 <DIR> Steam
16.02.2016 14:05 <DIR> SWTORPerf
21.01.2017 13:17 <DIR> TeamSpeak 3
28.02.2017 18:05 <DIR> Temp
21.11.2015 21:41 <DIR> The Witcher
02.11.2015 16:16 <DIR> Thunderbird
04.05.2016 23:24 <DIR> Trapped Dead
18.01.2016 06:29 <DIR> Two Worlds II
26.01.2017 22:04 <DIR> Ubisoft Game Launcher
24.01.2017 08:11 <DIR> Unity
07.11.2015 23:02 3 updater.log
06.08.2016 21:30 424 UserProducts.xml
05.07.2016 11:24 <DIR> UWKProcess
20.05.2016 22:52 <DIR> VirtualStore
08.03.2016 22:21 <DIR> YoYo_Games_Ltd
4 Datei(en), 67.047 Bytes
72 Verzeichnis(se), 376.335.376.384 Bytes frei
========= Ende von CMD: =========
========= dir "%CommonProgramFiles(x86)%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 40B2-A193
Verzeichnis von C:\Program Files (x86)\Common Files
22.02.2017 19:41 <DIR> .
22.02.2017 19:41 <DIR> ..
08.01.2017 17:01 <DIR> BattlEye
03.05.2016 06:09 <DIR> BioWare
03.11.2015 08:53 <DIR> Creative
26.12.2016 14:50 <DIR> DVDVideoSoft
19.12.2015 16:46 <DIR> EZB Systems
06.02.2017 01:02 <DIR> InstallShield
06.02.2017 01:07 <DIR> microsoft shared
14.07.2009 04:20 <DIR> Services
14.07.2009 04:20 <DIR> SpeechEngines
30.10.2016 00:15 <DIR> Steam
26.09.2015 18:06 <DIR> System
0 Datei(en), 0 Bytes
13 Verzeichnis(se), 376.335.372.288 Bytes frei
========= Ende von CMD: =========
========= dir "%CommonProgramW6432%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 40B2-A193
Verzeichnis von C:\Program Files\Common Files
16.10.2016 06:47 <DIR> .
16.10.2016 06:47 <DIR> ..
06.02.2017 01:07 <DIR> Microsoft Shared
14.07.2009 04:20 <DIR> Services
14.07.2009 04:20 <DIR> SpeechEngines
26.09.2015 18:07 <DIR> System
0 Datei(en), 0 Bytes
6 Verzeichnis(se), 376.335.372.288 Bytes frei
========= Ende von CMD: =========
========= RemoveProxy: =========
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17208983 B
Java, Flash, Steam htmlcache => 218894652 B
Windows/system/drivers => 878 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 33186 B
LocalService => 66228 B
NetworkService => 1242 B
PsychoMantis => 40291250 B
RecycleBin => 553000788 B
EmptyTemp: => 799.1 MB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 18:06:11 ====
Systemlook: Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 18:12 on 28/02/2017 by PsychoMantis
Administrator - Elevation successful
========== filefind ==========
Searching for "*Catalina*"
C:\FRST\Quarantine\C\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe --a---- 132104 bytes [18:57 22/02/2017] [19:02 22/02/2017] 0174C36C61F536F201160DF5D75CA87E
C:\FRST\Quarantine\C\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaCrashHandler.exe --a---- 132104 bytes [19:02 22/02/2017] [19:02 22/02/2017] 0174C36C61F536F201160DF5D75CA87E
C:\FRST\Quarantine\C\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdate.exe --a---- 132104 bytes [19:02 22/02/2017] [19:02 22/02/2017] 0174C36C61F536F201160DF5D75CA87E
C:\FRST\Quarantine\C\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdateBroker.exe --a---- 59912 bytes [19:02 22/02/2017] [19:02 22/02/2017] 0669B56B8505F4840D3D01D8C924838B
C:\FRST\Quarantine\C\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdateHelper.msi --a---- 40960 bytes [19:02 22/02/2017] [19:02 22/02/2017] E6221A9E85DEFE6BC46D0043CF2518ED
C:\FRST\Quarantine\C\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdateOnDemand.exe --a---- 59912 bytes [19:02 22/02/2017] [19:02 22/02/2017] 1B01BEAC6B0AACF5769D696F4C234C2C
C:\FRST\Quarantine\C\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll --a---- 237576 bytes [19:02 22/02/2017] [19:02 22/02/2017] 1628629434CE89BB2FF4F0E9BBA9CFDB
C:\FRST\Quarantine\C\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core.xBAD --a---- 3770 bytes [18:57 22/02/2017] [19:02 22/02/2017] 6C1A55901BE1F0BCE0FF73157EEAA252
C:\FRST\Quarantine\C\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA.xBAD --a---- 4166 bytes [18:57 22/02/2017] [19:02 22/02/2017] C6DE2FBC35B21338FC196C65A87D05AB
C:\FRST\Quarantine\C\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000Core.job.xBAD --a---- 1126 bytes [18:57 22/02/2017] [19:08 26/02/2017] BF0379A29641F9A0B95BB931CD7CB55A
C:\FRST\Quarantine\C\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-1040861988-1898195639-2225626604-1000UA.job.xBAD --a---- 1178 bytes [18:57 22/02/2017] [16:07 28/02/2017] D561E84EE59442290A22DCDC53430E46
Searching for "*Citrio*"
C:\FRST\Quarantine\C\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Extensions\npadbogkkkelklajhndddabnjnbkgcbk\1.1.9_0\images\citrio.png --a---- 1115127 bytes [18:58 22/02/2017] [11:09 08/10/2015] DC17B6A7AAE0489E49C68D698A4454D7
C:\FRST\Quarantine\C\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\Download\{92F8A219-E740-49D5-B785-B962AD819724}\50.0.2661.274\citrio_50.0.2661.274_1.exe --a---- 59425664 bytes [18:57 22/02/2017] [10:16 20/02/2017] F58787441344E275D7FDE1B1DA82BE29
C:\FRST\Quarantine\C\Users\PsychoMantis\Desktop\CitrioSetup.exe.xBAD --a---- 726224 bytes [18:22 22/02/2017] [18:23 22/02/2017] 7C786093DA82495713824F98E331C686
========== folderfind ==========
Searching for "*Catalina*"
C:\FRST\Quarantine\C\Users\PsychoMantis\AppData\Local\CatalinaGroup d------ [18:57 22/02/2017]
Searching for "*Citrio*"
C:\FRST\Quarantine\C\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio d------ [18:57 22/02/2017]
========== regfind ==========
Searching for "Catalina"
[HKEY_CURRENT_USER\Software\CatalinaGroup]
[HKEY_CURRENT_USER\Software\CatalinaGroup\Update]
"path"="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe"
[HKEY_CURRENT_USER\Software\CatalinaGroup\Update]
"LastInstallerSuccessLaunchCmdLine"=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe""
[HKEY_CURRENT_USER\Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"name"="Catalina Update"
[HKEY_CURRENT_USER\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"UninstallString"="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\50.0.2661.274\Installer\setup.exe"
[HKEY_CURRENT_USER\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"LastInstallerSuccessLaunchCmdLine"=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"AppName"="CatalinaUpdateOnDemand.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"AppPath"="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"AppName"="CatalinaUpdate.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"AppPath"="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\PsychoMantis\AppData\Local\CatalinaGroup]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\PsychoMantis\AppData\Local\CatalinaGroup]
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroup.OneClickCtrl.9]
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroup.OneClickCtrl.9]
@="CatalinaGroup Update Plugin"
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser]
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser]
@="CatalinaGroup.OneClickProcessLauncher"
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser\CurVer]
@="CatalinaGroup.OneClickProcessLauncherUser.1.0"
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser.1.0]
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser.1.0]
@="CatalinaGroup.OneClickProcessLauncher"
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroup.Update3WebControl.3]
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroup.Update3WebControl.3]
@="CatalinaGroup Update Plugin"
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser]
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser\CurVer]
@="CatalinaGroupUpdate.CredentialDialogUser.1.0"
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser.1.0]
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser]
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser\CurVer]
@="CatalinaGroupUpdate.OnDemandCOMClassUser.1.0"
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser.1.0]
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser]
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser\CurVer]
@="CatalinaGroupUpdate.Update3COMClassUser.1.0"
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser.1.0]
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.Update3WebUser]
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.Update3WebUser\CurVer]
@="CatalinaGroupUpdate.Update3WebUser.1.0"
[HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.Update3WebUser.1.0]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe"="Citrio"
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-vnd.catalinahub.oneclickctrl.9]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-vnd.catalinahub.update3webcontrol.3]
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}]
@="CatalinaGroup.OneClickProcessLauncher"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\LocalServer32]
@=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdateOnDemand.exe""
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\ProgID]
@="CatalinaGroup.OneClickProcessLauncherUser.1.0"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\VersionIndependentProgID]
@="CatalinaGroup.OneClickProcessLauncherUser"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\LocalServer32]
@=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdateOnDemand.exe""
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\ProgID]
@="CatalinaGroupUpdate.Update3WebUser.1.0"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\VersionIndependentProgID]
@="CatalinaGroupUpdate.Update3WebUser"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{390806A5-88C3-4BD6-B66A-40ED43D183D6}\InProcServer32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\psuser.dll"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\LocalServer32]
@=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe""
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\ProgID]
@="CatalinaGroupUpdate.Update3COMClassUser.1.0"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\VersionIndependentProgID]
@="CatalinaGroupUpdate.Update3COMClassUser"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{6541F196-A2B8-449C-8741-CC884D8F0F89}\InProcServer32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.224\psuser.dll"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
@="CatalinaGroup Update Plugin"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\InprocServer32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\ProgID]
@="CatalinaGroup.Update3WebControl.3"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\LocalServer32]
@=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdateOnDemand.exe""
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\ProgID]
@="CatalinaGroupUpdate.CredentialDialogUser.1.0"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\VersionIndependentProgID]
@="CatalinaGroupUpdate.CredentialDialogUser"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
@="CatalinaGroup Update Plugin"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\InprocServer32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\ProgID]
@="CatalinaGroup.OneClickCtrl.9"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A7232CBE-A4A6-4EE0-8E53-283490ECA031}\InprocHandler32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\psuser.dll"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\LocalServer32]
@=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdateOnDemand.exe""
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\ProgID]
@="CatalinaGroupUpdate.OnDemandCOMClassUser.1.0"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\VersionIndependentProgID]
@="CatalinaGroupUpdate.OnDemandCOMClassUser"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{EF5751F9-BCAF-4203-A1BB-DF20470F9432}\InprocHandler32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.224\psuser.dll"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\psuser.dll"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{7C9F9415-9947-482C-A62B-24A0BD92B8A7}]
@="ICatalinaUpdateCore"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{A1E6F38D-8C9E-4BDA-86A2-1940472A8429}]
@="ICatalinaUpdate"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{A2589E53-1490-4C0A-BFC7-A47B7A88E3D8}]
@="ICatalinaUpdate3WebSecurity"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{F009E353-D4BD-42FE-994E-F6C315055F9B}]
@="ICatalinaUpdate3Web"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{FFC6ECB2-25E8-40EE-BF37-5AA25CBCBA63}]
@="ICatalinaUpdate3"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\CatalinaGroup]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\CatalinaGroup\Update]
"path"="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\CatalinaGroup\Update]
"LastInstallerSuccessLaunchCmdLine"=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe""
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\CatalinaGroup\Update\Clients\{6C598730-F715-407B-A7AE-A8F10D0F8FA7}]
"name"="Catalina Update"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"UninstallString"="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\50.0.2661.274\Installer\setup.exe"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"LastInstallerSuccessLaunchCmdLine"=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe""
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"AppName"="CatalinaUpdateOnDemand.exe"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
"AppPath"="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"AppName"="CatalinaUpdate.exe"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
"AppPath"="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\PsychoMantis\AppData\Local\CatalinaGroup]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\PsychoMantis\AppData\Local\CatalinaGroup]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroup.OneClickCtrl.9]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroup.OneClickCtrl.9]
@="CatalinaGroup Update Plugin"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser]
@="CatalinaGroup.OneClickProcessLauncher"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser\CurVer]
@="CatalinaGroup.OneClickProcessLauncherUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser.1.0]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser.1.0]
@="CatalinaGroup.OneClickProcessLauncher"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroup.Update3WebControl.3]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroup.Update3WebControl.3]
@="CatalinaGroup Update Plugin"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser\CurVer]
@="CatalinaGroupUpdate.CredentialDialogUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser.1.0]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser\CurVer]
@="CatalinaGroupUpdate.OnDemandCOMClassUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser.1.0]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser\CurVer]
@="CatalinaGroupUpdate.Update3COMClassUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser.1.0]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroupUpdate.Update3WebUser]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroupUpdate.Update3WebUser\CurVer]
@="CatalinaGroupUpdate.Update3WebUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\CatalinaGroupUpdate.Update3WebUser.1.0]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe"="Citrio"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\MIME\Database\Content Type\application/x-vnd.catalinahub.oneclickctrl.9]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\MIME\Database\Content Type\application/x-vnd.catalinahub.update3webcontrol.3]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}]
@="CatalinaGroup.OneClickProcessLauncher"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\LocalServer32]
@=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdateOnDemand.exe""
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\ProgID]
@="CatalinaGroup.OneClickProcessLauncherUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\VersionIndependentProgID]
@="CatalinaGroup.OneClickProcessLauncherUser"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\LocalServer32]
@=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdateOnDemand.exe""
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\ProgID]
@="CatalinaGroupUpdate.Update3WebUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\VersionIndependentProgID]
@="CatalinaGroupUpdate.Update3WebUser"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{390806A5-88C3-4BD6-B66A-40ED43D183D6}\InProcServer32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\psuser.dll"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\LocalServer32]
@=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe""
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\ProgID]
@="CatalinaGroupUpdate.Update3COMClassUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\VersionIndependentProgID]
@="CatalinaGroupUpdate.Update3COMClassUser"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{6541F196-A2B8-449C-8741-CC884D8F0F89}\InProcServer32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.224\psuser.dll"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
@="CatalinaGroup Update Plugin"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\InprocServer32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\ProgID]
@="CatalinaGroup.Update3WebControl.3"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\LocalServer32]
@=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdateOnDemand.exe""
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\ProgID]
@="CatalinaGroupUpdate.CredentialDialogUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\VersionIndependentProgID]
@="CatalinaGroupUpdate.CredentialDialogUser"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
@="CatalinaGroup Update Plugin"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\InprocServer32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\ProgID]
@="CatalinaGroup.OneClickCtrl.9"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{A7232CBE-A4A6-4EE0-8E53-283490ECA031}\InprocHandler32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\psuser.dll"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\LocalServer32]
@=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdateOnDemand.exe""
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\ProgID]
@="CatalinaGroupUpdate.OnDemandCOMClassUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\VersionIndependentProgID]
@="CatalinaGroupUpdate.OnDemandCOMClassUser"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{EF5751F9-BCAF-4203-A1BB-DF20470F9432}\InprocHandler32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.224\psuser.dll"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\psuser.dll"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\Interface\{7C9F9415-9947-482C-A62B-24A0BD92B8A7}]
@="ICatalinaUpdateCore"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\Interface\{A1E6F38D-8C9E-4BDA-86A2-1940472A8429}]
@="ICatalinaUpdate"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\Interface\{A2589E53-1490-4C0A-BFC7-A47B7A88E3D8}]
@="ICatalinaUpdate3WebSecurity"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\Interface\{F009E353-D4BD-42FE-994E-F6C315055F9B}]
@="ICatalinaUpdate3Web"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Wow6432Node\Interface\{FFC6ECB2-25E8-40EE-BF37-5AA25CBCBA63}]
@="ICatalinaUpdate3"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroup.OneClickCtrl.9]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroup.OneClickCtrl.9]
@="CatalinaGroup Update Plugin"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroup.OneClickProcessLauncherUser]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroup.OneClickProcessLauncherUser]
@="CatalinaGroup.OneClickProcessLauncher"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroup.OneClickProcessLauncherUser\CurVer]
@="CatalinaGroup.OneClickProcessLauncherUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroup.OneClickProcessLauncherUser.1.0]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroup.OneClickProcessLauncherUser.1.0]
@="CatalinaGroup.OneClickProcessLauncher"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroup.Update3WebControl.3]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroup.Update3WebControl.3]
@="CatalinaGroup Update Plugin"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroupUpdate.CredentialDialogUser]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroupUpdate.CredentialDialogUser\CurVer]
@="CatalinaGroupUpdate.CredentialDialogUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroupUpdate.CredentialDialogUser.1.0]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroupUpdate.OnDemandCOMClassUser]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroupUpdate.OnDemandCOMClassUser\CurVer]
@="CatalinaGroupUpdate.OnDemandCOMClassUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroupUpdate.OnDemandCOMClassUser.1.0]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroupUpdate.Update3COMClassUser]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroupUpdate.Update3COMClassUser\CurVer]
@="CatalinaGroupUpdate.Update3COMClassUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroupUpdate.Update3COMClassUser.1.0]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroupUpdate.Update3WebUser]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroupUpdate.Update3WebUser\CurVer]
@="CatalinaGroupUpdate.Update3WebUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CatalinaGroupUpdate.Update3WebUser.1.0]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe"="Citrio"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\MIME\Database\Content Type\application/x-vnd.catalinahub.oneclickctrl.9]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\MIME\Database\Content Type\application/x-vnd.catalinahub.update3webcontrol.3]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}]
@="CatalinaGroup.OneClickProcessLauncher"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\LocalServer32]
@=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdateOnDemand.exe""
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\ProgID]
@="CatalinaGroup.OneClickProcessLauncherUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}\VersionIndependentProgID]
@="CatalinaGroup.OneClickProcessLauncherUser"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\LocalServer32]
@=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdateOnDemand.exe""
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\ProgID]
@="CatalinaGroupUpdate.Update3WebUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}\VersionIndependentProgID]
@="CatalinaGroupUpdate.Update3WebUser"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{390806A5-88C3-4BD6-B66A-40ED43D183D6}\InProcServer32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\psuser.dll"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\LocalServer32]
@=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe""
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\ProgID]
@="CatalinaGroupUpdate.Update3COMClassUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}\VersionIndependentProgID]
@="CatalinaGroupUpdate.Update3COMClassUser"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{6541F196-A2B8-449C-8741-CC884D8F0F89}\InProcServer32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.224\psuser.dll"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}]
@="CatalinaGroup Update Plugin"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\InprocServer32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}\ProgID]
@="CatalinaGroup.Update3WebControl.3"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\LocalServer32]
@=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdateOnDemand.exe""
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\ProgID]
@="CatalinaGroupUpdate.CredentialDialogUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}\VersionIndependentProgID]
@="CatalinaGroupUpdate.CredentialDialogUser"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}]
@="CatalinaGroup Update Plugin"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\InprocServer32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\npCatalinaUpdate3.dll"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}\ProgID]
@="CatalinaGroup.OneClickCtrl.9"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{A7232CBE-A4A6-4EE0-8E53-283490ECA031}\InprocHandler32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\psuser.dll"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\LocalServer32]
@=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\CatalinaUpdateOnDemand.exe""
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\ProgID]
@="CatalinaGroupUpdate.OnDemandCOMClassUser.1.0"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}\VersionIndependentProgID]
@="CatalinaGroupUpdate.OnDemandCOMClassUser"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{EF5751F9-BCAF-4203-A1BB-DF20470F9432}\InprocHandler32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.224\psuser.dll"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32]
@="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Update\1.3.25.225\psuser.dll"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\Interface\{7C9F9415-9947-482C-A62B-24A0BD92B8A7}]
@="ICatalinaUpdateCore"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\Interface\{A1E6F38D-8C9E-4BDA-86A2-1940472A8429}]
@="ICatalinaUpdate"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\Interface\{A2589E53-1490-4C0A-BFC7-A47B7A88E3D8}]
@="ICatalinaUpdate3WebSecurity"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\Interface\{F009E353-D4BD-42FE-994E-F6C315055F9B}]
@="ICatalinaUpdate3Web"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Wow6432Node\Interface\{FFC6ECB2-25E8-40EE-BF37-5AA25CBCBA63}]
@="ICatalinaUpdate3"
Searching for "Citrio"
[HKEY_CURRENT_USER\Software\CatalinaGroup\Citrio]
[HKEY_CURRENT_USER\Software\CatalinaGroup\CitrioDownloader]
[HKEY_CURRENT_USER\Software\CatalinaGroup\Update]
"LastInstallerSuccessLaunchCmdLine"=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe""
[HKEY_CURRENT_USER\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"referral"="1:citrio_website"
[HKEY_CURRENT_USER\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"UninstallString"="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\50.0.2661.274\Installer\setup.exe"
[HKEY_CURRENT_USER\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"LastInstallerSuccessLaunchCmdLine"=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a52\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList]
"e"="citrio.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList]
"f"="citrio.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nsv\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tac\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xa\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\magnet\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe"="Citrio"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\citrio.exe]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\CatalinaGroup\Citrio]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\CatalinaGroup\CitrioDownloader]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\CatalinaGroup\Update]
"LastInstallerSuccessLaunchCmdLine"=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe""
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"referral"="1:citrio_website"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"UninstallString"="C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\50.0.2661.274\Installer\setup.exe"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\CatalinaGroup\Update\ClientState\{92F8A219-E740-49D5-B785-B962AD819724}]
"LastInstallerSuccessLaunchCmdLine"=""C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe""
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a52\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList]
"e"="citrio.exe"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList]
"f"="citrio.exe"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nsv\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tac\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xa\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\magnet\UserChoice]
"Progid"="CitrioDOC.36F5X52BHUX6YGPBDOSCF55GP4"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio]
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe"="Citrio"
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\PsychoMantis\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe"="Citrio"
Searching for " "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Downloads\FreeYouTubeToMP3Converter.exe"="Free YouTube To MP3 Converter Setup "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{23CEEC87-C498-4873-AECF-FA07F0C28191}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}">
<Descriptor descriptorID="{9A82F712-5A9D-4409-9539-666BBCDFE12D}"/>
<Descriptor descriptorID="{6AB026D3-FAD5-4a18-A53B-2CAFA358AE8F}"/>
<Descriptor descriptorID="{1A796A5D-1E25-4862-9443-1550578FF4C4}"/>
<Descriptor descriptorID="{E04AAEE8-950C-43c4-B75C-D87736A7FAFD}"/>
<Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
</Rating>
<Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{068D40C4-7809-4c67-8FEA-DA457CF990B4}"/>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{392F536B-6EFA-4BCC-A6DC-07273B34E4D5}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
<Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
<Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
<Descriptor descriptorID="{D49A8F0C-B183-4a34-8D86-33F2DC0E2D6C}"/>
</Rating>
<Rating ratingSystemID="{30d34abd-c6b3-4802-924e-f0c9fc65022b}" ratingID="{5AD0F4EC-C8D6-45d8-A9DE-094108A693BD}"/>
<Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{75AEE0A2-8640-4a20-8DE5-EC93D8DAB219}"/>
<Rating ratingSystemID="{0933BE9E-EEA2-404c-8754-F766905FF34D}" ratingID="{A62C9D74-F436-4864-8E3B-AF4724ED490E}">
<Descriptor descripto
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4AA177CE-9307-40DF-A3D4-8A11EDF619CE}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
<Descriptor descriptorID="{0CFCF432-3544-4f78-9426-07A36843E6BA}"/>
<Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
<Descriptor descriptorID="{DD3146A6-20D6-4f57-A170-E621500614AD}"/>
<Descriptor descriptorID="{67987CC4-6B79-4c6b-B3F0-3B6D8677BBEC}"/>
<Descriptor descriptorID="{D49A8F0C-B183-4a34-8D86-33F2DC0E2D6C}"/>
<Descriptor descriptorID="{E8930D9B-3E94-407c-B890-FDB5025DBCA3}"/>
</Rating>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{E2681CD6-318A-4935-8275-AF657045C333}">
<Descriptor descriptorID
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{8B2C0445-2894-4ED5-AF48-7EC8CF11D6A7}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
<Descriptor descriptorID="{0CFCF432-3544-4f78-9426-07A36843E6BA}"/>
<Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
<Descriptor descriptorID="{DD3146A6-20D6-4f57-A170-E621500614AD}"/>
<Descriptor descriptorID="{67987CC4-6B79-4c6b-B3F0-3B6D8677BBEC}"/>
<Descriptor descriptorID="{D49A8F0C-B183-4a34-8D86-33F2DC0E2D6C}"/>
</Rating>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{E2681CD6-318A-4935-8275-AF657045C333}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rati
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{BB3B9A92-3C10-B7C2-C17D-368079DE73EB}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{044D131F-D763-4975-9BB4-8C24CC331063}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
<Descriptor descriptorID="{0CFCF432-3544-4f78-9426-07A36843E6BA}"/>
<Descriptor descriptorID="{22F2530E-A42D-4351-A7F1-0242CFEFF822}"/>
<Descriptor descriptorID="{27202CE3-EB93-49bc-A570-23AEBCC2A742}"/>
<Descriptor descriptorID="{7E0BC004-F80B-402d-A1FC-5FCDFF04DAB1}"/>
<Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
</Rating>
<Rati
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{BB68B0A0-4F74-4ACD-97AC-1C3E5BFC12C3}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
<Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
<Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
<Descriptor descriptorID="{67987CC4-6B79-4c6b-B3F0-3B6D8677BBEC}"/>
<Descriptor descriptorID="{7E0BC004-F80B-402d-A1FC-5FCDFF04DAB1}"/>
</Rating>
<Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{60665875-9C7B-4104-8124-C2094BA9A48B}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{72C4EED7-DC34-4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{C348C5B4-E202-4BAD-8F60-AA9FFDFC6253}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}">
<Descriptor descriptorID="{9A82F712-5A9D-4409-9539-666BBCDFE12D}"/>
<Descriptor descriptorID="{6AB026D3-FAD5-4a18-A53B-2CAFA358AE8F}"/>
<Descriptor descriptorID="{1A796A5D-1E25-4862-9443-1550578FF4C4}"/>
<Descriptor descriptorID="{E04AAEE8-950C-43c4-B75C-D87736A7FAFD}"/>
<Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
</Rating>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rati
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{C72B7609-8BD7-4D61-B8D8-4CA7A11D659D}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
<Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
<Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
<Descriptor descriptorID="{D49A8F0C-B183-4a34-8D86-33F2DC0E2D6C}"/>
</Rating>
<Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{75AEE0A2-8640-4a20-8DE5-EC93D8DAB219}"/>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{E2681CD6-318A-4935-8275-AF657045C333}">
<Descriptor descriptorID="{6AB00271-515B-4a4d-8A6E-9E66BF96A437}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\S-1-5-21-1040861988-1898195639-2225626604-1000\{7D76B967-813A-49DA-A161-E05D7F62DD61}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}">
<Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
<Descriptor descriptorID="{1A796A5D-1E25-4862-9443-1550578FF4C4}"/>
<Descriptor descriptorID="{0CFCF432-3544-4f78-9426-07A36843E6BA}"/>
</Rating>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{044D131F-D763-4975-9BB4-8C24CC331063}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{B3F8E60B-DF77-4104-88AC-F5919C64649A}"/>
<Rati
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\S-1-5-21-1040861988-1898195639-2225626604-1000\{CC8A8B7A-E259-4542-B1AA-D949FE4C2FDC}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
<Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
<Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
<Descriptor descriptorID="{DD3146A6-20D6-4f57-A170-E621500614AD}"/>
<Descriptor descriptorID="{D49A8F0C-B183-4a34-8D86-33F2DC0E2D6C}"/>
<Descriptor descriptorID="{B0DEC59B-3AC4-475e-90F7-242C2A60CA71}"/>
<Descriptor descriptorID="{E8930D9B-3E94-407c-B890-FDB5025DBCA3}"/>
</Rating>
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{B72233AA-D3F0-4258-8E32-94C99F38160E}"/>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Downloads\FreeYouTubeToMP3Converter.exe"="Free YouTube To MP3 Converter Setup "
[HKEY_USERS\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Downloads\FreeYouTubeToMP3Converter.exe"="Free YouTube To MP3 Converter Setup "
-= EOF =-
|
|
28.02.2017, 18:49
| #9 |
| | Search.B1.org ,Popups und Werbe-weiterleitungen im Browser,Antivir/Adwcleaner finden nichts FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01
durchgeführt von PsychoMantis (Administrator) auf SCHNARCHNASE (28-02-2017 18:21:50)
Gestartet von C:\Users\PsychoMantis\Desktop
Geladene Profile: PsychoMantis (Verfügbare Profile: PsychoMantis)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser nicht gefunden!)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
( ) E:\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Sound Blaster Tactic3D Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe [2091008 2014-07-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{C117CC34-04E2-4F4E-8FC3-6ED867D0B4E2}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{D1A94081-FB24-49D1-BD93-0898002FF58F}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-1040861988-1898195639-2225626604-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PsychoMantis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-27] ()
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [Datei ist nicht signiert]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [400656 2017-02-16] (EasyAntiCheat Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
S4 Origin Client Service; D:\Origin\OriginClientService.exe [2122248 2017-02-20] (Electronic Arts)
S2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [2184208 2017-02-20] (Electronic Arts)
S4 PAExec; C:\Windows\PAExec.exe [189112 2016-05-05] (Power Admin LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2015-12-09] ()
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-10-23] (C-Media Inc)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2015-12-09] ()
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2004-03-05] () [Datei ist nicht signiert]
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2015-07-31] (Spotflux, Inc.)
R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2013-05-31] (Creative Technology Ltd.)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S0 szkg5; SySWOW64\drivers\szkg64.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-28 18:21 - 2017-02-28 18:22 - 00007676 _____ C:\Users\PsychoMantis\Desktop\FRST.txt
2017-02-28 18:21 - 2017-02-28 18:21 - 00000000 ____D C:\Users\PsychoMantis\Desktop\FRST-OlderVersion
2017-02-28 18:14 - 2017-02-28 18:14 - 00001067 _____ C:\Users\PsychoMantis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
2017-02-28 18:14 - 2017-02-28 18:14 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\GameRanger
2017-02-28 18:12 - 2017-02-28 18:15 - 00133078 _____ C:\Users\PsychoMantis\Desktop\SystemLook.txt
2017-02-28 18:05 - 2017-02-28 18:06 - 00023094 _____ C:\Users\PsychoMantis\Desktop\Fixlog.txt
2017-02-28 17:56 - 2017-02-28 17:56 - 00165376 _____ C:\Users\PsychoMantis\Desktop\SystemLook_x64.exe
2017-02-28 14:51 - 2017-02-28 14:51 - 03011646 _____ C:\Users\PsychoMantis\Desktop\DLC_UC_PATCH.rar
2017-02-28 03:04 - 2017-02-28 03:04 - 00000000 ____D C:\Users\PsychoMantis\Desktop\Gunnie MapUnlocker
2017-02-28 03:03 - 2017-02-28 03:03 - 00041561 _____ C:\Users\PsychoMantis\Desktop\Gunnie MapUnlocker.zip
2017-02-26 04:52 - 2017-02-28 18:21 - 02423296 _____ (Farbar) C:\Users\PsychoMantis\Desktop\FRST64.exe
2017-02-26 04:40 - 2017-02-26 04:40 - 01663040 _____ (Malwarebytes) C:\Users\PsychoMantis\Desktop\JRT.exe
2017-02-26 01:40 - 2017-02-26 04:41 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-26 01:40 - 2017-02-26 01:40 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-26 01:40 - 2017-02-26 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-26 01:40 - 2017-02-26 01:40 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-26 01:40 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-26 01:39 - 2017-02-26 01:39 - 55566792 _____ (Malwarebytes ) C:\Users\PsychoMantis\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-02-25 18:40 - 2017-02-25 18:40 - 04015056 _____ C:\Users\PsychoMantis\Desktop\AdwCleaner_6.043 (1).exe
2017-02-24 23:42 - 2017-02-25 00:04 - 00184168 _____ C:\TDSSKiller.3.1.0.12_24.02.2017_23.42.43_log.txt
2017-02-24 23:18 - 2017-02-28 18:21 - 00000000 ____D C:\FRST
2017-02-24 23:16 - 2017-02-24 23:16 - 04747704 _____ (AO Kaspersky Lab) C:\Users\PsychoMantis\Desktop\tdsskiller.exe
2017-02-24 17:56 - 2017-02-24 17:56 - 00000000 ____D C:\Users\PsychoMantis\Downloads\Uncut-Patch [Half-Life_Blue Shift]
2017-02-24 17:53 - 2017-02-24 17:53 - 00751263 _____ C:\Users\PsychoMantis\Downloads\Uncut-Patch [Half-Life_Blue Shift].rar
2017-02-24 12:58 - 2017-02-24 12:58 - 00000000 ____D C:\Users\PsychoMantis\Downloads\Gunman_Chronicles_Steam_Version.1
2017-02-24 12:43 - 2017-02-24 12:43 - 00000000 ____D C:\Users\PsychoMantis\Desktop\poke646_anniversary_edition
2017-02-24 12:40 - 2017-02-24 12:50 - 249058628 _____ C:\Users\PsychoMantis\Downloads\Gunman_Chronicles_Steam_Version.1.zip
2017-02-24 12:38 - 2017-02-24 12:42 - 151657053 _____ C:\Users\PsychoMantis\Downloads\poke646_anniversary_edition.zip
2017-02-24 00:47 - 2017-02-24 00:47 - 06406240 _____ (Reason Software Company Inc.) C:\Users\PsychoMantis\Downloads\reason-core-security-setup.exe
2017-02-22 19:56 - 2017-02-22 19:56 - 00000000 ____D C:\Users\PsychoMantis\.dbus-keyrings
2017-02-22 19:45 - 2017-02-22 19:46 - 00271440 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-22 19:35 - 2017-02-22 19:35 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Battle.net
2017-02-22 19:28 - 2017-02-22 19:28 - 00000000 ____D C:\Users\PsychoMantis\Desktop\RevoUninstaller_Portable
2017-02-22 19:24 - 2017-02-22 19:24 - 04015056 _____ C:\Users\PsychoMantis\Desktop\AdwCleaner_6.043.exe
2017-02-22 19:23 - 2017-02-22 19:23 - 00800608 _____ C:\Users\PsychoMantis\Desktop\palemoon-websetup.exe
2017-02-22 18:58 - 2017-02-22 18:58 - 00058984 _____ C:\Users\PsychoMantis\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-22 10:43 - 2017-02-22 10:43 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\Camfrog
2017-02-22 10:42 - 2017-02-22 10:55 - 00000000 ____D C:\Program Files (x86)\Camfrog
2017-02-22 10:42 - 2017-02-22 10:45 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Camfrog
2017-02-22 10:42 - 2017-02-22 10:42 - 00000000 ____D C:\ProgramData\Camfrog Update
2017-02-20 13:51 - 2017-02-20 13:51 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\dungeon
2017-02-16 06:23 - 2017-02-16 06:20 - 00400656 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-01-29 21:55 - 2017-01-29 21:55 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\NVIDIA
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-28 18:17 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-28 18:17 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-28 18:15 - 2011-04-12 08:43 - 00696132 _____ C:\Windows\system32\perfh007.dat
2017-02-28 18:15 - 2011-04-12 08:43 - 00147428 _____ C:\Windows\system32\perfc007.dat
2017-02-28 18:15 - 2009-07-14 06:13 - 01611160 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-28 18:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-02-28 18:14 - 2015-11-30 17:12 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-02-28 18:08 - 2016-05-05 02:37 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-28 18:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-28 17:12 - 2016-03-27 02:12 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\vlc
2017-02-28 11:51 - 2017-01-19 11:51 - 00000524 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0dc4d1a2-623c-450a-96f6-58a57bdaf4dc.job
2017-02-28 02:00 - 2017-01-19 11:51 - 00000524 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4b37f26b-dacc-4734-84f0-a87226293be8.job
2017-02-26 01:40 - 2016-08-25 06:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-25 19:04 - 2017-01-14 08:20 - 00000000 ____D C:\AdwCleaner
2017-02-24 21:39 - 2015-11-03 09:02 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\TS3Client
2017-02-24 01:07 - 2016-10-08 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super nude patch 3
2017-02-24 01:07 - 2016-09-04 06:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reality Pump
2017-02-24 01:07 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-23 22:16 - 2016-02-06 23:32 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\CrashDumps
2017-02-23 20:31 - 2015-11-03 08:44 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-02-22 21:05 - 2016-01-20 20:05 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\Google
2017-02-22 19:58 - 2015-09-27 17:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-22 19:58 - 2015-09-27 17:04 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-22 19:56 - 2015-09-26 05:50 - 00000000 ____D C:\Users\PsychoMantis
2017-02-22 19:43 - 2015-11-15 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-02-22 19:43 - 2015-11-15 13:27 - 00000000 ____D C:\GOG Games
2017-02-22 19:42 - 2016-12-01 22:45 - 00000000 ____D C:\Hex-Editor MX
2017-02-22 19:41 - 2016-02-11 19:00 - 00000000 ____D C:\Program Files (x86)\Smart Mod Manager
2017-02-22 19:39 - 2016-05-17 23:48 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\GlarySoft
2017-02-22 19:37 - 2015-09-28 00:14 - 00000000 ____D C:\Users\PsychoMantis\Documents\My Games
2017-02-22 19:37 - 2015-09-26 06:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-22 19:36 - 2016-07-23 00:22 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2017-02-22 19:34 - 2016-09-02 06:08 - 00000000 ____D C:\Users\PsychoMantis\Documents\PCSX2
2017-02-22 19:33 - 2015-11-03 19:54 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\Mozilla
2017-02-22 19:33 - 2015-11-02 16:16 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Mozilla
2017-02-22 19:31 - 2015-09-26 06:20 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Opera Software
2017-02-22 19:31 - 2015-09-26 06:20 - 00000000 ____D C:\Users\PsychoMantis\AppData\Local\Opera Software
2017-02-22 19:31 - 2015-09-26 05:51 - 00001425 _____ C:\Users\PsychoMantis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-22 10:25 - 2016-01-19 09:01 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Origin
2017-02-22 10:25 - 2016-01-19 09:00 - 00000000 ____D C:\ProgramData\Origin
2017-02-22 05:37 - 2016-12-22 12:58 - 00000000 ____D C:\Users\PsychoMantis\AppData\LocalLow\Mozilla
2017-02-17 16:48 - 2015-09-26 06:50 - 00000000 ____D C:\Users\PsychoMantis\Desktop\Verknüpfungen
2017-02-17 16:47 - 2015-09-26 06:51 - 00000000 ___RD C:\Users\PsychoMantis\Desktop\Games
2017-02-06 05:17 - 2017-01-12 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RGSS-RTP Standard
2017-02-06 05:17 - 2017-01-12 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker 2000 1.05
2017-02-06 01:07 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-06 01:06 - 2016-05-20 22:50 - 00000000 ____D C:\Users\PsychoMantis\AppData\Roaming\Soldat
2017-02-06 01:02 - 2017-01-12 19:05 - 00000000 ____D C:\Program Files (x86)\rpg2003
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-01-04 19:44 - 2016-01-04 19:47 - 0000626 _____ () C:\Users\PsychoMantis\AppData\Roaming\All CPU MeterV3_Settings.ini
2016-05-05 00:37 - 2016-05-05 00:49 - 0000056 _____ () C:\Users\PsychoMantis\AppData\Roaming\coreavc.ini
2015-11-13 18:37 - 2015-11-13 18:37 - 26602416 _____ () C:\Users\PsychoMantis\AppData\Roaming\gameboxsetup.exe
2015-11-05 01:33 - 2017-01-27 22:37 - 0007636 _____ () C:\Users\PsychoMantis\AppData\Local\Resmon.ResmonCfg
2015-11-07 23:02 - 2015-11-07 23:02 - 0000003 _____ () C:\Users\PsychoMantis\AppData\Local\updater.log
2015-11-07 23:02 - 2016-08-06 21:30 - 0000424 _____ () C:\Users\PsychoMantis\AppData\Local\UserProducts.xml
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-02-23 12:08
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
durchgeführt von PsychoMantis (28-02-2017 18:22:14)
Gestartet von C:\Users\PsychoMantis\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-09-26 04:50:41)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1040861988-1898195639-2225626604-500 - Administrator - Disabled)
Gast (S-1-5-21-1040861988-1898195639-2225626604-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1040861988-1898195639-2225626604-1002 - Limited - Enabled)
PsychoMantis (S-1-5-21-1040861988-1898195639-2225626604-1000 - Administrator - Enabled) => C:\Users\PsychoMantis
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)
7-Zip 15.12 (HKLM-x32\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Anno 1404 - Gold Edition (HKLM-x32\...\1440426004_is1) (Version: 2.0.0.2 - GOG.com)
Anno 1503 A.D. (HKLM-x32\...\1438074791_is1) (Version: 2.0.0.5 - GOG.com)
Anno 1602 - Creation of a New World (HKLM-x32\...\1438168222_is1) (Version: 2.0.0.6 - GOG.com)
Anno 1701 A.D. (HKLM-x32\...\1438075172_is1) (Version: 2.0.0.4 - GOG.com)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.4.1036 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)
Call of Pripyat Complete v1.0.2 (HKLM-x32\...\Call of Pripyat Complete_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version: - Cheat Engine)
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - )
Command & Conquerâ„¢ and The Covert Operationsâ„¢ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquerâ„¢ Red Alert, Counterstrike and The Aftermath (HKLM-x32\...\{B9A7CCBE-48F7-4B3E-BD20-76ADDD4DC69F}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command and Conquer 3 Tiberium Wars Complete Collection Version 1.02 (HKLM-x32\...\{01BB7046-6217-4225-BFA8-A5E5DB2B0977}_is1) (Version: 1.02 - Electronic Arts)
Company of Heroes (HKLM\...\Steam App 4560) (Version: - Relic Entertainment)
Company of Heroes (New Steam Version) (HKLM\...\Steam App 228200) (Version: - Relic)
Company of Heroes: Opposing Fronts (HKLM\...\Steam App 9340) (Version: - Relic Entertainment)
Company of Heroes: Tales of Valor (HKLM\...\Steam App 20540) (Version: - Relic Entertainment)
Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)
Counter-Strike: Condition Zero (HKLM\...\Steam App 80) (Version: - Valve)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Cry of Fear (HKLM\...\Steam App 223710) (Version: - Team Psykskallar)
Crysis 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.9.0.0 - Electronic Arts)
DARK (HKLM\...\Steam App 225360) (Version: - Realmforge Studios)
Dark Matter (HKLM\...\Steam App 251410) (Version: - InterWave Studios)
Day of Defeat: Source (HKLM\...\Steam App 300) (Version: - Valve)
Dead Spaceâ„¢ 2 (HKLM-x32\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.943.0 - Electronic Arts)
Deus Ex: Human Revolution - Director's Cut (HKLM\...\Steam App 238010) (Version: - Eidos Montreal)
Die Simsâ„¢ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
Die Simsâ„¢ 3 Late Night (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Late Night) (Version: 1.0.0.0 - Electronic Arts Inc.)
Die Simsâ„¢ 3 Supernatural (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Supernatural) (Version: 1.0.0.0 - Electronic Arts Inc.)
Die Simsâ„¢ 3 Traumkarrieren (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}_The Sims 3 Ambitions) (Version: 1.0.0.0 - Electronic Arts Inc.)
Divine Divinity (HKLM\...\Steam App 214170) (Version: - Larian Studios)
Dungeon Warfare (HKLM-x32\...\Steam App 355980) (Version: - Valsar)
Fable III (HKLM-x32\...\GFWL_{4D53090A-9B45-437B-A66A-831000008300}) (Version: 1.0.0000.131 - Microsoft Game Studios)
Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
Fallout (HKLM-x32\...\1440148836_is1) (Version: 2.1.0.18 - GOG.com)
Far Cry 3 (HKLM-x32\...\Uplay Install 46) (Version: - Ubisoft)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
Final Fantasy VII Steam Edition Version 1.0.9 (HKLM-x32\...\{625A041D-65DA-4E68-9010-419ECD204314}_is1) (Version: 1.0.9 - Square Enix)
FINAL FANTASY VIII (HKLM\...\Steam App 39150) (Version: - SQUARE ENIX)
GameRanger (HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\...\GameRanger) (Version: - GameRanger Technologies)
Half-Life (HKLM\...\Steam App 70) (Version: - Valve)
Half-Life 2: Update (HKLM\...\Steam App 290930) (Version: - Filip Victor)
Half-Life: Blue Shift (HKLM\...\Steam App 130) (Version: - Gearbox Software)
Half-Life: Opposing Force (HKLM\...\Steam App 50) (Version: - Gearbox Software)
Half-Life: Source (HKLM\...\Steam App 280) (Version: - Valve)
Hitman: Absolution (HKLM\...\Steam App 203140) (Version: - IO Interactive)
Infectonator : Survivors (HKLM\...\Steam App 269310) (Version: - Toge Productions)
Jagged Alliance - Back in Action (HKLM\...\Steam App 57740) (Version: - Coreplay GmbH)
Jagged Alliance 2 Wildfire (HKLM-x32\...\1207658743_is1) (Version: 2.1.0.8 - GOG.com)
Jagged Alliance Flashback (HKLM\...\Steam App 256010) (Version: - Full Control)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
Legend of Grimrock II (HKLM-x32\...\1207666193_is1) (Version: 2.1.0.5 - GOG.com)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Lucius II (HKLM\...\Steam App 296830) (Version: - Shiver Games)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mass Effectâ„¢ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
Metro 2033 (HKLM\...\Steam App 43110) (Version: - 4A Games)
Metro: Last Light (HKLM\...\Steam App 43160) (Version: - 4A Games)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Might & Magic X Legacy (HKLM-x32\...\Uplay Install 401) (Version: - Ubisoft)
MOBIUS FINAL FANTASY (HKLM\...\Steam App 536930) (Version: - SQUARE ENIX CO., LTD.)
Mount & Blade (HKLM\...\Steam App 22100) (Version: - TaleWorlds Entertainment)
Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM\...\Steam App 48720) (Version: - TaleWorlds Entertainment)
Mozilla Thunderbird 45.7.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.7.1 (x86 de)) (Version: 45.7.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
Need for Speedâ„¢ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Nether (HKLM\...\Steam App 247730) (Version: - Phosphor Games Studio)
NOX (HKLM-x32\...\{BF152F35-9708-452C-862C-F7E3B62DF732}) (Version: 2.0.0.20 - Electronic Arts, Inc.)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Orcs Must Die! Unchained (HKLM\...\Steam App 427270) (Version: - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version: - The Indie Stone)
RAGE (HKLM-x32\...\Steam App 9200) (Version: - id Software)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
S.T.A.L.K.E.R. - Clear Sky [v1.00010] (HKLM-x32\...\S.T.A.L.K.E.R. - Clear Sky_is1) (Version: 1.00010 - Deep Silver)
S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version: - GSC Game World)
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM\...\Steam App 4500) (Version: - GSC Game World)
Saboteurâ„¢ (HKLM-x32\...\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}) (Version: 1.0.0.0 - Electronic Arts)
Silver (HKLM-x32\...\1207659041_is1) (Version: 2.0.0.15 - GOG.com)
Skyrim Script Extender (SKSE) (HKLM\...\Steam App 365720) (Version: - The SKSE Team)
Soda Dungeon (HKLM\...\Steam App 564710) (Version: - AN Productions)
Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version: - Valve)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader 2 (HKLM\...\Steam App 232890) (Version: - FireFly Studios)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Stronghold Crusader Extreme HD (HKLM\...\Steam App 16700) (Version: - Firefly Studios)
Stronghold Crusader HD (HKLM\...\Steam App 40970) (Version: - FireFly Studios)
Stronghold HD (HKLM\...\Steam App 40950) (Version: - FireFly Studios)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Tempest (HKLM\...\Steam App 418180) (Version: - Lion's Shade)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Sims(TM) 3 (HKLM\...\Steam App 47890) (Version: - The Sims Studio)
Trine Enhanced Edition (HKLM-x32\...\1207659020_is1) (Version: 2.0.0.2 - GOG.com)
Two Worlds (HKLM-x32\...\Two Worlds) (Version: 1.7.0 - )
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - )
Unepic (HKLM-x32\...\GOGPACKUNEPIC_is1) (Version: 2.2.0.7 - GOG.com)
Unity Web Player (HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.8.1 (HKLM\...\VulkanRT1.0.8.1) (Version: 1.0.8.1 - LunarG, Inc.)
Warzone 2100-3.1.2 (HKLM-x32\...\Warzone 2100-3.1.2) (Version: 3.1.2 - Warzone 2100 Project)
Wasteland 2 - Ranger Edition (HKLM-x32\...\{52CC6D4B-B565-4908-A524-5DA978EB4D3B}_is1) (Version: 1.0 - inXile Entertainment)
WinRAR 5.21 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wizardry 8 (HKLM\...\Steam App 245450) (Version: - Sir-Tech Canada)
Worms Clan Wars (HKLM\...\Steam App 233840) (Version: - Team17 Digital Ltd)
Worms Reloaded (HKLM\...\Steam App 22600) (Version: - Team17 Digital Ltd)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.3 - Xvid Team)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CLSID\{01E9FAE9-3819-4dd9-B1D9-998A1C62D1F8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1040861988-1898195639-2225626604-1000_Classes\CLSID\{9CF1512B-6019-4573-9466-57AA61960209}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {6B69E57D-FDD0-4E27-8EB7-9F10151A62DA} - System32\Tasks\SUPERAntiSpyware Scheduled Task 0dc4d1a2-623c-450a-96f6-58a57bdaf4dc => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {6D53FC9D-0825-4777-BFB5-EEED6F8E0984} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
Task: {82A5FE1D-ACA2-470A-BE55-9DDA5F8FA86C} - System32\Tasks\SUPERAntiSpyware Scheduled Task 4b37f26b-dacc-4734-84f0-a87226293be8 => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {89BE678F-262C-4A73-8DE7-9EE6D419FFD3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0dc4d1a2-623c-450a-96f6-58a57bdaf4dc.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4b37f26b-dacc-4734-84f0-a87226293be8.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-05-05 02:37 - 2016-10-25 21:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-11-16 17:55 - 2015-11-16 17:55 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-11-03 08:52 - 2014-03-24 10:37 - 00074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2015-11-03 08:52 - 2014-03-24 10:33 - 00274944 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2015-11-06 11:49 - 2016-12-23 19:28 - 00657184 _____ () E:\Steam\SDL2.dll
2015-11-06 11:49 - 2016-09-01 02:02 - 04969248 _____ () E:\Steam\v8.dll
2015-11-06 11:49 - 2016-09-01 02:02 - 01563936 _____ () E:\Steam\icui18n.dll
2015-11-06 11:49 - 2016-09-01 02:02 - 01195296 _____ () E:\Steam\icuuc.dll
2015-11-06 11:49 - 2017-01-19 02:30 - 02327840 _____ () E:\Steam\video.dll
2015-11-06 11:49 - 2016-01-27 08:49 - 02549760 _____ () E:\Steam\libavcodec-56.dll
2015-11-06 11:49 - 2016-01-27 08:49 - 00442880 _____ () E:\Steam\libavutil-54.dll
2015-11-06 11:49 - 2016-01-27 08:49 - 00491008 _____ () E:\Steam\libavformat-56.dll
2015-11-06 11:49 - 2016-01-27 08:49 - 00332800 _____ () E:\Steam\libavresample-2.dll
2015-11-06 11:49 - 2016-01-27 08:49 - 00485888 _____ () E:\Steam\libswscale-3.dll
2015-11-06 11:49 - 2017-01-19 02:30 - 00838432 _____ () E:\Steam\bin\chromehtml.DLL
2016-03-09 12:19 - 2016-07-04 23:17 - 00266560 _____ () E:\Steam\openvr_api.dll
2016-12-13 02:33 - 2017-01-05 04:12 - 68813088 _____ () E:\Steam\bin\cef\cef.win7\libcef.dll
2015-11-06 11:49 - 2017-01-19 02:30 - 00383776 _____ () E:\Steam\steam.dll
2015-11-06 11:49 - 2015-09-25 00:52 - 00119208 _____ () E:\Steam\winh264.dll
2017-02-28 17:52 - 2017-02-28 17:52 - 00310835 _____ () E:\Steam\steamapps\common\Stronghold Crusader Extreme\binkw32.dll
2017-02-28 17:52 - 2017-02-28 17:55 - 00348160 _____ () E:\Steam\steamapps\common\Stronghold Crusader Extreme\mss32.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2017-01-17 00:02 - 00000042 ____A C:\Windows\system32\Drivers\etc\hosts
::1 localhost
127.0.0.1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1040861988-1898195639-2225626604-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: DigitalWave.Update.Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HDD Observer Service => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: PAExec => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HandyAndy.lnk => C:\Windows\pss\HandyAndy.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvid\CheckUpdate.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{2DF2F9C7-C7FD-4EEF-903D-9440259ECF30}C:\program files (x86)\warzone 2100-3.1.2\warzone2100.exe] => (Allow) C:\program files (x86)\warzone 2100-3.1.2\warzone2100.exe
FirewallRules: [UDP Query User{178180C1-905A-4E8F-9D3B-288A540125B3}C:\program files (x86)\warzone 2100-3.1.2\warzone2100.exe] => (Allow) C:\program files (x86)\warzone 2100-3.1.2\warzone2100.exe
FirewallRules: [{E186F0A6-0332-40C6-B50D-0CCB6EB981DA}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{458307DC-DC3B-4E44-B1B6-E57B619E9B97}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{9235C082-A288-4602-92CC-3F4374272BBD}] => (Allow) E:\Steam\steamapps\common\Dungeon Warfare\DW.exe
FirewallRules: [{08943D30-7454-44F7-993D-7C85412E858F}] => (Allow) E:\Steam\steamapps\common\Dungeon Warfare\DW.exe
FirewallRules: [{42EEAA17-AAAF-4AA2-B074-A35E76348756}] => (Allow) E:\Steam\steamapps\common\RAGE\Rage.exe
FirewallRules: [{7E26F1BE-038F-4A79-B705-A2C27A2B159D}] => (Allow) E:\Steam\steamapps\common\RAGE\Rage.exe
FirewallRules: [{D572C638-F50E-45F6-A84E-D620594DBEFF}] => (Allow) E:\Steam\steamapps\common\RAGE\Rage64.exe
FirewallRules: [{AD830741-3499-492B-97D7-6A53B4D2F28F}] => (Allow) E:\Steam\steamapps\common\RAGE\Rage64.exe
FirewallRules: [{1932BC1E-156B-451C-A40E-6A8B4E09D3D7}] => (Allow) C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe
FirewallRules: [{737EDB2B-75DA-473F-9EC0-E192DDB65462}] => (Allow) C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe
FirewallRules: [{7D5B8A88-D6C0-46C1-8EA9-D939D0D2AA64}] => (Allow) C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe
FirewallRules: [{4BA4C04B-5EC6-4BD4-B0A8-1987BF6E8D83}] => (Allow) C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe
FirewallRules: [{00A6AF7E-5EB7-4916-A019-334A2E68E6A6}] => (Allow) E:\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{1804D4C0-02C5-4708-BF4E-D23AFAEF2FB8}] => (Allow) E:\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{5288ECDA-F481-491F-8EC3-39A153956AB0}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{13B8D26C-7FEC-4278-AD89-F28823033947}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{E1073460-7150-4CF4-BC34-B3709A91C19B}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{16A90A91-4C03-460A-B997-6A4AA64B02F6}] => (Allow) D:\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [TCP Query User{B2FFD18C-3BCE-439C-93F8-B98FA3289D95}D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{01871491-AFE7-455A-9214-E07E635AA0F7}D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3.exe
FirewallRules: [TCP Query User{B041CC71-CACD-46E5-85B9-A6ADB9E2266A}D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [UDP Query User{4BF7D26D-B963-4F6B-B7AC-E6848DE4465B}D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{4E2813A1-F980-4BF5-96BF-57C110EDEC31}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{C29F9DCA-D631-4592-B916-D4C34B0FAA03}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{FCCEAA7B-A4B4-4904-8ED1-4ED1F42B5301}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{B74105CA-75FC-40A6-A35F-EB1818BD5D4E}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{91B4C70D-5F86-4A35-B15B-A415F5D29829}] => (Allow) E:\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{84121DCB-4583-4880-B3F3-7A2A77E60FBD}] => (Allow) E:\Steam\steamapps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{1FA3539B-5B56-43C9-AB6F-AE717555AA20}] => (Allow) E:\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{1C8AD1DF-4F09-4FB6-A337-70D395B89D43}] => (Allow) E:\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{A3D3C5AA-5F38-4AAE-BE11-5646550ABD89}] => (Allow) D:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{B89C54FE-38C0-4542-9FA7-7A980A995D58}] => (Allow) D:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{145406CD-8204-4D5F-930B-28A07156CB27}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{370AA135-5D1A-45B4-B94F-E9C322CAE4B1}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{842EA3AE-42E6-4099-B389-2AC7092BF23A}] => (Allow) D:\Ubisoft Game Launcher\games\Might & Magic® X Legacy\Might and Magic X Legacy.exe
FirewallRules: [TCP Query User{13AE2AE4-90EB-49B4-9757-41E1B181BB27}E:\steam\steamapps\common\cry of fear\cof.exe] => (Allow) E:\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{E69C5EEB-2452-42C8-A98B-2FF6EADBDCFD}E:\steam\steamapps\common\cry of fear\cof.exe] => (Allow) E:\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{6A5D9B59-564F-4954-AF9A-EEC11C53D2A4}] => (Allow) E:\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [{EC11A1BD-6EB4-4935-BF85-6AFF4FAF294B}] => (Allow) E:\Steam\steamapps\common\Company of Heroes\RelicCOH.exe
FirewallRules: [TCP Query User{47F1FFAB-E697-42EE-909D-A57E2F42CF0A}E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [UDP Query User{CDD2EF06-CC75-4B4E-8E23-8454A5EF8C67}E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [{DCF489D1-DF48-48DA-AE95-393005878F96}] => (Allow) E:\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{89EE68A3-C44E-4574-A811-CF18C8CB4313}] => (Allow) E:\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{3BCEEA0F-34C7-480C-A23C-0453B963DF97}] => (Allow) E:\Steam\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{EB56EFF9-CE9E-40BF-990F-9C5E7E82D354}] => (Allow) E:\Steam\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{54FC0C36-54F3-4D08-A599-A68263E957B4}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{C6462AAB-C84D-4930-A1FE-0D1372FC81F5}] => (Allow) E:\Steam\steamapps\common\7 Days To Die\7dLauncher.exe
FirewallRules: [{4C97E880-7E45-4145-B41C-4872C6114CF3}] => (Allow) E:\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{03678835-CDCB-48C0-8BA9-9FFF68916C0E}] => (Allow) E:\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [TCP Query User{040E1D32-38D6-40D9-9429-55F49E0ABB1F}E:\steam\steamapps\common\projectzomboid\jre\bin\java.exe] => (Allow) E:\steam\steamapps\common\projectzomboid\jre\bin\java.exe
FirewallRules: [UDP Query User{BC02739F-7C12-4D0F-B945-8A9CA77E1FF6}E:\steam\steamapps\common\projectzomboid\jre\bin\java.exe] => (Allow) E:\steam\steamapps\common\projectzomboid\jre\bin\java.exe
FirewallRules: [{418701CC-E5F9-4915-B968-A22EE40FFC34}] => (Allow) E:\Steam\steamapps\common\Mount and Blade\runme.exe
FirewallRules: [{7FDDDD50-9E59-4EEE-BF36-B0C2F70A5A14}] => (Allow) E:\Steam\steamapps\common\Mount and Blade\runme.exe
FirewallRules: [{29947EED-E41B-4AF1-9BC8-59A8DAFC8D09}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{D3FA6522-562C-4A69-AAEA-07FCADE1370E}] => (Allow) E:\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{260FBA99-FB69-4496-B64E-DC717B59CDCA}] => (Allow) E:\Steam\steamapps\common\divine_divinity\div.exe
FirewallRules: [{F4844D3B-9ADC-43FD-86B0-2B9E714CE70B}] => (Allow) E:\Steam\steamapps\common\divine_divinity\div.exe
FirewallRules: [{06DDA994-1246-4A8D-84FA-3AC5BAFCCBC2}] => (Allow) E:\Steam\steamapps\common\divine_divinity\configtool.exe
FirewallRules: [{79DD0C66-F8D7-43E7-B4D4-1010F00B31C9}] => (Allow) E:\Steam\steamapps\common\divine_divinity\configtool.exe
FirewallRules: [{2A7D588D-E3CD-48D5-A7AF-AB806A90A3C9}] => (Allow) E:\Steam\steamapps\common\Wizardry8\Wiz8.exe
FirewallRules: [{C8B7C5F7-A973-4E2E-BD77-74A96CB88D83}] => (Allow) E:\Steam\steamapps\common\Wizardry8\Wiz8.exe
FirewallRules: [{9ED81E86-44A2-4373-AD19-D7B9CA9BCE24}] => (Allow) E:\Steam\steamapps\common\Wizardry8\3DSetup.exe
FirewallRules: [{50754A9B-808D-456F-8141-D16864AD7C47}] => (Allow) E:\Steam\steamapps\common\Wizardry8\3DSetup.exe
FirewallRules: [{DDEC4005-F653-4CD3-B09C-3A8713A23805}] => (Allow) E:\Steam\steamapps\common\Wizardry8\nglide_config.exe
FirewallRules: [{722A7734-844A-465C-A9CD-23360C927BC9}] => (Allow) E:\Steam\steamapps\common\Wizardry8\nglide_config.exe
FirewallRules: [{EE4F29D5-84DA-461A-9AE1-76A87F7D8F16}] => (Allow) E:\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{198A0E5E-790A-4C88-A118-29FCD8AE79EC}] => (Allow) E:\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{16531EFE-8083-4A5F-8C6E-C4A4F077A916}] => (Allow) E:\Steam\steamapps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{0D336776-E2CD-43B5-A3F1-6328555092C4}] => (Allow) E:\Steam\steamapps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [TCP Query User{694A6F46-106F-4345-B825-FF13D67ABFDF}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{6F0D6AA6-2C47-49FF-A617-8C17E6548B26}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{FFF5E0DA-3C4C-427A-AD00-044531D520CC}] => (Allow) E:\Steam\steamapps\common\Dark\DarkApp.exe
FirewallRules: [{FBBD43D1-5CEA-45CE-8993-2305815F076E}] => (Allow) E:\Steam\steamapps\common\Dark\DarkApp.exe
FirewallRules: [{25283AD8-0424-4D80-8323-031B2385489C}] => (Allow) E:\Steam\steamapps\common\Infectonator Survivors\Survivors.exe
FirewallRules: [{0BE33B6F-1667-4801-ACF6-89BACDDAE4E1}] => (Allow) E:\Steam\steamapps\common\Infectonator Survivors\Survivors.exe
FirewallRules: [{7DEC3B47-2711-4FA2-9CD1-32DCA3C17AD5}] => (Allow) E:\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{2946C77D-F96F-431A-86D6-384E47A826FF}] => (Allow) E:\Steam\steamapps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{F49FF3F9-8EC3-448D-95C6-FA3F720175B7}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert\RA95Launcher.exe
FirewallRules: [{11188EC5-2591-41F6-B823-2AB4BB202FE9}] => (Allow) D:\Program Files (x86)\Origin Games\Command and Conquer Red Alert\RA95Launcher.exe
FirewallRules: [{635AE084-5393-4D4D-9618-D39F46E1C713}] => (Allow) D:\Program Files (x86)\Origin Games\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{F60568DF-0C97-40BA-BCB3-784BD49F5EFE}] => (Allow) D:\Program Files (x86)\Origin Games\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{E5A6F64F-C441-4501-A35B-E92DE9D248F5}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds.exe
FirewallRules: [{88BD701C-84A1-4A66-9455-29241A126A12}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds.exe
FirewallRules: [{34FC09BD-DE65-4782-862C-0DA222857A82}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{B8DFD8FF-4BEC-48A3-830A-E50F5CBECC44}] => (Allow) C:\Program Files (x86)\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe
FirewallRules: [{FDE7F0A6-FD85-4191-9AD4-0D1FC65CB5DB}] => (Allow) D:\Program Files (x86)\Origin Games\Crysis 2\bin32\Crysis2.exe
FirewallRules: [{32D2EBB3-A2BD-4E9B-8162-E88462FEAF62}] => (Allow) D:\Program Files (x86)\Origin Games\Crysis 2\bin32\Crysis2.exe
FirewallRules: [TCP Query User{16504E92-6EA7-4C81-86BC-0E5E5EF49196}C:\gog games\anno 1404 gold edition\tools\anno4web.exe] => (Allow) C:\gog games\anno 1404 gold edition\tools\anno4web.exe
FirewallRules: [UDP Query User{E7DC6F7C-5E40-4986-9E6D-9B96832070DA}C:\gog games\anno 1404 gold edition\tools\anno4web.exe] => (Allow) C:\gog games\anno 1404 gold edition\tools\anno4web.exe
FirewallRules: [TCP Query User{60BE6388-8956-46C1-90E9-154AB57ACF9E}C:\gog games\anno 1404 gold edition\tools\addonweb.exe] => (Allow) C:\gog games\anno 1404 gold edition\tools\addonweb.exe
FirewallRules: [UDP Query User{11FD80DF-D210-449C-8DED-D530D72FAAFD}C:\gog games\anno 1404 gold edition\tools\addonweb.exe] => (Allow) C:\gog games\anno 1404 gold edition\tools\addonweb.exe
FirewallRules: [TCP Query User{36E2F920-C909-44F2-8FE9-81FDC9638211}C:\gog games\anno 1701 ad\anno1701.exe] => (Block) C:\gog games\anno 1701 ad\anno1701.exe
FirewallRules: [UDP Query User{195E86DC-92B2-44B0-A261-2FED6115A963}C:\gog games\anno 1701 ad\anno1701.exe] => (Block) C:\gog games\anno 1701 ad\anno1701.exe
FirewallRules: [{ED0F6A68-EFF1-4577-9669-64312916C3E8}] => (Allow) E:\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [{5DD41378-C4B5-4398-91E8-989B68315F89}] => (Allow) E:\Steam\steamapps\common\The Sims 3\Game\Bin\Sims3Launcher.exe
FirewallRules: [TCP Query User{0C925492-2CE0-407F-AAEA-E25254DC4D64}C:\program files (x86)\ea games\dead space 2\deadspace2.exe] => (Allow) C:\program files (x86)\ea games\dead space 2\deadspace2.exe
FirewallRules: [UDP Query User{0F1386EF-1479-460D-BA37-1858A4F77A19}C:\program files (x86)\ea games\dead space 2\deadspace2.exe] => (Allow) C:\program files (x86)\ea games\dead space 2\deadspace2.exe
FirewallRules: [TCP Query User{2C385A7E-406E-411E-A52A-279D9AB9E8DA}C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe
FirewallRules: [UDP Query User{11E62554-4DD5-49C0-B876-036448A0EF2F}C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe
FirewallRules: [{64037DE9-3E4F-4787-A6B2-25D7A0C1BDBC}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{A30BE363-2B9F-4DEB-8510-C1942EB0B11C}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{34C1A6F9-54F5-4092-A879-9EEDCD86E7AF}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{F0B158C3-A5AE-4B14-9F8B-5B5CF07656E5}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{FCB6AF31-40FF-4918-A7AC-65A7E1267160}] => (Allow) E:\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{B78F1E9C-252C-41ED-AFC6-26DF8C5EA783}] => (Allow) E:\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{3992AA66-F08D-4427-BA72-73D674143F34}] => (Allow) E:\Steam\steamapps\common\Nether\Game\Binaries\Win64\Nether.exe
FirewallRules: [{6893D4F0-4DD1-4602-A0A9-EAB1E797CAE3}] => (Allow) E:\Steam\steamapps\common\Nether\Game\Binaries\Win64\Nether.exe
FirewallRules: [{8FEF6526-215B-41E4-BE00-23E9B5D3EC61}] => (Allow) E:\Steam\steamapps\common\Jagged Alliance Flashback\game.exe
FirewallRules: [{F57658C5-502C-4266-9457-D19A7CE7518A}] => (Allow) E:\Steam\steamapps\common\Jagged Alliance Flashback\game.exe
FirewallRules: [{B6DAC352-61C0-4E72-97DE-2E3577C6FCD3}] => (Allow) E:\Steam\steamapps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe
FirewallRules: [{7B78E859-62D1-484C-AD8D-8F3B7ACE3A06}] => (Allow) E:\Steam\steamapps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe
FirewallRules: [{28D2ADF4-416B-4FAD-A765-A09677CA2048}] => (Allow) E:\Steam\steamapps\common\Tempest\Tempest.exe
FirewallRules: [{45827811-9DB9-4244-A4FE-273563A461F0}] => (Allow) E:\Steam\steamapps\common\Tempest\Tempest.exe
FirewallRules: [{8B56524A-D441-4886-A4FE-392BD8C83CA6}] => (Allow) E:\Steam\steamapps\common\JABIA\JaggedAllianceBIA.exe
FirewallRules: [{ED6C1226-E4DE-4035-9379-2BF574BFF6E5}] => (Allow) E:\Steam\steamapps\common\JABIA\JaggedAllianceBIA.exe
FirewallRules: [{400D4721-22A4-4249-8D92-22AFF79C2BB7}] => (Allow) E:\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{FF234DF1-8935-4B8E-94A1-2BA3E2D6F6C6}] => (Allow) E:\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{58A4C62B-2D65-4FF4-9A55-5A747672B4C6}] => (Allow) E:\Steam\steamapps\common\dark matter iw\darkmatter.exe
FirewallRules: [{0064812B-23E2-4814-A69D-DF516592024C}] => (Allow) E:\Steam\steamapps\common\dark matter iw\darkmatter.exe
FirewallRules: [{E550E41B-B14D-4C67-A71C-0AAF4A6D9BEB}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C9E21792-CB51-470B-AB69-9D6AC3E26A45}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FAFC7B48-477E-42DC-92CC-A9D638449840}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BCE84615-2A7F-48D3-87C9-876702FBAA2F}] => (Allow) E:\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{40B66E86-32D0-4D44-A9C7-31736428B338}] => (Allow) E:\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{E155D1AE-60D0-4EF1-AB91-6CC1A6523A83}] => (Allow) E:\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{89F42CB6-9B5D-47FD-A342-690A01188B2D}] => (Allow) E:\Steam\steamapps\common\Stronghold\Stronghold.exe
FirewallRules: [{6E00144A-255B-4F79-91DA-89214D8DB40D}] => (Allow) E:\Steam\steamapps\common\Stronghold\Stronghold.exe
FirewallRules: [{F686AD16-66C6-48EE-B138-5EE216A78A31}] => (Allow) E:\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{DE865DEF-8656-42D0-B393-7FF97B15CBF6}] => (Allow) E:\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{7EB5DF75-E967-4D65-84F1-FE3E42F750C6}] => (Allow) E:\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{FD4F13DC-1AAA-4328-AAEE-4D0AE9B7E8C2}] => (Allow) E:\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{6A094FF6-5CF9-4C5F-818B-9CAACFCB5308}] => (Allow) E:\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{626765FE-95B8-4076-ABBA-EC750CE4DFCC}] => (Allow) E:\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{78187502-186B-4AF9-9928-45205AF5C177}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{DAD562D5-6DCC-4F40-8B8E-327A10419D49}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{B2CEBBBB-1D4D-47D5-B006-2B0C94C9E7D9}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{9DCDB133-BF7C-4C61-AEB1-E6B49C6BA16C}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{3E16B1F4-59A3-4D96-8CF1-5BE4D4AF9A97}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{B4E69F6A-E78A-4381-AB6A-82884A7EFE85}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{FF66C954-32BE-487F-9230-653D94504CC4}] => (Allow) D:\Fable3\Fable3.exe
FirewallRules: [{2CD94E65-01A5-4253-80F7-59B9B8E931EA}] => (Allow) D:\Fable3\Fable3.exe
FirewallRules: [{C10AF9EA-6F64-4185-992E-C4099C5A3C43}] => (Allow) E:\Steam\steamapps\common\MOBIUS FINAL FANTASY\mobiusff.exe
FirewallRules: [{23B698BD-7B9F-4DAE-A8B8-F33749673458}] => (Allow) E:\Steam\steamapps\common\MOBIUS FINAL FANTASY\mobiusff.exe
FirewallRules: [{3C0D2895-BCFD-4B36-90D7-48D3D1ACA5A5}] => (Allow) E:\Steam\steamapps\common\Soda Dungeon\dungeon.exe
FirewallRules: [{37C773D3-E70B-41D4-8ACE-C98D902BD939}] => (Allow) E:\Steam\steamapps\common\Soda Dungeon\dungeon.exe
FirewallRules: [{6730A466-0FC3-4B29-97DC-70748F30F627}] => (Allow) E:\Steam\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe
FirewallRules: [{BDFF083A-A905-493B-BB94-68DC9F714E1D}] => (Allow) E:\Steam\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe
FirewallRules: [{42BB2F06-48F5-4CA0-A7C2-F6EBF351DD06}] => (Allow) E:\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{C90F413A-502E-429E-A175-5CC8A2E14B2C}] => (Allow) E:\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{E85B123F-3716-4E33-B654-126FA0E7F1D5}] => (Allow) E:\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{5E7BACF8-C17C-43F4-89DE-8B3CA7FF3C47}] => (Allow) E:\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{E05AF301-C036-4566-9589-091CF8A3B917}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{6E703A90-81EB-4B99-B662-20038244756B}] => (Allow) E:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{8BD94752-A8A9-4EE8-8681-EA6EFF09EDEB}] => (Allow) E:\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{2B386774-FE37-4ACF-9B4C-16577B027193}] => (Allow) E:\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{506E2472-BBBD-43A4-9F4A-8B19B9E35CE0}] => (Allow) E:\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{F36505EE-9B5C-4750-B4EA-4A660208C156}] => (Allow) E:\Steam\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{8A9E701D-16E8-4809-8E5B-CE4937511D96}] => (Allow) E:\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{42B28EF7-4079-4750-BD32-AFB75811E61E}] => (Allow) E:\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{86529D8C-BAD2-41D3-8ACC-2D0826327267}] => (Allow) E:\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{B515A73F-7657-440F-B180-D17BF17FBECC}] => (Allow) E:\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
==================== Wiederherstellungspunkte =========================
22-02-2017 19:30:35 Revo Uninstaller's restore point - Opera Stable 43.0.2442.991
22-02-2017 19:32:38 Revo Uninstaller's restore point - Mozilla Firefox 51.0.1 (x86 de)
22-02-2017 19:34:07 Revo Uninstaller's restore point - Xvid Video Codec
22-02-2017 19:34:35 Revo Uninstaller's restore point - PCSX2 - Playstation 2 Emulator
22-02-2017 19:34:59 Revo Uninstaller's restore point - Smart Mod Manager
22-02-2017 19:36:51 Entfernt Command & Conquer Die ersten 10 Jahre
22-02-2017 19:37:27 Crysis(R) entfernt.
22-02-2017 19:39:36 Removed GTA2
22-02-2017 19:41:40 Removed Smart Mod Manager
26-02-2017 04:43:23 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (02/23/2017 10:16:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x56130448
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xcbc
Startzeit der fehlerhaften Anwendung: 0x01d28e0ebe166212
Pfad der fehlerhaften Anwendung: E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 5938a40e-fa0d-11e6-885f-1c6f65878e2c
Error: (02/23/2017 08:51:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x56130448
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x928
Startzeit der fehlerhaften Anwendung: 0x01d28e0c5078fbab
Pfad der fehlerhaften Anwendung: E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 68c4a91c-fa01-11e6-885f-1c6f65878e2c
Error: (02/22/2017 07:40:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamtray.exe, Version: 3.0.0.912, Zeitstempel: 0x58811d74
Name des fehlerhaften Moduls: mbamtray.exe, Version: 3.0.0.912, Zeitstempel: 0x58811d74
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00054645
ID des fehlerhaften Prozesses: 0x136c
Startzeit der fehlerhaften Anwendung: 0x01d28d3b1a9b3093
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Berichtskennung: 5c7334ee-f92e-11e6-a750-1c6f65878e2c
Error: (02/22/2017 07:34:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48ce8271-5b6e-4b27-b3a4-8019b5e3085c}
Error: (02/22/2017 07:34:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48ce8271-5b6e-4b27-b3a4-8019b5e3085c}
Error: (02/22/2017 07:34:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48ce8271-5b6e-4b27-b3a4-8019b5e3085c}
Error: (02/22/2017 07:32:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48ce8271-5b6e-4b27-b3a4-8019b5e3085c}
Error: (02/22/2017 07:30:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48ce8271-5b6e-4b27-b3a4-8019b5e3085c}
Systemfehler:
=============
Error: (02/28/2017 06:09:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
is3srv
szkg5
Error: (02/28/2017 06:09:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" ist vom Dienst "RAS-Verbindungsverwaltung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.
Error: (02/28/2017 06:09:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Error: (02/28/2017 06:09:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (02/28/2017 06:09:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.
Error: (02/28/2017 06:06:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst konnte wegen einer fehlerhaften Anmeldung nicht gestartet werden.
Error: (02/28/2017 06:06:59 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
Die Anforderung wird nicht unterstützt.
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (02/28/2017 06:06:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (02/28/2017 06:06:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/28/2017 06:05:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2016-07-23 17:52:09.662
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-07-23 17:52:09.622
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-07-23 17:52:09.584
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-07-23 17:52:09.546
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-02-13 07:49:15.211
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2016-02-13 07:49:15.186
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Speicherinformationen ===========================
Prozessor: AMD Phenom(tm) II X4 970 Processor
Prozentuale Nutzung des RAM: 28%
Installierter physikalischer RAM: 8189.55 MB
Verfügbarer physikalischer RAM: 5832.32 MB
Summe virtueller Speicher: 16377.29 MB
Verfügbarer virtueller Speicher: 14803.07 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:595.7 GB) (Free:351.23 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:800.78 GB) (Free:606.89 GB) NTFS
Drive e: () (Fixed) (Total:1398.03 GB) (Free:1007.27 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 000A31F2)
Partition 1: (Active) - (Size=595.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=800.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1398 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Habe mir jetzt ersatzweise Pale Moon installiert da der IE bei mir nicht funktioniert-hängt sich alle paar Minuten auf aber das war schon immer so bei meiner Kiste. Schönen abend noch. MFG, Schnarchnasä |
|
01.03.2017, 11:01
| #10 |
| /// TB-Ausbilder | Search.B1.org ,Popups und Werbe-weiterleitungen im Browser,Antivir/Adwcleaner finden nichts Servus, hast du alle deine Browser wie beschrieben zurückgesetzt? Wenn nicht, bitte nachholen! Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
DeleteKey: HKEY_CURRENT_USER\Software\CatalinaGroup
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71216BD6-4D03-4387-BD01-7FE8D9512541}
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}
DeleteKey: HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\PsychoMantis\AppData\Local\CatalinaGroup
DeleteKey: HKEY_CURRENT_USER\Software\Classes\CatalinaGroup.OneClickCtrl.9
DeleteKey: HKEY_CURRENT_USER\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser
DeleteKey: HKEY_CURRENT_USER\Software\Classes\CatalinaGroup.OneClickProcessLauncherUser.1.0
DeleteKey: HKEY_CURRENT_USER\Software\Classes\CatalinaGroup.Update3WebControl.3
DeleteKey: HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser
DeleteKey: HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.CredentialDialogUser.1.0
DeleteKey: HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser
DeleteKey: HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.OnDemandCOMClassUser.1.0
DeleteKey: HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser
DeleteKey: HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.Update3COMClassUser.1.0
DeleteKey: HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.Update3WebUser
DeleteKey: HKEY_CURRENT_USER\Software\Classes\CatalinaGroupUpdate.Update3WebUser.1.0
DeleteKey: HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-vnd.catalinahub.oneclickctrl.9
DeleteKey: HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-vnd.catalinahub.update3webcontrol.3
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{13660822-39AC-408C-BA99-702EBEE3EF26}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{2823499B-60F3-4940-8042-2C16D5829A39}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{390806A5-88C3-4BD6-B66A-40ED43D183D6}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{3C564FFE-55F7-43AC-886C-7E9E9091CB2A}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{6541F196-A2B8-449C-8741-CC884D8F0F89}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{71216BD6-4D03-4387-BD01-7FE8D9512541}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{73436A91-85A6-4850-A7D0-375C4E369A5A}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{A7232CBE-A4A6-4EE0-8E53-283490ECA031}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{C8362D5A-4303-4E22-8668-BB10D65B95BD}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{EF5751F9-BCAF-4203-A1BB-DF20470F9432}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{7C9F9415-9947-482C-A62B-24A0BD92B8A7}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{A1E6F38D-8C9E-4BDA-86A2-1940472A8429}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{A2589E53-1490-4C0A-BFC7-A47B7A88E3D8}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{F009E353-D4BD-42FE-994E-F6C315055F9B}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{FFC6ECB2-25E8-40EE-BF37-5AA25CBCBA63}
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a52\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nsv\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tac\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xa\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice|Progid
DeleteValue: HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\magnet\UserChoice|Progid
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2
Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?Bitte poste mit deiner nächsten Antwort
|
|
05.03.2017, 09:54
| #11 |
| /// TB-Ausbilder | Search.B1.org ,Popups und Werbe-weiterleitungen im Browser,Antivir/Adwcleaner finden nichts Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
| Themen zu Search.B1.org ,Popups und Werbe-weiterleitungen im Browser,Antivir/Adwcleaner finden nichts |
| angezeigt, anti-malware, browser, ebenfalls, entfernen, entfernt, enthalten, firefox, folge, gen, gestern, guten, hoffe, installer, malwarebytes, mauszeiger, nichts, opera, popups, rechner, seite, startseite, suchmaschine, sämtliche, werbung, ändern |
Linear-Darstellung
