| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-MailWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.03.2017, 09:35
| #1 |
 |  Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail Liebes Team, am Dienstag hat sich mein Laptop durch Öffnen des zip-Anhangs einer Phishing-Mail mit Adware und vermutlich Trojanern infiziert. Symptome kann ich nicht beschreiben, da ich den PC recht zügig vom Internet getrennt habe. Über einen sauberen PC habe ich Passwörter geändert und Bereinigungstools zusammengestellt. Folgendes habe ich bereits unternommen: Scan mit Malewarbytes im abgesicherten Modus: 13 Bedrohungen mit Bezeichnung „Adware Chin.Ad“ in Quarantäne verschoben Scan mit AdwCleaner im abgesicherten Modus: 45 Bedrohungen erfolgreich gelöscht JRT Scan im abgesicherten Modus: 86 Files gelöscht Erneuter Scan mit AdwCleaner ohne Fund Scan mit TDSSKiller im abgesicherten Modus ohne Fund Gestern ließ ich bereits ESET laufen, musste aber abbrechen aufgrund der Zeit. 28 Bedrohungen hatte er bereits erkannt. Heute morgen wollte ich den Scan vollständig machen, musste aber feststellen, dass der PC die Dateiefestplatte nicht mehr erkannte; ein Neustart behob das Problem. Aktueller FRST-Log: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von SYSTEM auf MININT-B55K94S (25-03-2017 09:09:26)
Gestartet von G:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11
Start-Modus: Recovery
Standard: ControlSet001
ACHTUNG!:=====> Wenn das System startfähig ist sollte FRST im normalen oder abgesicherten Modus ausgeführt werden, um ein vollständiges Ergebnis zu erhalten.
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Alle) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [167704 2011-06-20] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [392472 2011-06-20] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [416024 2011-06-20] (Intel Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-15] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-19] (Malwarebytes)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28065728 2017-03-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Winlogon: [Userinit] C:\Windows\System32\Userinit.exe, [30720 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2871808 2011-07-13] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2616320 2011-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - Keine Datei
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - Keine Datei
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-10]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-06-04]
ShortcutTarget: Telegram.lnk -> (Keine Datei)
BootExecute: autocheck autochk * sdnclean64.exe
AlternateShell: cmd.exe
==================== Dienste (Alle) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-02] (Adobe Systems Incorporated)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82640 2016-12-19] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [271960 2017-03-15] (Adobe Systems Incorporated)
S3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2015-10-29] (Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32768 2015-10-01] (Microsoft Corporation)
S3 Appinfo; C:\Windows\System32\appinfo.dll [70656 2015-06-15] (Microsoft Corporation)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [51808 2013-09-11] (Microsoft Corporation)
S2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680960 2015-02-02] (Microsoft Corporation)
S2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680960 2015-02-02] (Microsoft Corporation)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation)
S2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation)
S2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation)
S3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation)
S4 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
S4 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [67224 2014-03-20] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [105144 2013-09-11] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2013-09-11] (Microsoft Corporation)
S3 CryptSvc; C:\Windows\system32\cryptsvc.dll [188416 2015-04-27] (Microsoft Corporation)
S3 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [143872 2015-04-27] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-03-10] (Dropbox, Inc.)
S2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
S2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation)
S2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation)
S3 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-07-13] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation)
S3 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation)
S2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360 2011-06-30] (Dritek System Inc.)
S3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
S3 EFS; C:\Windows\System32\lsass.exe [31232 2015-10-19] (Microsoft Corporation)
S3 EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-06-21] (Egis Technology Inc. )
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation)
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation)
S2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [872552 2011-08-02] (Acer Incorporated)
S2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation)
S2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation)
S2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-13] (Microsoft Corporation)
S4 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation)
S3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation)
S3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [655624 2011-11-02] (Acresso Software Inc.)
S2 FontCache; C:\Windows\system32\FntCache.dll [1180160 2015-11-10] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
S2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation)
S2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456 2011-05-29] (Acer Incorporated)
S3 gusvc; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [136120 2011-05-09] (Google)
S3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
S3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation)
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation)
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation)
S3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592 2011-04-29] (Intel Corporation)
S4 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [859280 2014-06-30] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2015-11-08] (Microsoft Corporation)
S2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-11] (Microsoft Corporation)
S4 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation)
S4 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation)
S3 KeyIso; C:\Windows\system32\lsass.exe [31232 2015-10-19] (Microsoft Corporation)
S4 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation)
S2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation)
S2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation)
S2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation)
S3 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
S2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168 2011-02-01] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-19] (Malwarebytes)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation)
S3 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [172488 2017-03-20] (Mozilla Foundation)
S2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation)
S4 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2015-06-15] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2015-06-15] (Microsoft Corporation)
S4 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation)
S3 Netlogon; C:\Windows\system32\lsass.exe [31232 2015-10-19] (Microsoft Corporation)
S3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation)
S3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S2 NlaSvc; C:\Windows\System32\nlasvc.dll [303616 2014-12-05] (Microsoft Corporation)
S2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S2 nvsvc; C:\Windows\system32\nvvsvc.exe [884512 2013-06-21] (NVIDIA Corporation)
S2 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1826592 2013-05-16] (NVIDIA Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
S4 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation)
S2 PcaSvc; C:\Windows\System32\pcasvc.dll [188416 2015-02-02] (Microsoft Corporation)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation)
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft Corporation)
S2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation)
S4 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation)
S4 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation)
S2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
S2 ProfSvc; C:\Windows\system32\profsvc.dll [210432 2014-12-18] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2015-10-19] (Microsoft Corporation)
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-13] (Microsoft Corporation)
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation)
S2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation)
S2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
S2 SamSs; C:\Windows\system32\lsass.exe [31232 2015-10-19] (Microsoft Corporation)
S4 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation)
S2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2015-08-05] (Microsoft Corporation)
S4 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation)
S2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation)
S2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation)
S4 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation)
S4 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation)
S4 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation)
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation)
S3 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation)
S3 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation)
S4 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation)
S2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-10] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation)
S3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation)
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [1464096 2017-01-18] (Valve Corporation)
S2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation)
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
S2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2015-07-15] (Microsoft Corporation)
S4 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation)
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
S3 TermService; C:\Windows\System32\termsrv.dll [683520 2014-10-13] (Microsoft Corporation)
S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
S3 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation)
S3 TurboBoost; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [149504 2010-11-29] (Intel(R) Corporation)
S4 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation)
S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280 2011-02-01] (Intel Corporation)
S3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation)
S3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-13] (Microsoft Corporation)
S2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2015-10-19] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation)
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation)
S4 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation)
S3 WdiServiceHost; C:\Windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation)
S3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation)
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation)
S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation)
S3 WebClient; C:\Windows\System32\webclnt.dll [260096 2015-07-01] (Microsoft Corporation)
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [206848 2015-07-01] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation)
S4 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation)
S4 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-20] (Microsoft Corporation)
S2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2020352 2014-10-02] (Microsoft Corporation)
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1177088 2014-10-02] (Microsoft Corporation)
S2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation)
S4 wlcrasvc; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [57184 2010-09-22] (Microsoft Corporation)
S3 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292096 2011-03-28] (Microsoft Corp.)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)
S2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation)
S4 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation)
S4 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation)
S2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation)
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-05-03] (Microsoft Corporation)
S2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\wuaueng.dll [2609152 2015-11-20] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation)
S4 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-27] (Microsoft Corporation)
S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S2 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-14] (Avira Operations GmbH & Co. KG)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-14] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-12] (Avira Operations GmbH & Co. KG)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-23] ()
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-25] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-21] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-25] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-25] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-25] (Malwarebytes)
S0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-18] (Corel Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-24 23:44 - 2017-03-24 23:57 - 00000000 ____D C:\users\TEMP
2017-03-24 12:51 - 2017-03-24 12:51 - 00000000 ____D C:\Program Files (x86)\ESET
2017-03-24 12:43 - 2017-03-24 12:50 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\AVAST Software
2017-03-24 12:39 - 2017-03-24 12:40 - 00219870 _____ C:\TDSSKiller.3.1.0.12_24.03.2017_21.39.23_log.txt
2017-03-24 12:31 - 2017-03-24 12:31 - 00013808 _____ C:\Users\Mandragora\Desktop\JRT.txt
2017-03-24 12:26 - 2017-03-24 12:22 - 01663904 _____ (Malwarebytes) C:\Users\Mandragora\Desktop\JRT.exe
2017-03-24 11:17 - 2017-03-25 00:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-24 11:17 - 2017-03-24 11:53 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-24 11:17 - 2017-03-24 11:17 - 00001343 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-03-24 11:17 - 2013-09-20 01:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2017-03-24 11:13 - 2017-03-24 11:13 - 00005627 _____ C:\Users\Mandragora\Desktop\AdwCleaner[C0].txt
2017-03-24 10:37 - 2017-03-24 08:46 - 02870984 _____ (ESET) C:\Users\Mandragora\Desktop\esetsmartinstaller_deu.exe
2017-03-24 10:37 - 2017-03-24 08:43 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mandragora\Desktop\spybot-2.4.40.exe
2017-03-24 10:37 - 2017-03-24 08:37 - 04031440 _____ C:\Users\Mandragora\Desktop\AdwCleaner_6.044.exe
2017-03-21 14:58 - 2017-03-25 09:09 - 00000000 ____D C:\FRST
2017-03-21 07:11 - 2017-03-21 07:11 - 00109259 _____ C:\Users\Mandragora\Desktop\TDSSKiller Report.alt.txt
2017-03-21 06:55 - 2017-03-21 07:12 - 00218608 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_15.55.26_log.txt
2017-03-21 06:54 - 2017-03-21 06:54 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Mandragora\Desktop\tdsskiller.exe
2017-03-21 05:14 - 2017-03-25 00:01 - 00186304 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys
2017-03-21 05:14 - 2017-03-25 00:01 - 00082208 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2017-03-21 05:14 - 2017-03-25 00:01 - 00043968 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2017-03-21 05:14 - 2017-03-25 00:00 - 00251840 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-03-21 05:14 - 2017-03-21 05:44 - 00111544 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2017-03-21 05:13 - 2017-03-21 05:13 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-21 05:13 - 2017-03-21 05:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-21 05:13 - 2017-02-23 21:23 - 00077408 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-03-20 06:11 - 2017-03-20 06:11 - 00000000 ____D C:\Users\Mandragora\Documents\Uru Live
2017-03-20 06:07 - 2017-03-20 06:07 - 00001640 _____ C:\Users\Mandragora\.recently-used.xbel
2017-03-14 03:15 - 2017-03-14 09:46 - 00000000 ____D C:\Users\Mandragora\Desktop\ebayFotos
2017-03-10 15:17 - 2017-03-10 15:17 - 00046408 _____ (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
2017-03-10 15:17 - 2017-03-10 15:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-stable.sys
2017-03-10 15:17 - 2017-03-10 15:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-dev.sys
2017-03-10 15:17 - 2017-03-10 15:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-canary.sys
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-25 00:02 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-25 00:01 - 2009-07-13 20:45 - 00024400 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-25 00:01 - 2009-07-13 20:45 - 00024400 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-25 00:00 - 2016-06-04 06:21 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Telegram Desktop
2017-03-24 23:59 - 2015-08-15 23:04 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-24 23:59 - 2012-01-06 10:50 - 00000000 ____D C:\ProgramData\clear.fi
2017-03-24 23:58 - 2016-02-06 08:35 - 00001218 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-24 23:58 - 2013-06-13 00:32 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2017-03-24 23:58 - 2013-06-02 12:42 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-03-24 23:56 - 2011-11-02 18:28 - 00699682 _____ C:\Windows\System32\perfh007.dat
2017-03-24 23:56 - 2011-11-02 18:28 - 00149790 _____ C:\Windows\System32\perfc007.dat
2017-03-24 23:56 - 2009-07-13 21:13 - 01620684 _____ C:\Windows\System32\PerfStringBackup.INI
2017-03-24 23:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-03-24 23:54 - 2015-02-09 04:06 - 00000000 ____D C:\AdwCleaner
2017-03-24 23:49 - 2015-07-18 07:32 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-24 23:42 - 2016-02-06 08:35 - 00001222 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-24 14:36 - 2014-08-04 03:57 - 00000000 ___RD C:\Users\Mandragora\Desktop\AW
2017-03-24 12:59 - 2016-02-06 08:41 - 00000000 ___RD C:\Users\Mandragora\Dropbox
2017-03-24 12:58 - 2016-02-06 08:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-24 12:39 - 2015-02-09 02:25 - 970902040 _____ C:\Windows\ntbtlog.txt
2017-03-24 11:09 - 2016-11-18 01:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-24 11:09 - 2012-04-22 12:56 - 00000000 ____D C:\ProgramData\ICQ
2017-03-24 10:43 - 2012-01-07 17:19 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Adobe
2017-03-21 08:17 - 2013-05-29 05:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\vlc
2017-03-21 07:08 - 2014-08-05 01:01 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-21 06:49 - 2016-11-19 00:36 - 00000000 ____D C:\Users\Mandragora\AppData\LocalLow\Mozilla
2017-03-21 05:13 - 2012-01-06 09:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-21 05:12 - 2016-10-26 02:28 - 00000000 ____D C:\Users\Mandragora\Desktop\MA
2017-03-21 05:05 - 2016-11-18 11:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-03-21 05:05 - 2012-05-08 02:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 06:08 - 2012-02-19 14:46 - 00000000 ____D C:\Users\Mandragora\.gimp-2.6
2017-03-20 06:07 - 2012-02-19 14:48 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\gtk-2.0
2017-03-20 06:07 - 2012-01-06 08:29 - 00000000 ____D C:\users\Mandragora
2017-03-16 10:01 - 2016-02-29 13:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\avidemux
2017-03-16 04:14 - 2016-11-25 13:50 - 00000000 ___RD C:\Users\Mandragora\Desktop\Fragmente der Erinnerung
2017-03-15 02:02 - 2013-03-19 01:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 02:02 - 2013-03-19 01:31 - 00004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 02:02 - 2013-03-19 01:31 - 00000000 ____D C:\Windows\System32\Macromed
2017-03-15 02:02 - 2011-08-11 23:32 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 02:02 - 2011-08-11 23:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-12 03:49 - 2014-08-18 09:35 - 00000132 _____ C:\Users\Mandragora\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2017-03-11 11:55 - 2016-01-15 12:42 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\TS3Client
2017-03-09 13:13 - 2016-02-06 08:35 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Dropbox
2017-03-07 12:44 - 2013-04-09 06:18 - 00000000 ___RD C:\Users\Mandragora\Desktop\ALEA
2017-03-06 14:07 - 2014-03-04 06:02 - 00004096 ____H C:\Users\Mandragora\AppData\Local\keyfile3.drm
2017-02-25 10:12 - 2012-01-07 07:29 - 00000000 ___RD C:\Users\Mandragora\Desktop\Studium
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Mandragora\fbchathistory.dat
C:\Users\Public\AlexaNSISPlugin.3912.dll
Einige Dateien in TEMP:
====================
2013-01-28 14:20 - 2013-01-28 14:20 - 0248008 _____ (Ask.com) C:\Users\Mandragora\AppData\Local\Temp\AskSLib.dll
2012-01-06 09:04 - 2012-01-06 09:04 - 3486088 _____ (Ask) C:\Users\Mandragora\AppData\Local\Temp\asktoolbar.exe
2005-10-18 13:47 - 2005-10-18 13:47 - 0733184 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRun.exe
2012-01-06 14:41 - 2005-10-10 13:32 - 0573440 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRunGUI.dll
2013-10-07 03:40 - 2014-08-05 01:01 - 0000000 ____D () C:\Users\Mandragora\AppData\Local\Temp\avgnt.exe
2012-10-10 10:53 - 2012-10-10 10:53 - 0255072 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Mandragora\AppData\Local\Temp\avguidx.dll
2015-11-12 09:15 - 2015-11-12 09:15 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BingSvc.exe
2015-04-30 14:06 - 2015-11-12 09:15 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcProcessor.exe
2015-04-30 14:06 - 2015-11-12 09:15 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcUpdater.exe
2012-01-06 09:03 - 2012-01-06 09:03 - 0334848 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\BunndleOfferManager.dll
2012-10-10 10:53 - 2012-10-10 10:53 - 4720736 _____ () C:\Users\Mandragora\AppData\Local\Temp\CommonInstaller.exe
2014-07-16 01:24 - 2014-07-16 01:24 - 0026936 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x64.dll
2014-07-16 01:24 - 2014-07-16 01:24 - 0028984 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x86.dll
2012-04-08 01:39 - 2012-04-08 01:40 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\EADEB76.exe
2012-02-02 02:32 - 2007-06-03 12:59 - 0879688 _____ () C:\Users\Mandragora\AppData\Local\Temp\EAInstall.dll
2012-02-02 02:37 - 2005-10-18 13:47 - 0339968 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\eauninstall.exe
2001-09-28 17:30 - 2001-09-28 17:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU17A7.exe
2001-09-28 17:30 - 2001-09-28 17:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2BB3.exe
2001-10-11 03:01 - 2001-10-11 03:01 - 4091904 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2E80.DLL
2001-09-28 17:30 - 2001-09-28 17:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU41B.exe
2001-09-28 17:30 - 2001-09-28 17:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU4A4.exe
2001-09-28 17:30 - 2001-09-28 17:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU524.exe
2001-09-28 17:30 - 2001-09-28 17:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBUEF0.exe
2012-01-18 13:44 - 2004-08-18 00:33 - 1453843 ____R (Macromedia, Inc.) C:\Users\Mandragora\AppData\Local\Temp\First15.exe
2013-03-19 01:34 - 2013-03-19 01:34 - 16486616 _____ (Adobe Systems Incorporated) C:\Users\Mandragora\AppData\Local\Temp\fp_pl_pfs_installer.exe
2012-01-06 10:04 - 2012-01-06 10:04 - 3763360 _____ (Adobe Systems, Inc.) C:\Users\Mandragora\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
2012-02-02 02:32 - 2007-06-03 12:59 - 0109640 _____ (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\GameuxInstallHelper.dll
2015-02-09 02:41 - 2005-09-18 05:52 - 0073728 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\Harry Potter and the Goblet of Fire_uninst.exe
2012-10-10 10:53 - 2012-10-10 10:53 - 0163936 _____ () C:\Users\Mandragora\AppData\Local\Temp\MachineIdCreator.exe
2014-01-19 08:59 - 2003-10-06 10:59 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\MakeFilesHidden.exe
2012-10-10 10:53 - 2012-10-10 10:53 - 12143200 _____ () C:\Users\Mandragora\AppData\Local\Temp\oi_{58DB1360-58CA-435F-A459-597FDDFC2474}.exe
2014-01-19 08:59 - 2003-10-06 10:58 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\OpenTxtFile.exe
2012-03-26 10:14 - 2012-03-26 10:14 - 14763880 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_413e.exe
2013-04-02 03:43 - 2013-04-02 03:43 - 14809416 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_5fe.exe
2012-03-09 06:53 - 2012-03-09 06:53 - 14739304 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_7759.exe
2014-11-08 00:33 - 2015-01-25 12:19 - 0553984 _____ () C:\Users\Mandragora\AppData\Local\Temp\Quarantine.exe
2014-08-04 03:43 - 2014-08-04 03:42 - 0111104 _____ () C:\Users\Mandragora\AppData\Local\Temp\readSTILog.dll
2014-07-16 01:24 - 2014-07-16 01:24 - 0032568 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-win32.dll
2014-07-16 01:24 - 2014-07-16 01:24 - 0032056 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-x64.dll
2014-01-19 08:59 - 2003-10-06 10:57 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\ShellEx.exe
2012-06-07 09:00 - 2014-08-12 11:21 - 35595360 _____ (Skype Technologies S.A.) C:\Users\Mandragora\AppData\Local\Temp\SkypeSetup.exe
2015-05-03 11:39 - 2015-05-03 11:40 - 36124056 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011080.exe
2015-11-04 09:52 - 2015-11-04 09:53 - 39228760 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011541.exe
2017-02-28 00:16 - 2017-02-28 00:18 - 42463240 _____ (Digital Wave Ltd ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34013494.exe
2016-03-25 02:19 - 2016-03-25 02:21 - 40830448 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34015287.exe
2016-08-09 01:11 - 2016-08-09 01:11 - 42463240 _____ (Digital Wave Ltd ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34018299.exe
2016-06-30 08:47 - 2016-06-30 08:48 - 41478784 _____ (Digital Wave Ltd ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34019719.exe
2012-10-10 10:53 - 2012-10-10 10:53 - 8212064 _____ () C:\Users\Mandragora\AppData\Local\Temp\ToolbarInstaller.exe
2009-03-28 13:08 - 2009-03-28 13:08 - 0195056 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\UninstallEADM.dll
2012-01-18 13:44 - 2004-08-18 00:34 - 0023040 ____R () C:\Users\Mandragora\AppData\Local\Temp\VP6Install.exe
2012-01-18 13:44 - 2004-08-18 00:34 - 0442368 ____R (On2.com) C:\Users\Mandragora\AppData\Local\Temp\VP6VFW.dll
2012-01-06 09:04 - 2012-01-06 09:05 - 13657088 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe
==================== Known DLLs (Nicht auf der Ausnahmeliste) =========================
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\System32\winlogon.exe => MD5 ist legitim
C:\Windows\System32\wininit.exe => MD5 ist legitim
C:\Windows\SysWOW64\wininit.exe => MD5 ist legitim
C:\Windows\explorer.exe => MD5 ist legitim
C:\Windows\SysWOW64\explorer.exe => MD5 ist legitim
C:\Windows\System32\svchost.exe => MD5 ist legitim
C:\Windows\SysWOW64\svchost.exe => MD5 ist legitim
C:\Windows\System32\services.exe => MD5 ist legitim
C:\Windows\System32\User32.dll => MD5 ist legitim
C:\Windows\SysWOW64\User32.dll => MD5 ist legitim
C:\Windows\System32\userinit.exe => MD5 ist legitim
C:\Windows\SysWOW64\userinit.exe => MD5 ist legitim
C:\Windows\System32\rpcss.dll => MD5 ist legitim
C:\Windows\System32\dnsapi.dll => MD5 ist legitim
C:\Windows\SysWOW64\dnsapi.dll => MD5 ist legitim
C:\Windows\System32\Drivers\volsnap.sys => MD5 ist legitim
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============
==================== Wiederherstellungspunkte =========================
Wiederherstellungspunkt Datum: 2017-03-10 03:52
Wiederherstellungspunkt Datum: 2017-03-17 03:21
Wiederherstellungspunkt Datum: 2017-03-22 11:45
Wiederherstellungspunkt Datum: 2017-03-24 13:06
==================== Speicherinformationen ===========================
Prozentuale Nutzung des RAM: 18%
Installierter physikalischer RAM: 3947.86 MB
Verfügbarer physikalischer RAM: 3201.63 MB
Summe virtueller Speicher: 3946.06 MB
Verfügbarer virtueller Speicher: 3197.14 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:116.07 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:18 GB) (Free:3.33 GB) NTFS
Drive g: (SCARAB) (Removable) (Total:3.91 GB) (Free:3.45 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1BCD5BD1)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.9 GB) (Disk ID: CD152345)
Partition 1: (Active) - (Size=3.9 GB) - (Type=0B)
LastRegBack: 2017-03-17 03:24
==================== Ende von FRST.txt ============================
Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von Mandragora (21-03-2017 15:28:07)
Gestartet von E:\
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-06 16:29:27)
Start-Modus: Safe Mode (minimal)
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-910591887-2798395287-988946140-500 - Administrator - Disabled)
Gast (S-1-5-21-910591887-2798395287-988946140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-910591887-2798395287-988946140-1003 - Limited - Enabled)
Mandragora (S-1-5-21-910591887-2798395287-988946140-1001 - Administrator - Enabled) => C:\Users\Mandragora
UpdatusUser (S-1-5-21-910591887-2798395287-988946140-1004 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version: - Spicy Horse Games)
Antichamber (HKLM\...\Steam App 219890) (Version: - Alexander Bruce)
Antichamber (HKLM\...\UDK-03d800e5-0cb9-4097-934c-b65f9cb978bc) (Version: - Epic Games, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Blender (HKLM\...\{3ABDE236-0A3F-4D0D-BECB-DB67EE21C593}) (Version: 2.77.0 - Blender Foundation)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Discord (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-910591887-2798395287-988946140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212017152000318\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper 2) (Version: - )
Electronic Arts Product Registration (HKLM-x32\...\InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}) (Version: 1.01.0000 - Electronic Arts)
Electronic Arts Product Registration (x32 Version: 1.01.0000 - Electronic Arts) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
EXMARaLDA 1.9 (HKLM-x32\...\EXMARaLDA_is1) (Version: - Thomas Schmidt, Kai Woerner, Timm Lehmberg, Hanna Hedeland)
f.lux (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Flux) (Version: - )
f.lux (HKU\S-1-5-21-910591887-2798395287-988946140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212017152000318\...\Flux) (Version: - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 52.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 de)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
Myst Online: Uru Live (remove only) (HKLM-x32\...\MOUL) (Version: - )
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
realMyst (HKLM-x32\...\Steam App 63600) (Version: - Cyan Worlds)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Rememoried (HKLM\...\Steam App 368450) (Version: - Vladimir Kudelka)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Sony PC Companion (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-910591887-2798395287-988946140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212017152000318\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Telegram Desktop version 1.0.14 (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP)
Telegram Desktop version 1.0.14 (HKU\S-1-5-21-910591887-2798395287-988946140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212017152000318\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP)
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
UDPixel.exe (HKLM-x32\...\UDPixel) (Version: - )
Uru - Ages Beyond Myst (HKLM-x32\...\Uru - Ages Beyond Myst) (Version: 1.0.0.0 - ubi.com)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1074EB25-B430-4337-BA99-EEC5ED58CBB7} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {2D04712F-98CD-45EC-A93C-81AF858F27D8} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
Task: {2D840F2C-F801-4B70-B60B-2B3C0FC281EE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {38AB495B-06AD-4576-8F08-654CE683FB3B} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {41B2EC03-DD3F-40AE-B427-53CEF1552856} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {44A38F1C-2804-49F0-9E90-23FC769A4071} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {506E0C36-3A40-4735-8DD9-7330B66DDA22} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {6A3DD29B-BD60-4503-A9F0-18B4D91C6762} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: {6B062F60-CC7C-4344-85C3-F16FCC7A2A61} - System32\Tasks\AdobeAAMUpdater-1.0-acerAspire-Mandragora => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {878E6941-0A1E-41E1-8876-4D566C9ECF23} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {93F5ED5B-41F9-4C81-9D19-7811DFACCE78} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {CF89131E-D69D-4419-A8BE-F322CF3AA529} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {EDC0473E-1B12-4AE5-975B-09C5E538A8C3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {F3A3CC50-29C6-4F72-8778-6C8980DF0411} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Meine Websites auf MSN\target.lnk -> hxxp://www.msnusers.co
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2017-03-21 14:13 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Mandragora\Desktop\MA:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1525.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1723.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL2518.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL3615.tmp:com.dropbox.attributes [168]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-910591887-2798395287-988946140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212017152000318\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{8D117281-4ECC-4D19-9A59-9498F7049ABB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C0DE20F1-3440-46BD-9197-A8685EB04C4B}] => (Allow) LPort=2869
FirewallRules: [{14C5742C-BF4C-4731-812B-14F870F6F9A2}] => (Allow) LPort=1900
FirewallRules: [{D8793EF8-B554-4D44-8902-432762F4DFA1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4080E16E-1E76-4968-B921-5DF209A535C7}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E80B59D9-F81C-4F5F-8292-2C812AC1E6F1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9285B7C0-4A2C-4D66-B888-7007B8F102A4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9F1855DD-5903-48DF-BE88-6208B718D06C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{A0EB8BE4-5FA2-4789-B8CB-383F57867C70}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{D4315AE7-D9C3-4EEE-AB80-92E6DFDDDCA2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{1BA4D3BD-94CE-4217-903C-31389FABCAE4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{90EA422D-F8D3-45AF-9245-892B2C136ED2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{BE9A9460-6078-437A-A167-90F2C5E501BC}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{D976413F-D66E-417A-BB73-4CC8CEB44FF8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{C6452A2D-E8E1-4C9E-80D9-7AC71E440F7F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [TCP Query User{2CC2C2BA-03D8-4D03-99FC-FB0BDF2F23C6}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [UDP Query User{8FCC3D8A-EE00-451F-AF68-EAFCF22F6825}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [TCP Query User{27B2111E-D0DF-4697-8FD6-B51EAC1A1C67}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{F2849A07-BE71-47A6-8473-77BF115418C4}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{4535CEA3-CC0E-4AC7-815A-C086DB030FD5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5AA8A058-2530-4203-AC67-7A983D159AA4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F938FAA4-2AF2-489A-ABE2-1CB0C89F0884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0640F3D-0672-4696-8C7D-DAC1642D5189}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A933A339-8EF5-4CE4-AB80-B7120D8AD34D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{96EF1256-DD44-456A-BEB3-4FCA497F5F4D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5F34E618-2483-4E2D-9B56-753A6B271719}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{641A77A7-ECBE-424F-AB5F-1156DA6330FD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{402BA76D-02C5-458E-BB2E-C60036F5D793}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1F7841DF-8A25-40E3-9544-3107E0620873}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EFF70E2A-C1E2-4D17-9B12-860F82A572CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{F3E2C821-CD8E-4A6B-AEBD-EC97AEDEEDBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{04E0FF11-3A03-4908-98D7-8AAD30B2F09E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{D92D7B03-6763-4DAB-AE0E-68EC21C36650}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{7EDD9AA7-2FDD-4C1B-8F90-B505CF9A2877}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86A9C794-2D65-4423-B45C-7C01B99D4606}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{798A6D6F-CBCC-47EF-8ED6-075942B1E1EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{38E294B4-31CC-4F35-8B5A-7EEF3EEB3D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{91AA941D-965F-4FDB-A9D1-BCE8FA795C9C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{901FE775-BE28-4B27-84E6-1870E7C69FF6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{01431CD5-4F5B-484F-8F1F-99D9228C496E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{3C658FEC-5396-454A-92FF-0E2A08A29295}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{466A95DE-0CA3-4A02-9014-F26D2E11A26E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{B2221D6B-A8BD-4BB1-8422-005277358460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{8D24CF49-CF38-468F-9D4F-16CA23E8B810}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Wiederherstellungspunkte =========================
02-03-2017 11:53:33 Windows Update
10-03-2017 12:51:12 Windows Update
17-03-2017 12:20:57 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/21/2017 03:20:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/21/2017 02:43:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/21/2017 02:33:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/21/2017 02:06:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/20/2017 09:53:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 52.0.0.6270, Zeitstempel: 0x58b88eeb
Name des fehlerhaften Moduls: mozglue.dll, Version: 52.0.0.6270, Zeitstempel: 0x58b88a72
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000f775
ID des fehlerhaften Prozesses: 0xf0c
Startzeit der fehlerhaften Anwendung: 0x01d2a0d9af4f8acf
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: 54623b41-0daf-11e7-ad90-dc0ea103d22b
Error: (03/20/2017 06:26:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Name des fehlerhaften Moduls: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00194a9a
ID des fehlerhaften Prozesses: 0x3128
Startzeit der fehlerhaften Anwendung: 0x01d2a19d726ee7fa
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Berichtskennung: 67569e02-0d92-11e7-ad90-dc0ea103d22b
Error: (03/20/2017 06:13:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Name des fehlerhaften Moduls: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00194a9a
ID des fehlerhaften Prozesses: 0x20f0
Startzeit der fehlerhaften Anwendung: 0x01d2a19d08822e8d
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Berichtskennung: 7c9ab445-0d90-11e7-ad90-dc0ea103d22b
Error: (03/20/2017 06:11:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Name des fehlerhaften Moduls: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00194a9a
ID des fehlerhaften Prozesses: 0x2afc
Startzeit der fehlerhaften Anwendung: 0x01d2a19cdf21fe25
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Berichtskennung: 3bbd4af0-0d90-11e7-ad90-dc0ea103d22b
Error: (03/20/2017 06:10:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Name des fehlerhaften Moduls: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00190ecb
ID des fehlerhaften Prozesses: 0x25bc
Startzeit der fehlerhaften Anwendung: 0x01d2a19c4582a3bc
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Berichtskennung: 1517d7f3-0d90-11e7-ad90-dc0ea103d22b
Error: (03/19/2017 06:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Name des fehlerhaften Moduls: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00194a9a
ID des fehlerhaften Prozesses: 0x31f0
Startzeit der fehlerhaften Anwendung: 0x01d2a0d3d0179734
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Berichtskennung: acc7d623-0ccb-11e7-ad90-dc0ea103d22b
Systemfehler:
=============
Error: (03/21/2017 03:19:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.
Error: (03/21/2017 03:19:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.
Error: (03/21/2017 03:19:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.
Error: (03/21/2017 03:19:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.
Error: (03/21/2017 03:19:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.
Error: (03/21/2017 03:19:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.
Error: (03/21/2017 03:19:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Bei DCOM ist der Fehler "1084" aufgetreten, als der Dienst "WSearch" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (03/21/2017 03:19:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Bei DCOM ist der Fehler "1084" aufgetreten, als der Dienst "WSearch" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (03/21/2017 03:19:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.
Error: (03/21/2017 03:19:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 3947.86 MB
Verfügbarer physikalischer RAM: 2918.44 MB
Summe virtueller Speicher: 7893.93 MB
Verfügbarer virtueller Speicher: 6944.75 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:117.55 GB) NTFS
Drive e: (SCARAB) (Removable) (Total:3.91 GB) (Free:3.85 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1BCD5BD1)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.9 GB) (Disk ID: CD152345)
Partition 1: (Active) - (Size=3.9 GB) - (Type=0B)
==================== Ende von Addition.txt ============================
Ich bin dankbar für jede Hilfe und hoffe, dass sich etwas machen lässt.  Liebe Grüße, Hexx Geändert von Hexx_ (25.03.2017 um 10:23 Uhr) |
|
25.03.2017, 14:59
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail Warum wurde FRST nicht im normalen Modus gemacht?
__________________Zitat:
__________________ |
|
25.03.2017, 15:40
| #3 |
| | Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail Hallo cosinus und vielen Dank schonmal für deine schnelle Antwort
__________________Ich habe die Tools im abgesicherten Modus ausgeführt, weil ich dachte, es sei so sicherer. Hier die Logs: TDSSKiller Code:
ATTFilter 15:55:26.0813 0x074c TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
15:55:38.0017 0x074c ============================================================
15:55:38.0017 0x074c Current date / time: 2017/03/21 15:55:38.0017
15:55:38.0017 0x074c SystemInfo:
15:55:38.0017 0x074c
15:55:38.0017 0x074c OS Version: 6.1.7601 ServicePack: 1.0
15:55:38.0017 0x074c Product type: Workstation
15:55:38.0018 0x074c ComputerName: ACERASPIRE
15:55:38.0019 0x074c UserName: Mandragora
15:55:38.0019 0x074c Windows directory: C:\Windows
15:55:38.0019 0x074c System windows directory: C:\Windows
15:55:38.0019 0x074c Running under WOW64
15:55:38.0019 0x074c Processor architecture: Intel x64
15:55:38.0019 0x074c Number of processors: 4
15:55:38.0019 0x074c Page size: 0x1000
15:55:38.0019 0x074c Boot type: Normal boot
15:55:38.0019 0x074c CodeIntegrityOptions = 0x00000001
15:55:38.0019 0x074c ============================================================
15:55:39.0963 0x074c KLMD registered as C:\Windows\system32\drivers\30382229.sys
15:55:39.0963 0x074c KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.19045, osProperties = 0x1
15:55:41.0413 0x074c System UUID: {EB296025-599C-D117-E978-4BAA8C6F6251}
15:55:43.0116 0x074c Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:55:43.0126 0x074c ============================================================
15:55:43.0126 0x074c \Device\Harddisk0\DR0:
15:55:43.0126 0x074c MBR partitions:
15:55:43.0126 0x074c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
15:55:43.0126 0x074c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x22FFB800
15:55:43.0126 0x074c ============================================================
15:55:43.0172 0x074c C: <-> \Device\Harddisk0\DR0\Partition2
15:55:43.0172 0x074c ============================================================
15:55:43.0173 0x074c Initialize success
15:55:43.0173 0x074c ============================================================
15:56:17.0724 0x0cf4 ============================================================
15:56:17.0724 0x0cf4 Scan started
15:56:17.0724 0x0cf4 Mode: Manual; SigCheck; TDLFS;
15:56:17.0724 0x0cf4 ============================================================
15:56:17.0724 0x0cf4 KSN ping started
15:56:21.0744 0x0cf4 KSN ping finished: true
15:56:24.0402 0x0cf4 ================ Scan system memory ========================
15:56:24.0402 0x0cf4 System memory - ok
15:56:24.0404 0x0cf4 ================ Scan services =============================
15:56:24.0709 0x0cf4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:56:25.0241 0x0cf4 1394ohci - ok
15:56:26.0126 0x0cf4 [ A3769020F7E8A70FD3E824C050F33306, BAAB18DD28C753EC90E9552BD5FFC316AD8815505A7998BCE51D21448B373D86 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
15:56:26.0242 0x0cf4 acedrv11 - ok
15:56:26.0341 0x0cf4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:56:26.0405 0x0cf4 ACPI - ok
15:56:26.0461 0x0cf4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:56:26.0737 0x0cf4 AcpiPmi - ok
15:56:26.0952 0x0cf4 [ 4BA3BFF03B1A10E49B590BE3C4D79C10, 54D0159ACD6FB93EE08CBB2C7BA13DC3ECD131EE26E07E53040FB3976CC4FBAE ] AdobeActiveFileMonitor12.0 C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
15:56:27.0019 0x0cf4 AdobeActiveFileMonitor12.0 - ok
15:56:27.0323 0x0cf4 [ 52997B1282BDAFC4275874B8990F9BE3, CFC4CD1EA75ADFC94E0B5623DDBBE38FC72162217DBEDB07EF5243CE5EEBEA4E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:56:27.0379 0x0cf4 AdobeARMservice - ok
15:56:27.0746 0x0cf4 [ 7EB7A3B01751889C6459C51A74CC87FA, 088EF5CA10D439905822A3DFFEFD2D3416198F10EAAF8C235771CDB3DF86E82C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:56:27.0827 0x0cf4 AdobeFlashPlayerUpdateSvc - ok
15:56:27.0910 0x0cf4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:56:28.0006 0x0cf4 adp94xx - ok
15:56:28.0070 0x0cf4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:56:28.0146 0x0cf4 adpahci - ok
15:56:28.0217 0x0cf4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:56:28.0293 0x0cf4 adpu320 - ok
15:56:28.0341 0x0cf4 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:56:28.0493 0x0cf4 AeLookupSvc - ok
15:56:28.0639 0x0cf4 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
15:56:28.0794 0x0cf4 AFD - ok
15:56:28.0879 0x0cf4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
15:56:29.0071 0x0cf4 agp440 - ok
15:56:29.0149 0x0cf4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
15:56:29.0382 0x0cf4 ALG - ok
15:56:29.0477 0x0cf4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
15:56:29.0571 0x0cf4 aliide - ok
15:56:29.0628 0x0cf4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
15:56:29.0712 0x0cf4 amdide - ok
15:56:29.0800 0x0cf4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:56:29.0926 0x0cf4 AmdK8 - ok
15:56:29.0977 0x0cf4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:56:30.0093 0x0cf4 AmdPPM - ok
15:56:30.0157 0x0cf4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:56:30.0212 0x0cf4 amdsata - ok
15:56:30.0294 0x0cf4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:56:30.0350 0x0cf4 amdsbs - ok
15:56:30.0393 0x0cf4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:56:30.0454 0x0cf4 amdxata - ok
15:56:30.0925 0x0cf4 [ 98D7647EF729503A60EF870DA5C21D0D, 7E36E8E3D9D0BD940DC225E1DB7EFD90F76F7BE8DCAD9782255556C31D6FD476 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
15:56:31.0108 0x0cf4 AntiVirMailService - ok
15:56:31.0273 0x0cf4 [ 229E752A26B53E155524D6530B95CDD4, B4D3DEA52860143D16A57EBA31CD3394B8B4FEA642EB3A736C8388447AB7E0E9 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:56:31.0377 0x0cf4 AntiVirSchedulerService - ok
15:56:31.0529 0x0cf4 [ 229E752A26B53E155524D6530B95CDD4, B4D3DEA52860143D16A57EBA31CD3394B8B4FEA642EB3A736C8388447AB7E0E9 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:56:31.0619 0x0cf4 AntiVirService - ok
15:56:31.0882 0x0cf4 [ F2B26CD2305E917B1EA1BF49E0C59E31, 8CCE64C68B80D56C7604DB6ABD187F66C624462328F4886C607F0A46D8E9DE92 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
15:56:32.0094 0x0cf4 AntiVirWebService - ok
15:56:32.0166 0x0cf4 [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys
15:56:32.0266 0x0cf4 AppID - ok
15:56:32.0290 0x0cf4 [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:56:32.0406 0x0cf4 AppIDSvc - ok
15:56:32.0483 0x0cf4 [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
15:56:32.0586 0x0cf4 Appinfo - ok
15:56:32.0629 0x0cf4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
15:56:32.0703 0x0cf4 arc - ok
15:56:32.0734 0x0cf4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:56:32.0789 0x0cf4 arcsas - ok
15:56:32.0973 0x0cf4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:56:33.0311 0x0cf4 aspnet_state - ok
15:56:33.0369 0x0cf4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:56:33.0732 0x0cf4 AsyncMac - ok
15:56:33.0784 0x0cf4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
15:56:33.0853 0x0cf4 atapi - ok
15:56:34.0188 0x0cf4 [ 956BC6EB96AA09478BD897AF8DF55A62, 07221CE77A08BF44AEEC5B65BD9991920853DD69592FFEAF86A63B70DB988796 ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:56:34.0628 0x0cf4 athr - ok
15:56:34.0723 0x0cf4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:56:35.0052 0x0cf4 AudioEndpointBuilder - ok
15:56:35.0125 0x0cf4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:56:35.0262 0x0cf4 AudioSrv - ok
15:56:35.0351 0x0cf4 [ 8369A6E2611D2BA79871B655A650DE59, 101C8C660F0720CAF501EE108209C792933F6907B1A15321ADDE7C247BDA8211 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:56:35.0482 0x0cf4 avgntflt - ok
15:56:35.0595 0x0cf4 [ 68430AD3FB0FADBFA5D1677617D1E1F5, CF732DD21B472653AB0A4063455F2E7608F3075C255B9882D18CB52026B6C972 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
15:56:35.0705 0x0cf4 avgtp - ok
15:56:35.0795 0x0cf4 [ 5FEFD9961A750C395D3A6AD1985B05B2, 31C3B9EDE4C49ED433BE19CD6A1B74F54947FC1DCA3886A83A281F6E8CA02FF0 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:56:35.0882 0x0cf4 avipbb - ok
15:56:36.0025 0x0cf4 [ 2AEE4D1D7E668F1CCF97EDE93509B0EE, B082B3BBB27D3C8B26A754508C3B98BA803FEA707898FF18A120D6A2679098DF ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
15:56:36.0149 0x0cf4 Avira.ServiceHost - ok
15:56:36.0247 0x0cf4 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:56:36.0309 0x0cf4 avkmgr - ok
15:56:36.0369 0x0cf4 [ 138A53D17B040F5A3A307D44A89D0905, AD212E430F2DE43F037BECF6A46FCD53270A5EE11427030C7D5CBC3EAAAAA029 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
15:56:36.0460 0x0cf4 avnetflt - ok
15:56:36.0517 0x0cf4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:56:36.0737 0x0cf4 AxInstSV - ok
15:56:36.0802 0x0cf4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:56:36.0927 0x0cf4 b06bdrv - ok
15:56:36.0991 0x0cf4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:56:37.0093 0x0cf4 b57nd60a - ok
15:56:37.0130 0x0cf4 [ A424CB46A145E5AABF15621550976DF2, B6CA183FD5ED72237D2DC1F599FD04A066C06A717A2CF63AF08D3AA0A227D7BA ] b57xdbd C:\Windows\system32\DRIVERS\b57xdbd.sys
15:56:37.0175 0x0cf4 b57xdbd - ok
15:56:37.0198 0x0cf4 [ BE4E6FD5A898812B85D5817AD9754A9F, 46A7C80283BE53F43A0D73DA3338461024DD002A7CF43660F9C7D640E0C72876 ] b57xdmp C:\Windows\system32\DRIVERS\b57xdmp.sys
15:56:37.0249 0x0cf4 b57xdmp - ok
15:56:37.0290 0x0cf4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
15:56:37.0378 0x0cf4 BDESVC - ok
15:56:37.0426 0x0cf4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
15:56:37.0533 0x0cf4 Beep - ok
15:56:37.0604 0x0cf4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
15:56:37.0725 0x0cf4 BFE - ok
15:56:37.0795 0x0cf4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
15:56:38.0100 0x0cf4 BITS - ok
15:56:38.0158 0x0cf4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:56:38.0221 0x0cf4 blbdrive - ok
15:56:38.0254 0x0cf4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:56:38.0324 0x0cf4 bowser - ok
15:56:38.0365 0x0cf4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:56:38.0423 0x0cf4 BrFiltLo - ok
15:56:38.0427 0x0cf4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:56:38.0478 0x0cf4 BrFiltUp - ok
15:56:38.0555 0x0cf4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
15:56:38.0632 0x0cf4 Browser - ok
15:56:38.0726 0x0cf4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:56:38.0822 0x0cf4 Brserid - ok
15:56:38.0859 0x0cf4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:56:38.0929 0x0cf4 BrSerWdm - ok
15:56:38.0952 0x0cf4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:56:39.0009 0x0cf4 BrUsbMdm - ok
15:56:39.0088 0x0cf4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:56:39.0137 0x0cf4 BrUsbSer - ok
15:56:39.0209 0x0cf4 [ 0970D8B7151E9113BF8D44CE2E954DF7, D467DFFA1668F3BE29620154A13867568C25211ED823BE6A220D2DEE7E3A1278 ] bScsiMSa C:\Windows\system32\DRIVERS\bScsiMSa.sys
15:56:39.0245 0x0cf4 bScsiMSa - ok
15:56:39.0294 0x0cf4 [ 0C1EEE5AF32402D306874B110DE237EC, B0FE0F3B6A1E2C003E6F4B6330601C43126881262B328D7DD93AC2C0B714DC86 ] bScsiSDa C:\Windows\system32\DRIVERS\bScsiSDa.sys
15:56:39.0320 0x0cf4 bScsiSDa - ok
15:56:39.0357 0x0cf4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:56:39.0425 0x0cf4 BTHMODEM - ok
15:56:39.0469 0x0cf4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
15:56:39.0555 0x0cf4 bthserv - ok
15:56:39.0652 0x0cf4 c2cautoupdatesvc - ok
15:56:39.0656 0x0cf4 c2cpnrsvc - ok
15:56:39.0710 0x0cf4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:56:39.0849 0x0cf4 cdfs - ok
15:56:39.0992 0x0cf4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:56:40.0112 0x0cf4 cdrom - ok
15:56:40.0185 0x0cf4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
15:56:40.0339 0x0cf4 CertPropSvc - ok
15:56:40.0405 0x0cf4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
15:56:40.0530 0x0cf4 circlass - ok
15:56:40.0643 0x0cf4 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
15:56:40.0719 0x0cf4 CLFS - ok
15:56:40.0846 0x0cf4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:56:40.0900 0x0cf4 clr_optimization_v2.0.50727_32 - ok
15:56:40.0973 0x0cf4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:56:41.0023 0x0cf4 clr_optimization_v2.0.50727_64 - ok
15:56:41.0119 0x0cf4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:56:41.0356 0x0cf4 clr_optimization_v4.0.30319_32 - ok
15:56:41.0415 0x0cf4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:56:41.0689 0x0cf4 clr_optimization_v4.0.30319_64 - ok
15:56:41.0802 0x0cf4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:56:41.0925 0x0cf4 CmBatt - ok
15:56:41.0983 0x0cf4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:56:42.0062 0x0cf4 cmdide - ok
15:56:42.0132 0x0cf4 [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG C:\Windows\system32\Drivers\cng.sys
15:56:42.0217 0x0cf4 CNG - ok
15:56:42.0353 0x0cf4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:56:42.0409 0x0cf4 Compbatt - ok
15:56:42.0471 0x0cf4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:56:42.0581 0x0cf4 CompositeBus - ok
15:56:42.0654 0x0cf4 COMSysApp - ok
15:56:42.0703 0x0cf4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:56:42.0781 0x0cf4 crcdisk - ok
15:56:42.0885 0x0cf4 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:56:42.0979 0x0cf4 CryptSvc - ok
15:56:43.0183 0x0cf4 [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
15:56:43.0274 0x0cf4 dbupdate - ok
15:56:43.0361 0x0cf4 [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
15:56:43.0463 0x0cf4 dbupdatem - ok
15:56:43.0557 0x0cf4 dbx - ok
15:56:43.0606 0x0cf4 [ 5B7A202DECF962A6C9A2E759551BF05E, 6BA11F7728C0A13EA4B6EF478584AE0117BA5909346FF6FE20308674F34701D7 ] DbxSvc C:\Windows\system32\DbxSvc.exe
15:56:43.0707 0x0cf4 DbxSvc - ok
15:56:43.0863 0x0cf4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:56:44.0086 0x0cf4 DcomLaunch - ok
15:56:44.0144 0x0cf4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
15:56:44.0351 0x0cf4 defragsvc - ok
15:56:44.0395 0x0cf4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:56:44.0596 0x0cf4 DfsC - ok
15:56:44.0684 0x0cf4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:56:44.0840 0x0cf4 Dhcp - ok
15:56:44.0896 0x0cf4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
15:56:45.0084 0x0cf4 discache - ok
15:56:45.0208 0x0cf4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
15:56:45.0314 0x0cf4 Disk - ok
15:56:45.0364 0x0cf4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:56:45.0496 0x0cf4 Dnscache - ok
15:56:45.0533 0x0cf4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
15:56:45.0659 0x0cf4 dot3svc - ok
15:56:45.0696 0x0cf4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
15:56:45.0814 0x0cf4 DPS - ok
15:56:45.0898 0x0cf4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:56:46.0003 0x0cf4 drmkaud - ok
15:56:46.0394 0x0cf4 [ 9DD3A22F804697606C2B7FF9E912FF6B, BBE2FC0D554030BA9E3A96CC4A360D61DBCCAA1D81BD7547809F29A3AF0B3A25 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:56:46.0494 0x0cf4 DsiWMIService - ok
15:56:46.0682 0x0cf4 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:56:46.0851 0x0cf4 DXGKrnl - ok
15:56:46.0894 0x0cf4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
15:56:47.0061 0x0cf4 EapHost - ok
15:56:47.0462 0x0cf4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:56:48.0042 0x0cf4 ebdrv - ok
15:56:48.0111 0x0cf4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS C:\Windows\System32\lsass.exe
15:56:48.0269 0x0cf4 EFS - ok
15:56:48.0409 0x0cf4 [ 5332EC2BA1C112BD4BB1F38127848FEF, 156585CE4011546B20EDD20D04E639A0788B1DE6455B23B94E2CD31BA725FE3C ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
15:56:48.0558 0x0cf4 EgisTec Ticket Service - ok
15:56:48.0758 0x0cf4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:56:48.0977 0x0cf4 ehRecvr - ok
15:56:49.0038 0x0cf4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
15:56:49.0127 0x0cf4 ehSched - ok
15:56:49.0260 0x0cf4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:56:49.0375 0x0cf4 elxstor - ok
15:56:49.0616 0x0cf4 [ 48425C93B6F36529707206E4FA680CF3, 328BD59DEDFAD359EF79CCFBC2AD3E9C95657EC616AE0611F5EFEB34B810692A ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
15:56:49.0738 0x0cf4 ePowerSvc - ok
15:56:49.0765 0x0cf4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:56:49.0851 0x0cf4 ErrDev - ok
15:56:49.0963 0x0cf4 [ ACB81E9F20882D2D2BEC7FF626E090AE, AC0329CFFD4429303B9484A3BB3E9CAE4FC937B66A62A9194C39CCD5012328F1 ] ESProtectionDriver C:\Windows\system32\drivers\mbae64.sys
15:56:50.0022 0x0cf4 ESProtectionDriver - ok
15:56:50.0074 0x0cf4 [ DBAA0C650C9549DC5C599D1E81DEDAAD, C8DF68CDACEF27C91CFD1FE8032A8DAF830D9E77C573C25DE5D41FC3DB824ABA ] ETD C:\Windows\system32\DRIVERS\ETD.sys
15:56:50.0154 0x0cf4 ETD - ok
15:56:50.0256 0x0cf4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
15:56:50.0400 0x0cf4 EventSystem - ok
15:56:50.0441 0x0cf4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
15:56:50.0574 0x0cf4 exfat - ok
15:56:50.0619 0x0cf4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:56:50.0733 0x0cf4 fastfat - ok
15:56:50.0818 0x0cf4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
15:56:50.0938 0x0cf4 Fax - ok
15:56:51.0031 0x0cf4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
15:56:51.0094 0x0cf4 fdc - ok
15:56:51.0158 0x0cf4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
15:56:51.0273 0x0cf4 fdPHost - ok
15:56:51.0324 0x0cf4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
15:56:51.0530 0x0cf4 FDResPub - ok
15:56:51.0558 0x0cf4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:56:51.0612 0x0cf4 FileInfo - ok
15:56:51.0647 0x0cf4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:56:51.0807 0x0cf4 Filetrace - ok
15:56:51.0964 0x0cf4 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:56:52.0152 0x0cf4 FLEXnet Licensing Service - ok
15:56:52.0203 0x0cf4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:56:52.0329 0x0cf4 flpydisk - ok
15:56:52.0388 0x0cf4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:56:52.0478 0x0cf4 FltMgr - ok
15:56:52.0664 0x0cf4 [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\Windows\system32\FntCache.dll
15:56:52.0893 0x0cf4 FontCache - ok
15:56:52.0992 0x0cf4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:56:53.0057 0x0cf4 FontCache3.0.0.0 - ok
15:56:53.0106 0x0cf4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:56:53.0171 0x0cf4 FsDepends - ok
15:56:53.0209 0x0cf4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:56:53.0269 0x0cf4 Fs_Rec - ok
15:56:53.0363 0x0cf4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:56:53.0449 0x0cf4 fvevol - ok
15:56:53.0489 0x0cf4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:56:53.0567 0x0cf4 gagp30kx - ok
15:56:53.0663 0x0cf4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
15:56:53.0841 0x0cf4 gpsvc - ok
15:56:53.0910 0x0cf4 [ C9B2D1D3F86FD3673EF847DEF73B6F9E, 9D3822A6464F685F770F8D02A8AE623A676888F135E8425C3BAF1CC077429A7F ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:56:53.0963 0x0cf4 GREGService - ok
15:56:54.0085 0x0cf4 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:56:54.0204 0x0cf4 gusvc - ok
15:56:54.0250 0x0cf4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:56:54.0415 0x0cf4 hcw85cir - ok
15:56:54.0510 0x0cf4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:56:54.0622 0x0cf4 HdAudAddService - ok
15:56:54.0664 0x0cf4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:56:54.0766 0x0cf4 HDAudBus - ok
15:56:54.0801 0x0cf4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:56:54.0896 0x0cf4 HidBatt - ok
15:56:54.0923 0x0cf4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:56:55.0027 0x0cf4 HidBth - ok
15:56:55.0075 0x0cf4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
15:56:55.0164 0x0cf4 HidIr - ok
15:56:55.0192 0x0cf4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
15:56:55.0362 0x0cf4 hidserv - ok
15:56:55.0482 0x0cf4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:56:55.0634 0x0cf4 HidUsb - ok
15:56:55.0703 0x0cf4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:56:56.0024 0x0cf4 hkmsvc - ok
15:56:56.0182 0x0cf4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:56:56.0545 0x0cf4 HomeGroupListener - ok
15:56:56.0649 0x0cf4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:56:56.0785 0x0cf4 HomeGroupProvider - ok
15:56:56.0881 0x0cf4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:56:56.0963 0x0cf4 HpSAMD - ok
15:56:57.0136 0x0cf4 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:56:57.0419 0x0cf4 HTTP - ok
15:56:57.0494 0x0cf4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:56:57.0542 0x0cf4 hwpolicy - ok
15:56:57.0613 0x0cf4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:56:57.0729 0x0cf4 i8042prt - ok
15:56:57.0865 0x0cf4 [ 26CF4275034214ECEDD8EC17B0A18A99, 95A08C63971C28F1BC97040C0ADA247E3B43DE7D937B14E33A394B955D0AC8B7 ] iaStor C:\Windows\system32\drivers\iaStor.sys
15:56:57.0997 0x0cf4 iaStor - ok
15:56:58.0200 0x0cf4 [ E79A8E33BD136D14BAE1FA20EB2EF124, 54AD784570282FEF21021BE76C57EE878EC6FF6423CE2FFC3A4372AF6C3112D4 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:56:58.0274 0x0cf4 IAStorDataMgrSvc - ok
15:56:58.0461 0x0cf4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:56:58.0562 0x0cf4 iaStorV - ok
15:56:58.0749 0x0cf4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:56:59.0074 0x0cf4 idsvc - ok
15:56:59.0127 0x0cf4 IEEtwCollectorService - ok
15:57:02.0083 0x0cf4 [ 9937600A1584FF00565D5379EB4C9EDB, CF03333E9E7BD940B27194A9CF21ED8A6A10B698B545A898291976F650FC2675 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:57:04.0100 0x0cf4 igfx - ok
15:57:04.0189 0x0cf4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:57:04.0310 0x0cf4 iirsp - ok
15:57:04.0446 0x0cf4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
15:57:04.0631 0x0cf4 IKEEXT - ok
15:57:05.0119 0x0cf4 [ CB7DADEF3D83FE2C12655A0BDCBA99F2, AD55A578986F008ED01635D3BB26414D71F418640099BFA92D9CABAB6A88E01D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:57:05.0833 0x0cf4 IntcAzAudAddService - ok
15:57:06.0256 0x0cf4 [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
15:57:06.0542 0x0cf4 IntcDAud - ok
15:57:06.0599 0x0cf4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
15:57:06.0670 0x0cf4 intelide - ok
15:57:06.0780 0x0cf4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:57:06.0888 0x0cf4 intelppm - ok
15:57:06.0991 0x0cf4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:57:07.0232 0x0cf4 IPBusEnum - ok
15:57:07.0386 0x0cf4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:57:07.0564 0x0cf4 IpFilterDriver - ok
15:57:07.0667 0x0cf4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:57:07.0871 0x0cf4 iphlpsvc - ok
15:57:07.0903 0x0cf4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:57:07.0967 0x0cf4 IPMIDRV - ok
15:57:08.0029 0x0cf4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:57:08.0189 0x0cf4 IPNAT - ok
15:57:08.0253 0x0cf4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:57:08.0355 0x0cf4 IRENUM - ok
15:57:08.0452 0x0cf4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:57:08.0516 0x0cf4 isapnp - ok
15:57:08.0605 0x0cf4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:57:08.0678 0x0cf4 iScsiPrt - ok
15:57:08.0806 0x0cf4 [ 455B75C19BF3F1F2EE3AC10E1169826C, C8CE6DE48E0B4621F2851A994261FA787556A27F9868A8859E5E8A8354028257 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
15:57:08.0906 0x0cf4 k57nd60a - ok
15:57:08.0957 0x0cf4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:57:08.0997 0x0cf4 kbdclass - ok
15:57:09.0067 0x0cf4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:57:09.0142 0x0cf4 kbdhid - ok
15:57:09.0168 0x0cf4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso C:\Windows\system32\lsass.exe
15:57:09.0210 0x0cf4 KeyIso - ok
15:57:09.0288 0x0cf4 [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:57:09.0331 0x0cf4 KSecDD - ok
15:57:09.0363 0x0cf4 [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:57:09.0411 0x0cf4 KSecPkg - ok
15:57:09.0502 0x0cf4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:57:09.0647 0x0cf4 ksthunk - ok
15:57:09.0705 0x0cf4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
15:57:09.0908 0x0cf4 KtmRm - ok
15:57:10.0098 0x0cf4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:57:10.0284 0x0cf4 LanmanServer - ok
15:57:10.0551 0x0cf4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:57:10.0758 0x0cf4 LanmanWorkstation - ok
15:57:10.0899 0x0cf4 [ B705C7097F9A0EC941D02DCE7C7D426C, 1A137BEA25BF7BA1EF190212CD6E556B53293D6388E9F7E790BF53F641F3CF89 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:57:10.0958 0x0cf4 Live Updater Service - ok
15:57:11.0053 0x0cf4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:57:11.0212 0x0cf4 lltdio - ok
15:57:11.0267 0x0cf4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:57:11.0439 0x0cf4 lltdsvc - ok
15:57:11.0492 0x0cf4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:57:11.0598 0x0cf4 lmhosts - ok
15:57:11.0771 0x0cf4 [ 50C7CE53EF461870410355F1F2E7D515, D6E84C63D74E4603D37FD7CC88BF51DE23CD17DB1D1AD4ADBED62F949F3C470C ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:57:11.0826 0x0cf4 LMS - ok
15:57:11.0881 0x0cf4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:57:11.0941 0x0cf4 LSI_FC - ok
15:57:11.0985 0x0cf4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:57:12.0093 0x0cf4 LSI_SAS - ok
15:57:12.0146 0x0cf4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:57:12.0209 0x0cf4 LSI_SAS2 - ok
15:57:12.0262 0x0cf4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:57:12.0420 0x0cf4 LSI_SCSI - ok
15:57:12.0462 0x0cf4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
15:57:12.0654 0x0cf4 luafv - ok
15:57:12.0814 0x0cf4 [ 835E1D6B5835EF70FC3BDF93ED42243A, 0025D232ED0FF9A572F8004094CFE21F62070DB832398345425554334E036DA6 ] MBAMChameleon C:\Windows\system32\drivers\MBAMChameleon.sys
15:57:12.0887 0x0cf4 MBAMChameleon - ok
15:57:13.0004 0x0cf4 [ E8E0D53AA910D8BC60A403E77DBA9B8C, D86EE7F845DB20230A036C26383A6F4314F80489A1D15C2A969A0C3C63706B7D ] MBAMFarflt C:\Windows\system32\drivers\farflt.sys
15:57:13.0098 0x0cf4 MBAMFarflt - ok
15:57:13.0183 0x0cf4 [ 88BD122C3A35DE63D75D382DF75554CE, ABDF59543CAD186A6ED4E66257205D9CF5047732A5DA74A96A28B468B41BC396 ] MBAMProtection C:\Windows\system32\drivers\mbam.sys
15:57:13.0266 0x0cf4 MBAMProtection - ok
15:57:14.0422 0x0cf4 [ 804E3246E3E73D4A936F2F4BCDC53A2D, BF1F9B4AC292238FA6EE541E325B220F311977F9D87D5BC7F90AD058FBF0B35A ] MBAMService C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
15:57:14.0927 0x0cf4 MBAMService - ok
15:57:15.0047 0x0cf4 [ F8E8B0977741F114407494174522B71A, 6A3FE40D4649D89ABED007FFF13C38F021284265EC692C6190FF0EF8BDECF99C ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
15:57:15.0165 0x0cf4 MBAMSwissArmy - ok
15:57:15.0279 0x0cf4 [ E6D1E2E9C1D3F4D3DF3180385D047DB4, 71C11C8B23B1616B7A18A73D21B91183FF644F6DB71D6D6E7286718FF6B82F0F ] MBAMWebProtection C:\Windows\system32\drivers\mwac.sys
15:57:15.0342 0x0cf4 MBAMWebProtection - ok
15:57:15.0387 0x0cf4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:57:15.0458 0x0cf4 Mcx2Svc - ok
15:57:15.0480 0x0cf4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
15:57:15.0541 0x0cf4 megasas - ok
15:57:15.0582 0x0cf4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:57:15.0653 0x0cf4 MegaSR - ok
15:57:15.0704 0x0cf4 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:57:15.0766 0x0cf4 MEIx64 - ok
15:57:15.0836 0x0cf4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
15:57:15.0945 0x0cf4 MMCSS - ok
15:57:15.0993 0x0cf4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
15:57:16.0119 0x0cf4 Modem - ok
15:57:16.0147 0x0cf4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:57:16.0243 0x0cf4 monitor - ok
15:57:16.0321 0x0cf4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:57:16.0389 0x0cf4 mouclass - ok
15:57:16.0473 0x0cf4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:57:16.0568 0x0cf4 mouhid - ok
15:57:16.0638 0x0cf4 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:57:16.0688 0x0cf4 mountmgr - ok
15:57:16.0828 0x0cf4 [ 40134FB7F20C2591A3C7FC9541980E3A, B42D542D9008078DDDCFF8ED0A88E2EAB46C01E270F04C9569D630670D734879 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:57:16.0986 0x0cf4 MozillaMaintenance - ok
15:57:17.0066 0x0cf4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
15:57:17.0166 0x0cf4 mpio - ok
15:57:17.0274 0x0cf4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:57:17.0429 0x0cf4 mpsdrv - ok
15:57:17.0648 0x0cf4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:57:17.0919 0x0cf4 MpsSvc - ok
15:57:17.0982 0x0cf4 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:57:18.0172 0x0cf4 MRxDAV - ok
15:57:18.0255 0x0cf4 [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:57:18.0445 0x0cf4 mrxsmb - ok
15:57:18.0541 0x0cf4 [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:57:18.0801 0x0cf4 mrxsmb10 - ok
15:57:18.0872 0x0cf4 [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:57:19.0168 0x0cf4 mrxsmb20 - ok
15:57:19.0257 0x0cf4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
15:57:19.0367 0x0cf4 msahci - ok
15:57:19.0412 0x0cf4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:57:19.0578 0x0cf4 msdsm - ok
15:57:19.0637 0x0cf4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
15:57:19.0714 0x0cf4 MSDTC - ok
15:57:19.0785 0x0cf4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:57:19.0929 0x0cf4 Msfs - ok
15:57:19.0951 0x0cf4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:57:20.0103 0x0cf4 mshidkmdf - ok
15:57:20.0180 0x0cf4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:57:20.0219 0x0cf4 msisadrv - ok
15:57:20.0419 0x0cf4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:57:20.0615 0x0cf4 MSiSCSI - ok
15:57:20.0623 0x0cf4 msiserver - ok
15:57:20.0746 0x0cf4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:57:20.0868 0x0cf4 MSKSSRV - ok
15:57:20.0950 0x0cf4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:57:21.0071 0x0cf4 MSPCLOCK - ok
15:57:21.0111 0x0cf4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:57:21.0278 0x0cf4 MSPQM - ok
15:57:21.0391 0x0cf4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:57:21.0483 0x0cf4 MsRPC - ok
15:57:21.0604 0x0cf4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:57:21.0684 0x0cf4 mssmbios - ok
15:57:21.0748 0x0cf4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:57:21.0946 0x0cf4 MSTEE - ok
15:57:21.0982 0x0cf4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:57:22.0082 0x0cf4 MTConfig - ok
15:57:22.0122 0x0cf4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
15:57:22.0178 0x0cf4 Mup - ok
15:57:22.0281 0x0cf4 [ C009123B206C56854F4E88596035231D, 670403A40B425F77C90ECB048A0C8BC11FB19E40A8CECC2C3DCF79175B745863 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:57:22.0364 0x0cf4 mwlPSDFilter - ok
15:57:22.0411 0x0cf4 [ BF3739EEB9F008B1DEBAC115089A53F8, 8546AB69087656259BBE17D6F80F4AB164B04171673CE2BF9FFD1B5C9584E9A4 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:57:22.0485 0x0cf4 mwlPSDNServ - ok
15:57:22.0526 0x0cf4 [ 38DD143D95E7A01B86F219DDA9C28779, 5FA8C0595CCF835DBCE1CC5322E8FD4BFB6DFB6CF869BB7CB73F919445D469AA ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:57:22.0672 0x0cf4 mwlPSDVDisk - ok
15:57:22.0810 0x0cf4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
15:57:23.0052 0x0cf4 napagent - ok
15:57:23.0149 0x0cf4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:57:23.0278 0x0cf4 NativeWifiP - ok
15:57:23.0487 0x0cf4 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:57:23.0645 0x0cf4 NDIS - ok
15:57:23.0735 0x0cf4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:57:23.0978 0x0cf4 NdisCap - ok
15:57:24.0341 0x0cf4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:57:24.0667 0x0cf4 NdisTapi - ok
15:57:25.0074 0x0cf4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:57:25.0367 0x0cf4 Ndisuio - ok
15:57:25.0615 0x0cf4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:57:26.0122 0x0cf4 NdisWan - ok
15:57:26.0222 0x0cf4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:57:26.0906 0x0cf4 NDProxy - ok
15:57:26.0983 0x0cf4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:57:27.0164 0x0cf4 NetBIOS - ok
15:57:27.0289 0x0cf4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:57:27.0453 0x0cf4 NetBT - ok
15:57:27.0481 0x0cf4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon C:\Windows\system32\lsass.exe
15:57:27.0575 0x0cf4 Netlogon - ok
15:57:27.0776 0x0cf4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
15:57:28.0215 0x0cf4 Netman - ok
15:57:28.0722 0x0cf4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:29.0242 0x0cf4 NetMsmqActivator - ok
15:57:29.0417 0x0cf4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:29.0541 0x0cf4 NetPipeActivator - ok
15:57:29.0729 0x0cf4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
15:57:30.0123 0x0cf4 netprofm - ok
15:57:30.0499 0x0cf4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:30.0679 0x0cf4 NetTcpActivator - ok
15:57:30.0829 0x0cf4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:31.0063 0x0cf4 NetTcpPortSharing - ok
15:57:31.0487 0x0cf4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:57:31.0619 0x0cf4 nfrd960 - ok
15:57:31.0696 0x0cf4 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
15:57:31.0833 0x0cf4 NlaSvc - ok
15:57:31.0876 0x0cf4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:57:32.0032 0x0cf4 Npfs - ok
15:57:32.0088 0x0cf4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
15:57:32.0537 0x0cf4 nsi - ok
15:57:32.0704 0x0cf4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:57:33.0222 0x0cf4 nsiproxy - ok
15:57:33.0592 0x0cf4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:57:33.0871 0x0cf4 Ntfs - ok
15:57:34.0077 0x0cf4 [ D27A4546417ED7C4AEA7B3420D4F1F50, 8D52FF7D2C6E338E2E8B414F0FE9ED296A901CB38BCFF8814B1ECE52D8D1599D ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
15:57:34.0124 0x0cf4 NTI IScheduleSvc - ok
15:57:34.0782 0x0cf4 [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
15:57:35.0442 0x0cf4 NTIDrvr - ok
15:57:35.0598 0x0cf4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
15:57:35.0835 0x0cf4 Null - ok
15:57:49.0529 0x0cf4 [ EE6B7B6A54BCAFF516E30B1C15467495, 85D5E22593549C7980AA3523F0C9C4391E0D147B29F07500A8DA68F49D80A84F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:57:52.0852 0x0cf4 nvlddmkm - ok
15:57:53.0114 0x0cf4 [ 4086D655D237E091ECC34BEC94E55C3E, 498A57AC8F02247A4C95A74F0C19FF49A2B91872DB22B7EF7FAC4195402D9447 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
15:57:53.0359 0x0cf4 nvpciflt - ok
15:57:53.0403 0x0cf4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:57:53.0505 0x0cf4 nvraid - ok
15:57:53.0560 0x0cf4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:57:53.0638 0x0cf4 nvstor - ok
15:57:53.0842 0x0cf4 [ 25626309AD2F81D47C829CCB5E46E478, D23F9F72C064B5D2A7979674703585345A78F7BE88887794FC9CA2971818B3DC ] nvsvc C:\Windows\system32\nvvsvc.exe
15:57:53.0989 0x0cf4 nvsvc - ok
15:57:54.0804 0x0cf4 [ A9AFE5B0648C8D7A411A72D8222F7F6E, A58AF8C615D97C769DA778D56F7E6999AAEB577C82C65455D3B2A8ED5B742777 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:57:55.0071 0x0cf4 nvUpdatusService - ok
15:57:55.0107 0x0cf4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:57:55.0158 0x0cf4 nv_agp - ok
15:57:55.0189 0x0cf4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:57:55.0282 0x0cf4 ohci1394 - ok
15:57:55.0368 0x0cf4 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:57:55.0537 0x0cf4 ose - ok
15:57:55.0671 0x0cf4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:57:55.0759 0x0cf4 p2pimsvc - ok
15:57:55.0818 0x0cf4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
15:57:55.0904 0x0cf4 p2psvc - ok
15:57:55.0954 0x0cf4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
15:57:56.0009 0x0cf4 Parport - ok
15:57:56.0047 0x0cf4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:57:56.0093 0x0cf4 partmgr - ok
15:57:56.0375 0x0cf4 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:57:56.0593 0x0cf4 PcaSvc - ok
15:57:56.0829 0x0cf4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
15:57:56.0941 0x0cf4 pci - ok
15:57:57.0097 0x0cf4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
15:57:57.0163 0x0cf4 pciide - ok
15:57:57.0218 0x0cf4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:57:57.0317 0x0cf4 pcmcia - ok
15:57:57.0356 0x0cf4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
15:57:57.0396 0x0cf4 pcw - ok
15:57:57.0671 0x0cf4 [ 20372BE109FEE1C37E2D5216680DB9EB, 2C3737FB3C6BCF81D0A7293667412DDEA649A8AEA40B7ADCFCB9893E8B3C4AF3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
15:57:57.0817 0x0cf4 PDF Architect Helper Service - ok
15:57:57.0970 0x0cf4 [ B90A279073A815A4AA2C45A09EE004FA, 9EA27630C47F5FF99CBBE513C113F3ED01FABA0D59B9D9637764027BCC6EA24A ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
15:57:58.0058 0x0cf4 PDF Architect Service - ok
15:57:58.0141 0x0cf4 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:57:58.0348 0x0cf4 PEAUTH - ok
15:57:58.0785 0x0cf4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:57:58.0853 0x0cf4 PerfHost - ok
15:57:59.0048 0x0cf4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
15:57:59.0265 0x0cf4 pla - ok
15:57:59.0363 0x0cf4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:57:59.0461 0x0cf4 PlugPlay - ok
15:57:59.0516 0x0cf4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:57:59.0579 0x0cf4 PNRPAutoReg - ok
15:57:59.0617 0x0cf4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:57:59.0672 0x0cf4 PNRPsvc - ok
15:57:59.0761 0x0cf4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:57:59.0863 0x0cf4 PolicyAgent - ok
15:57:59.0897 0x0cf4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
15:57:59.0977 0x0cf4 Power - ok
15:58:00.0076 0x0cf4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:58:00.0180 0x0cf4 PptpMiniport - ok
15:58:00.0271 0x0cf4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
15:58:00.0533 0x0cf4 Processor - ok
15:58:00.0855 0x0cf4 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
15:58:00.0910 0x0cf4 ProfSvc - ok
15:58:00.0952 0x0cf4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:58:00.0985 0x0cf4 ProtectedStorage - ok
15:58:01.0021 0x0cf4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:58:01.0109 0x0cf4 Psched - ok
15:58:01.0157 0x0cf4 [ 07D57B890DD5693A6AB660CBAE8F91B4, 934895A41C116056E22FE3298418332A9F4280F96E96EEE06C977A4925395674 ] PxHlpa64 C:\Windows\system32\drivers\PxHlpa64.sys
15:58:01.0201 0x0cf4 PxHlpa64 - ok
15:58:01.0414 0x0cf4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:58:01.0695 0x0cf4 ql2300 - ok
15:58:01.0739 0x0cf4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:58:01.0783 0x0cf4 ql40xx - ok
15:58:01.0849 0x0cf4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
15:58:01.0892 0x0cf4 QWAVE - ok
15:58:01.0928 0x0cf4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:58:01.0979 0x0cf4 QWAVEdrv - ok
15:58:02.0021 0x0cf4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:58:02.0080 0x0cf4 RasAcd - ok
15:58:02.0261 0x0cf4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:58:02.0748 0x0cf4 RasAgileVpn - ok
15:58:02.0945 0x0cf4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
15:58:03.0347 0x0cf4 RasAuto - ok
15:58:03.0612 0x0cf4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:58:03.0953 0x0cf4 Rasl2tp - ok
15:58:04.0298 0x0cf4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
15:58:04.0584 0x0cf4 RasMan - ok
15:58:04.0643 0x0cf4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:58:04.0794 0x0cf4 RasPppoe - ok
15:58:04.0835 0x0cf4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:58:04.0971 0x0cf4 RasSstp - ok
15:58:05.0025 0x0cf4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:58:05.0205 0x0cf4 rdbss - ok
15:58:05.0230 0x0cf4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:58:05.0315 0x0cf4 rdpbus - ok
15:58:05.0342 0x0cf4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:58:05.0472 0x0cf4 RDPCDD - ok
15:58:05.0680 0x0cf4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:58:05.0839 0x0cf4 RDPENCDD - ok
15:58:05.0942 0x0cf4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:58:06.0071 0x0cf4 RDPREFMP - ok
15:58:06.0143 0x0cf4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:58:06.0249 0x0cf4 RDPWD - ok
15:58:06.0304 0x0cf4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:58:06.0343 0x0cf4 rdyboost - ok
15:58:06.0387 0x0cf4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:58:06.0539 0x0cf4 RemoteAccess - ok
15:58:06.0642 0x0cf4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:58:06.0816 0x0cf4 RemoteRegistry - ok
15:58:06.0916 0x0cf4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:58:07.0038 0x0cf4 RpcEptMapper - ok
15:58:07.0087 0x0cf4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
15:58:07.0164 0x0cf4 RpcLocator - ok
15:58:07.0279 0x0cf4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
15:58:07.0382 0x0cf4 RpcSs - ok
15:58:07.0466 0x0cf4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:58:07.0568 0x0cf4 rspndr - ok
15:58:07.0619 0x0cf4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs C:\Windows\system32\lsass.exe
15:58:07.0670 0x0cf4 SamSs - ok
15:58:07.0729 0x0cf4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:58:07.0808 0x0cf4 sbp2port - ok
15:58:07.0884 0x0cf4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:58:07.0997 0x0cf4 SCardSvr - ok
15:58:08.0065 0x0cf4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:58:08.0149 0x0cf4 scfilter - ok
15:58:08.0475 0x0cf4 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
15:58:08.0663 0x0cf4 Schedule - ok
15:58:08.0738 0x0cf4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:58:08.0817 0x0cf4 SCPolicySvc - ok
15:58:08.0864 0x0cf4 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:58:08.0919 0x0cf4 sdbus - ok
15:58:08.0980 0x0cf4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:58:09.0054 0x0cf4 SDRSVC - ok
15:58:09.0110 0x0cf4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:58:09.0207 0x0cf4 secdrv - ok
15:58:09.0242 0x0cf4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
15:58:09.0319 0x0cf4 seclogon - ok
15:58:09.0355 0x0cf4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
15:58:09.0424 0x0cf4 SENS - ok
15:58:09.0498 0x0cf4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:58:09.0646 0x0cf4 SensrSvc - ok
15:58:09.0690 0x0cf4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:58:09.0767 0x0cf4 Serenum - ok
15:58:09.0828 0x0cf4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
15:58:09.0917 0x0cf4 Serial - ok
15:58:09.0982 0x0cf4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:58:10.0046 0x0cf4 sermouse - ok
15:58:10.0110 0x0cf4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
15:58:10.0174 0x0cf4 SessionEnv - ok
15:58:10.0367 0x0cf4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:58:10.0657 0x0cf4 sffdisk - ok
15:58:10.0712 0x0cf4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:58:10.0828 0x0cf4 sffp_mmc - ok
15:58:10.0846 0x0cf4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:58:10.0928 0x0cf4 sffp_sd - ok
15:58:10.0972 0x0cf4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:58:11.0032 0x0cf4 sfloppy - ok
15:58:11.0164 0x0cf4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:58:11.0231 0x0cf4 SharedAccess - ok
15:58:11.0280 0x0cf4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:58:11.0344 0x0cf4 ShellHWDetection - ok
15:58:11.0399 0x0cf4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:58:11.0498 0x0cf4 SiSRaid2 - ok
15:58:11.0586 0x0cf4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:58:11.0647 0x0cf4 SiSRaid4 - ok
15:58:11.0692 0x0cf4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:58:11.0758 0x0cf4 Smb - ok
15:58:11.0862 0x0cf4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:58:11.0910 0x0cf4 SNMPTRAP - ok
15:58:11.0950 0x0cf4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
15:58:11.0966 0x0cf4 spldr - ok
15:58:12.0064 0x0cf4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
15:58:12.0304 0x0cf4 Spooler - ok
15:58:12.0879 0x0cf4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
15:58:13.0149 0x0cf4 sppsvc - ok
15:58:13.0173 0x0cf4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:58:13.0269 0x0cf4 sppuinotify - ok
15:58:13.0363 0x0cf4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:58:13.0436 0x0cf4 srv - ok
15:58:13.0477 0x0cf4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:58:13.0556 0x0cf4 srv2 - ok
15:58:13.0571 0x0cf4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:58:13.0664 0x0cf4 srvnet - ok
15:58:13.0717 0x0cf4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:58:13.0803 0x0cf4 SSDPSRV - ok
15:58:13.0861 0x0cf4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:58:13.0921 0x0cf4 SstpSvc - ok
15:58:14.0149 0x0cf4 [ 596DC69BB40A96FCA4B19D9D1E221E34, 3469D3B2E9A88E39C14AE2E3DD5EC3D91FBB88CA568D794555B397B50E64AB15 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
15:58:14.0858 0x0cf4 Steam Client Service - ok
15:58:14.0922 0x0cf4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:58:14.0966 0x0cf4 stexstor - ok
15:58:15.0030 0x0cf4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
15:58:15.0066 0x0cf4 stisvc - ok
15:58:15.0149 0x0cf4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
15:58:15.0235 0x0cf4 swenum - ok
15:58:15.0300 0x0cf4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
15:58:15.0366 0x0cf4 swprv - ok
15:58:15.0529 0x0cf4 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
15:58:15.0683 0x0cf4 SysMain - ok
15:58:15.0729 0x0cf4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:58:15.0772 0x0cf4 TabletInputService - ok
15:58:15.0802 0x0cf4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
15:58:15.0871 0x0cf4 TapiSrv - ok
15:58:15.0886 0x0cf4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
15:58:15.0930 0x0cf4 TBS - ok
15:58:16.0110 0x0cf4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:58:16.0518 0x0cf4 Tcpip - ok
15:58:16.0959 0x0cf4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:58:17.0051 0x0cf4 TCPIP6 - ok
15:58:17.0095 0x0cf4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:58:17.0162 0x0cf4 tcpipreg - ok
15:58:17.0248 0x0cf4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:58:17.0318 0x0cf4 TDPIPE - ok
15:58:17.0339 0x0cf4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:58:17.0374 0x0cf4 TDTCP - ok
15:58:17.0466 0x0cf4 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:58:17.0551 0x0cf4 tdx - ok
15:58:17.0621 0x0cf4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
15:58:17.0638 0x0cf4 TermDD - ok
15:58:17.0713 0x0cf4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
15:58:17.0885 0x0cf4 TermService - ok
15:58:17.0935 0x0cf4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
15:58:18.0074 0x0cf4 Themes - ok
15:58:18.0123 0x0cf4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
15:58:18.0823 0x0cf4 THREADORDER - ok
15:58:19.0065 0x0cf4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
15:58:19.0219 0x0cf4 TrkWks - ok
15:58:19.0318 0x0cf4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:58:19.0441 0x0cf4 TrustedInstaller - ok
15:58:19.0616 0x0cf4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:58:19.0696 0x0cf4 tssecsrv - ok
15:58:19.0815 0x0cf4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:58:19.0978 0x0cf4 TsUsbFlt - ok
15:58:20.0025 0x0cf4 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:58:20.0119 0x0cf4 TsUsbGD - ok
15:58:20.0363 0x0cf4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:58:20.0696 0x0cf4 tunnel - ok
15:58:20.0754 0x0cf4 [ FD24F98D2898BE093FE926604BE7DB99, F9851C57A2ED838AC76BB19FE2F62BB81C57DBBE2A2555F738B5D6725D39AD61 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
15:58:20.0865 0x0cf4 TurboB - ok
15:58:20.0984 0x0cf4 [ 600B406A04D90F577FEA8A88D7379F08, 77CC8E8AFB6F571A42D916C0B2FEFFD3A7A32A455C78228B407C6C9B6DED8CAD ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:58:21.0089 0x0cf4 TurboBoost - ok
15:58:21.0152 0x0cf4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:58:21.0257 0x0cf4 uagp35 - ok
15:58:21.0287 0x0cf4 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
15:58:21.0366 0x0cf4 UBHelper - ok
15:58:21.0449 0x0cf4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:58:21.0580 0x0cf4 udfs - ok
15:58:21.0681 0x0cf4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:58:21.0768 0x0cf4 UI0Detect - ok
15:58:21.0828 0x0cf4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:58:21.0925 0x0cf4 uliagpkx - ok
15:58:21.0994 0x0cf4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:58:22.0047 0x0cf4 umbus - ok
15:58:22.0066 0x0cf4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
15:58:22.0141 0x0cf4 UmPass - ok
15:58:22.0901 0x0cf4 [ 374EBDA379A8F38E0CFC2211611E7167, 0D6C3002B28E27C052227488CEE69FA99399421FF777EB48031E6080A759F532 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:58:23.0135 0x0cf4 UNS - ok
15:58:23.0193 0x0cf4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
15:58:23.0317 0x0cf4 upnphost - ok
15:58:23.0385 0x0cf4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:58:23.0500 0x0cf4 usbccgp - ok
15:58:23.0574 0x0cf4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:58:23.0673 0x0cf4 usbcir - ok
15:58:23.0726 0x0cf4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:58:23.0791 0x0cf4 usbehci - ok
15:58:23.0873 0x0cf4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:58:23.0958 0x0cf4 usbhub - ok
15:58:23.0999 0x0cf4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:58:24.0058 0x0cf4 usbohci - ok
15:58:24.0108 0x0cf4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:58:24.0159 0x0cf4 usbprint - ok
15:58:24.0310 0x0cf4 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:58:24.0830 0x0cf4 usbscan - ok
15:58:24.0893 0x0cf4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:58:25.0092 0x0cf4 USBSTOR - ok
15:58:25.0164 0x0cf4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:58:25.0251 0x0cf4 usbuhci - ok
15:58:25.0378 0x0cf4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:58:25.0518 0x0cf4 usbvideo - ok
15:58:25.0563 0x0cf4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
15:58:25.0640 0x0cf4 UxSms - ok
15:58:25.0677 0x0cf4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc C:\Windows\system32\lsass.exe
15:58:25.0705 0x0cf4 VaultSvc - ok
15:58:25.0743 0x0cf4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:58:25.0769 0x0cf4 vdrvroot - ok
15:58:25.0867 0x0cf4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
15:58:25.0974 0x0cf4 vds - ok
15:58:26.0024 0x0cf4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:58:26.0072 0x0cf4 vga - ok
15:58:26.0097 0x0cf4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:58:26.0227 0x0cf4 VgaSave - ok
15:58:26.0406 0x0cf4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:58:26.0718 0x0cf4 vhdmp - ok
15:58:26.0770 0x0cf4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
15:58:26.0908 0x0cf4 viaide - ok
15:58:26.0961 0x0cf4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:58:27.0020 0x0cf4 volmgr - ok
15:58:27.0079 0x0cf4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:58:27.0197 0x0cf4 volmgrx - ok
15:58:27.0273 0x0cf4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:58:27.0349 0x0cf4 volsnap - ok
15:58:27.0420 0x0cf4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:58:27.0553 0x0cf4 vsmraid - ok
15:58:27.0739 0x0cf4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
15:58:28.0036 0x0cf4 VSS - ok
15:58:28.0071 0x0cf4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:58:28.0148 0x0cf4 vwifibus - ok
15:58:28.0440 0x0cf4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:58:28.0568 0x0cf4 vwififlt - ok
15:58:29.0070 0x0cf4 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:58:29.0165 0x0cf4 vwifimp - ok
15:58:29.0411 0x0cf4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
15:58:29.0516 0x0cf4 W32Time - ok
15:58:29.0553 0x0cf4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:58:29.0630 0x0cf4 WacomPen - ok
15:58:29.0679 0x0cf4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:58:29.0759 0x0cf4 WANARP - ok
15:58:29.0766 0x0cf4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:58:29.0846 0x0cf4 Wanarpv6 - ok
15:58:30.0031 0x0cf4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
15:58:30.0326 0x0cf4 wbengine - ok
15:58:30.0489 0x0cf4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:58:30.0605 0x0cf4 WbioSrvc - ok
15:58:30.0874 0x0cf4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:58:31.0093 0x0cf4 wcncsvc - ok
15:58:31.0162 0x0cf4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:58:31.0282 0x0cf4 WcsPlugInService - ok
15:58:31.0332 0x0cf4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
15:58:31.0410 0x0cf4 Wd - ok
15:58:31.0590 0x0cf4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:58:31.0757 0x0cf4 Wdf01000 - ok
15:58:31.0823 0x0cf4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:58:31.0920 0x0cf4 WdiServiceHost - ok
15:58:31.0934 0x0cf4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:58:32.0022 0x0cf4 WdiSystemHost - ok
15:58:32.0080 0x0cf4 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
15:58:32.0185 0x0cf4 WebClient - ok
15:58:32.0251 0x0cf4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:58:32.0405 0x0cf4 Wecsvc - ok
15:58:32.0447 0x0cf4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:58:32.0558 0x0cf4 wercplsupport - ok
15:58:32.0616 0x0cf4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
15:58:32.0718 0x0cf4 WerSvc - ok
15:58:32.0741 0x0cf4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:58:32.0818 0x0cf4 WfpLwf - ok
15:58:32.0877 0x0cf4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:58:32.0909 0x0cf4 WIMMount - ok
15:58:32.0953 0x0cf4 WinDefend - ok
15:58:33.0013 0x0cf4 WinHttpAutoProxySvc - ok
15:58:33.0152 0x0cf4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:58:33.0272 0x0cf4 Winmgmt - ok
15:58:33.0447 0x0cf4 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
15:58:33.0786 0x0cf4 WinRM - ok
15:58:33.0924 0x0cf4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
15:58:34.0020 0x0cf4 WinUsb - ok
15:58:34.0144 0x0cf4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:58:34.0464 0x0cf4 Wlansvc - ok
15:58:34.0686 0x0cf4 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:58:34.0809 0x0cf4 wlcrasvc - ok
15:58:35.0236 0x0cf4 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:58:35.0932 0x0cf4 wlidsvc - ok
15:58:36.0037 0x0cf4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:58:36.0341 0x0cf4 WmiAcpi - ok
15:58:36.0816 0x0cf4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:58:37.0365 0x0cf4 wmiApSrv - ok
15:58:37.0453 0x0cf4 WMPNetworkSvc - ok
15:58:37.0518 0x0cf4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:58:37.0710 0x0cf4 WPCSvc - ok
15:58:37.0743 0x0cf4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:58:38.0054 0x0cf4 WPDBusEnum - ok
15:58:38.0153 0x0cf4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:58:38.0498 0x0cf4 ws2ifsl - ok
15:58:38.0869 0x0cf4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
15:58:38.0986 0x0cf4 wscsvc - ok
15:58:39.0096 0x0cf4 WSearch - ok
15:58:39.0558 0x0cf4 [ 6075791ED85E47A2A2916B1F34582944, 25B5FAD161711875B38BDD014A26FA527C8EE4854D485989D19A72D5EBBA4054 ] wuauserv C:\Windows\system32\wuaueng.dll
15:58:39.0961 0x0cf4 wuauserv - ok
15:58:40.0181 0x0cf4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:58:40.0748 0x0cf4 WudfPf - ok
15:58:41.0223 0x0cf4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys
15:58:41.0314 0x0cf4 WUDFRd - ok
15:58:41.0420 0x0cf4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:58:41.0495 0x0cf4 wudfsvc - ok
15:58:41.0607 0x0cf4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
15:58:42.0061 0x0cf4 WwanSvc - ok
15:58:42.0110 0x0cf4 ================ Scan global ===============================
15:58:42.0908 0x0cf4 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
15:58:42.0999 0x0cf4 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
15:58:43.0050 0x0cf4 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
15:58:43.0116 0x0cf4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:58:43.0271 0x0cf4 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
15:58:43.0297 0x0cf4 [ Global ] - ok
15:58:43.0298 0x0cf4 ================ Scan MBR ==================================
15:58:43.0350 0x0cf4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:58:44.0974 0x0cf4 \Device\Harddisk0\DR0 - ok
15:58:44.0975 0x0cf4 ================ Scan VBR ==================================
15:58:44.0993 0x0cf4 [ 4054E6D010F116FF22C6A81A7867C748 ] \Device\Harddisk0\DR0\Partition1
15:58:44.0997 0x0cf4 \Device\Harddisk0\DR0\Partition1 - ok
15:58:45.0055 0x0cf4 [ 0930291C71695DC6E638306430DA84FB ] \Device\Harddisk0\DR0\Partition2
15:58:45.0060 0x0cf4 \Device\Harddisk0\DR0\Partition2 - ok
15:58:45.0061 0x0cf4 ================ Scan generic autorun ======================
15:58:45.0113 0x0cf4 [ BA9E8BF3E91C14DE99FDB1FA946D07AF, 9C3F5F52EE5B8D02B15EE18AA492FB110547A8DCDA3F8284A614F4E1A30F9BB1 ] C:\Windows\system32\igfxtray.exe
15:58:45.0193 0x0cf4 IgfxTray - ok
15:58:45.0258 0x0cf4 [ B20857C91A3E992A5AC93D8625C53CAE, ECB89856B267E2F4930CB7B404B51425C6375A47F864577C1A7B8B255278EC12 ] C:\Windows\system32\hkcmd.exe
15:58:45.0331 0x0cf4 HotKeysCmds - ok
15:58:45.0376 0x0cf4 [ 29E120E36791B2E620CC398847C28E12, 7C2904FEDD50F49447FD091D33BB3BFA5A2A684101ADB123BC2C08699320B912 ] C:\Windows\system32\igfxpers.exe
15:58:45.0515 0x0cf4 Persistence - ok
15:58:45.0521 0x0cf4 IntelTBRunOnce - ok
15:58:45.0524 0x0cf4 ETDCtrl - ok
15:58:48.0454 0x0cf4 [ 5DADA908E14051D65DB1991CB0B1F58D, DC02EDA032CEC2241F302995BF010B0376D5421A3E97583CB8A13A80993290B4 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
15:58:49.0388 0x0cf4 RtHDVCpl - ok
15:58:49.0838 0x0cf4 [ E897F9B62E611D59FDFAB82FC829B93A, E11E1A488D461105104E7FFD9F8219BDD231807FE33600233BEF11A432E138FD ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
15:58:50.0100 0x0cf4 RtHDVBg_Dolby - ok
15:58:50.0860 0x0cf4 [ F0474296AC4E0E6BDE733C1B8513E41A, 2E54894FC1B422F0C520D11166204926D3994A3440037D655C73D66D7118859C ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
15:58:51.0104 0x0cf4 Power Management - ok
15:58:51.0381 0x0cf4 Ocs_SM - ok
15:58:51.0636 0x0cf4 [ 6B08632F7634F344372B25A507DA7C47, C955BFB0F4601A4D1077119B204785FE4CB975E961D2AEE9C2BFA6EDC27E3CE2 ] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
15:58:51.0772 0x0cf4 Nvtmru - ok
15:58:52.0035 0x0cf4 [ 79C9B6A7836DC358216036A1EBA31B62, 9E3987ED10C5CFCD06A2DCBC4E0838004F97A1527527749EF3CC7C5EC5AC2597 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
15:58:52.0114 0x0cf4 AdobeAAMUpdater-1.0 - ok
15:58:52.0936 0x0cf4 [ A6A21A7D544675E98C040DA18904CF50, AACB578C297C7AC9FEBDAB4AD20235E5CFF6E3F260E76E6AE18D43DC57D69672 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
15:58:53.0368 0x0cf4 Malwarebytes TrayApp - ok
15:58:53.0520 0x0cf4 [ 4A80B3C030178E65CF0BECFF1BB20905, EBBB74B0597D1884D279C77248A818A6D9300DDE06BCE498945B82715ABE0196 ] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
15:58:53.0594 0x0cf4 SuiteTray - ok
15:58:53.0660 0x0cf4 [ 4DDE3E01B5020B3D5DEEC7E3DC0F3185, C7315F3521EE461027A3DDE7CFC0EA4F8E705A98F9292284BB20620D7F34DDE9 ] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
15:58:53.0735 0x0cf4 BackupManagerTray - ok
15:58:54.0070 0x0cf4 [ 9ABC4E3B00CFA3A47D5569F5B49FE42F, 5D33CCE770BC9BC3AFA544A21F100A7F1E5A36577FDB30884160AC4BFE6A1838 ] C:\Program Files (x86)\Launch Manager\LManager.exe
15:58:54.0284 0x0cf4 LManager - ok
15:58:54.0494 0x0cf4 [ E6CC0FA3C1040C791EB3F4BA6C789411, 095D5965FEE00ACB6D8713B2E2772A409A84F42D85383AEAF5FC3E2E393DC07D ] C:\Dolby PCEE4\pcee4.exe
15:58:54.0578 0x0cf4 Dolby Advanced Audio v2 - ok
15:58:55.0024 0x0cf4 [ 1BC31F797516DC7B7446B62A849D5905, 49B35A41F1C3739800CBA2A559C2AEFE89FBC090F8305681AF3B379B639E16AA ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
15:58:55.0220 0x0cf4 avgnt - ok
15:58:55.0452 0x0cf4 [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
15:58:55.0532 0x0cf4 SunJavaUpdateSched - ok
15:58:55.0712 0x0cf4 [ 258E2CD2C4984A977106C9EF7CA8AF69, D8F6409D5F5782CC27D159D18E914A3DB59D8644D7017CA6F84F0CF30E95174C ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
15:58:55.0771 0x0cf4 Avira SystrayStartTrigger - ok
15:58:56.0523 0x0cf4 Dropbox - ok
15:58:56.0533 0x0cf4 WinampAgent - ok
15:58:56.0904 0x0cf4 [ D474767D4805CEF801AF6D4AEED1F9E3, 4645EABB554ED97737D9375826EFB06BF43E3DC4C33095FDCCC530B51DEC6145 ] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
15:58:56.0960 0x0cf4 ArcadeMovieService - ok
15:58:57.0262 0x0cf4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:58:57.0617 0x0cf4 Sidebar - ok
15:58:57.0681 0x0cf4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:58:57.0785 0x0cf4 mctadmin - ok
15:58:57.0793 0x0cf4 IsMyWinLockerReboot - ok
15:58:58.0041 0x0cf4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:58:58.0179 0x0cf4 Sidebar - ok
15:58:58.0336 0x0cf4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:58:58.0411 0x0cf4 mctadmin - ok
15:58:58.0417 0x0cf4 IsMyWinLockerReboot - ok
15:58:58.0841 0x0cf4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:58:59.0005 0x0cf4 Sidebar - ok
15:58:59.0048 0x0cf4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:58:59.0140 0x0cf4 mctadmin - ok
15:58:59.0297 0x0cf4 [ 8E27F731A1BDED1B13DEBA9E54FE0B20, 326F0CFC75AD7E552DA5DD64964C06AC0AD6E71BF0D5F568C2AEE9206C2FD0BE ] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe
15:58:59.0601 0x0cf4 ScrSav - ok
15:58:59.0720 0x0cf4 [ CC436BB2A26391F3DEBE316F6FB0474F, 2DA63827AD1449CA5F2888ADFA9645F1EAF8B39D26EC214441EE80F3A56E6E72 ] C:\Users\Mandragora\AppData\Local\Microsoft\BingSvc\BingSvc.exe
15:58:59.0807 0x0cf4 BingSvc - ok
15:59:00.0512 0x0cf4 [ FB4A70985CE3C2571D7053630B6D2595, 5190F7DCFDA783DD8C8E500CC0187F747F70B890511318CCF31A332917D21529 ] C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
15:59:00.0851 0x0cf4 CAHeadless - ok
15:59:01.0666 0x0cf4 [ 5710E80EAB62305C4FD4D968567448D2, BDC26F7A2313AB637FDBEEFCA705C5DF5C6F73F28F4BBB4C5FF2BB6B3F551CE6 ] C:\Program Files (x86)\Steam\steam.exe
15:59:02.0002 0x0cf4 Steam - ok
15:59:02.0460 0x0cf4 [ 89CACBC5A5D9F14AD11F09D1DE49294E, 5D9F810E57527ED9E95BB208DBA13D25AF64346B298C1C793335775F9AED21C7 ] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
15:59:02.0553 0x0cf4 Sony PC Companion - ok
15:59:02.0631 0x0cf4 EA Core - ok
15:59:03.0064 0x0cf4 [ C1DE156BD17A08A294C61C28981CCAD5, BCB8351A3F00126F0DD70C9FD72ED8CBEA692E76D1C377ECF8762E822DC31DDF ] C:\Users\Mandragora\AppData\Local\FluxSoftware\Flux\flux.exe
15:59:03.0272 0x0cf4 f.lux - ok
15:59:03.0461 0x0cf4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:59:03.0582 0x0cf4 Sidebar - ok
15:59:03.0625 0x0cf4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:59:03.0699 0x0cf4 mctadmin - ok
15:59:03.0768 0x0cf4 [ 8E27F731A1BDED1B13DEBA9E54FE0B20, 326F0CFC75AD7E552DA5DD64964C06AC0AD6E71BF0D5F568C2AEE9206C2FD0BE ] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe
15:59:03.0851 0x0cf4 ScrSav - ok
15:59:03.0856 0x0cf4 Waiting for KSN requests completion. In queue: 29
15:59:04.0856 0x0cf4 Waiting for KSN requests completion. In queue: 29
15:59:05.0856 0x0cf4 Waiting for KSN requests completion. In queue: 29
15:59:06.0856 0x0cf4 Waiting for KSN requests completion. In queue: 29
15:59:08.0135 0x0cf4 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.24.143 ), 0x41000 ( enabled : updated )
15:59:08.0315 0x0cf4 AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.138 ), 0x61000 ( enabled : updated )
15:59:08.0409 0x0cf4 Win FW state via NFP2: enabled ( trusted )
15:59:11.0744 0x0cf4 ============================================================
15:59:11.0744 0x0cf4 Scan finished
15:59:11.0744 0x0cf4 ============================================================
15:59:11.0757 0x1b84 Detected object count: 0
15:59:11.0757 0x1b84 Actual detected object count: 0
AdwCleaner Code:
ATTFilter # AdwCleaner v6.044 - Bericht erstellt am 24/03/2017 um 20:09:51
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-02-28.2 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : Mandragora - ACERASPIRE
# Gestartet von : C:\Users\Mandragora\Desktop\AdwCleaner_6.044.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\ProgramData\ICQ\ICQNewTab
[#] Ordner mit Neustart gelöscht: C:\ProgramData\Application Data\ICQ\ICQNewTab
[-] Ordner gelöscht: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
[-] Ordner gelöscht: C:\extensions
***** [ Dateien ] *****
[-] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[#] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[#] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[#] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SearchAnonymizer
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SearchAnonymizer
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{9C81D00A-3DAA-48AB-90C7-8252119ABB93}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{1DA17428-323D-48FF-857C-98CFEE48BFD5}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Schlüssel gelöscht: HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Mail.Ru
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Mail.Ru
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Mail.Ru
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Mail.Ru
[-] Wert gelöscht: HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[-] Wert gelöscht: HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Microsoft\Internet Explorer\SearchScopes
[-] Wert gelöscht: HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Microsoft\Internet Explorer\SearchScopes [SuggestionsURL_JSON]
[-] Wert gelöscht: HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Microsoft\Internet Explorer\SearchScopes [DisplayName]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [SuggestionsURL_JSON]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DisplayName]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [SuggestionsURL_JSON]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DisplayName]
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Wert gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Ocs_SM]
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [5053 Bytes] - [24/03/2017 20:09:51]
C:\AdwCleaner\AdwCleaner[R0].txt - [19747 Bytes] - [09/02/2015 13:08:22]
C:\AdwCleaner\AdwCleaner[R1].txt - [1105 Bytes] - [04/06/2016 14:03:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [18218 Bytes] - [09/02/2015 13:11:16]
C:\AdwCleaner\AdwCleaner[S1].txt - [1120 Bytes] - [04/06/2016 14:07:17]
C:\AdwCleaner\AdwCleaner[S2].txt - [5324 Bytes] - [24/03/2017 20:07:02]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5493 Bytes] ##########
|
|
25.03.2017, 15:43
| #4 |
| | Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by Mandragora (Limited) on 24.03.2017 at 21:26:48,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 86
Successfully deleted: C:\Users\Mandragora\AppData\Local\{0744DF4A-8076-48C9-A36B-D15DCA64D4F2} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{08C8FFAC-2477-49FB-9727-EBE827AD9E70} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{0949D0EB-3E1C-4B57-AF43-919D93C35484} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{1D5F922A-FEA7-4727-B851-6D78C9628299} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{34F0ECE6-E168-4E45-95D4-74BC62F13D86} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{3CDBFDB7-9E7E-4C57-BBCE-1A62F47A2D89} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{414248EB-B84A-4BC1-8C2A-D1898B6DF420} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{4309CB94-78D1-457C-AD0C-558E7D5A7772} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{4C9A7726-D5B1-45F9-9295-3D9BBB1594E3} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{5CE73B31-64D5-4969-83CB-EB68C1CAF3A9} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{6075D4C6-3EF3-4B3F-A257-FA3EB89D6C5E} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{73201AAE-6929-4268-A2D9-B516C3B16F4E} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{936D7BAC-E2A8-4D2A-9F28-B979A0FADB94} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{B5A86000-B532-4701-9CDE-716C981222E4} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{B97E51F1-603A-4F49-B32E-6D02E6349702} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{C185DCE7-C4FB-4A9E-AA01-46047F2A0108} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{C451A568-4F7C-408B-B5D9-D906E63C4566} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{C91ABA26-C29B-4E22-BA37-A52EF36ECDDC} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{D9860D18-F7A9-4CD8-B339-F8737453A0A3} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{EB4F1D4F-4FB8-4195-816A-0B560915E6FC} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{EEF33C8D-7F27-406B-8EF6-A6316C48315A} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{EF187AC9-21A0-4B6D-8EC1-E7444358C071} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{F6A8B2F3-0458-4A23-9A04-A75EB612D0DB} (Empty Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\06XUI283 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JITW8SS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PJMC0IB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EPMS1TY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D71WBGU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LYE1WES (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AC3DCJ0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KIE0RBK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZM9S6X1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\923P3L67 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ILHN7S5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AM39A7N8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3QB0TSZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHA3IF56 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXOZW63L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVJ02VM1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KZXBID9M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFL0BOJP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MU4XEI8Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWNHJWNA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2V1HE8I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOZ5AYW5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCYCX1O1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8XV0M1S (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9W9YB5Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNC3ETQL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VV2K5P4K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMJTNCTR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMMBW0DY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZX64U4P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\06XUI283 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JITW8SS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PJMC0IB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EPMS1TY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D71WBGU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LYE1WES (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AC3DCJ0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KIE0RBK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZM9S6X1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\923P3L67 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ILHN7S5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AM39A7N8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3QB0TSZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHA3IF56 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXOZW63L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVJ02VM1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KZXBID9M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFL0BOJP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MU4XEI8Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWNHJWNA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2V1HE8I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOZ5AYW5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCYCX1O1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8XV0M1S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9W9YB5Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNC3ETQL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VV2K5P4K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMJTNCTR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMMBW0DY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZX64U4P (Temporary Internet Files Folder)
Registry: 2
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.03.2017 at 21:31:04,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 21.03.17
Scan-Zeit: 15:19
Protokolldatei: mbam.txt
Administrator: Ja
-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.75
Version des Aktualisierungspakets: 1.0.1394
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: System
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgebrochen
Gescannte Objekte: 39822
Abgelaufene Zeit: 12 Min., 29 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Deaktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
|
|
25.03.2017, 15:44
| #5 |
| | Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail Neue FRST Logs im normalen Modus FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von Mandragora (Administrator) auf ACERASPIRE (25-03-2017 15:07:32)
Gestartet von E:\
Geladene Profile: Mandragora & UpdatusUser (Verfügbare Profile: Mandragora & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Flux Software LLC) C:\Users\Mandragora\AppData\Local\FluxSoftware\Flux\flux.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Farbar) E:\FRST64bit.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28065728 2017-03-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [BingSvc] => C:\Users\Mandragora\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [f.lux] => C:\Users\Mandragora\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\MountPoints2: {fe347389-8546-11e4-94f6-dc0ea103d22b} - E:\Startme.exe
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1004\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\S-1-5-21-910591887-2798395287-988946140-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [450048 2011-09-13] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-10]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-06-04]
ShortcutTarget: Telegram.lnk -> C:\Users\Mandragora\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 62.220.18.8 89.246.64.8
Tcpip\..\Interfaces\{2D354F33-412B-4746-916B-D93389455A7C}: [DhcpNameServer] 192.168.1.250
Tcpip\..\Interfaces\{5DAF830A-DF25-4C60-9337-70381CE34126}: [DhcpNameServer] 62.220.18.8 89.246.64.8
Internet Explorer:
==================
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-910591887-2798395287-988946140-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll => Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll => Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-01] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 [2017-03-24]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> Bing
FF Homepage: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> hxxps://www.bing.com/
FF Session Restore: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> ist aktiviert.
FF Extension: (NoScript) - C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-20]
FF Extension: (Adblock Plus) - C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-25] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-08] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default [2016-05-20]
CHR Extension: (Google Docs) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-20]
CHR Extension: (Google Drive) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-20]
CHR Extension: (YouTube) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-20]
CHR Extension: (Google Mail) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-20]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-03-11] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S2 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-12] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-25] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-25] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-25] (Malwarebytes)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-25 08:44 - 2017-03-25 08:57 - 00000000 ____D C:\Users\TEMP
2017-03-24 21:58 - 2017-03-24 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-24 21:51 - 2017-03-24 21:51 - 00000000 ____D C:\Program Files (x86)\ESET
2017-03-24 21:43 - 2017-03-24 21:50 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\AVAST Software
2017-03-24 21:39 - 2017-03-24 21:40 - 00219870 _____ C:\TDSSKiller.3.1.0.12_24.03.2017_21.39.23_log.txt
2017-03-24 21:31 - 2017-03-24 21:31 - 00013808 _____ C:\Users\Mandragora\Desktop\JRT.txt
2017-03-24 21:26 - 2017-03-24 21:22 - 01663904 _____ (Malwarebytes) C:\Users\Mandragora\Desktop\JRT.exe
2017-03-24 20:17 - 2017-03-25 09:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-24 20:17 - 2017-03-24 20:53 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-24 20:17 - 2017-03-24 20:17 - 00001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-03-24 20:17 - 2017-03-24 20:17 - 00001343 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-03-24 20:17 - 2017-03-24 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-03-24 20:17 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-03-24 20:13 - 2017-03-24 20:13 - 00005627 _____ C:\Users\Mandragora\Desktop\AdwCleaner[C0].txt
2017-03-24 19:37 - 2017-03-24 17:46 - 02870984 _____ (ESET) C:\Users\Mandragora\Desktop\esetsmartinstaller_deu.exe
2017-03-24 19:37 - 2017-03-24 17:43 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mandragora\Desktop\spybot-2.4.40.exe
2017-03-24 19:37 - 2017-03-24 17:37 - 04031440 _____ C:\Users\Mandragora\Desktop\AdwCleaner_6.044.exe
2017-03-21 23:58 - 2017-03-25 15:07 - 00000000 ____D C:\FRST
2017-03-21 16:11 - 2017-03-21 16:11 - 00109259 _____ C:\Users\Mandragora\Desktop\TDSSKiller Report.alt.txt
2017-03-21 15:55 - 2017-03-21 16:12 - 00218608 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_15.55.26_log.txt
2017-03-21 15:54 - 2017-03-21 15:54 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Mandragora\Desktop\tdsskiller.exe
2017-03-21 14:14 - 2017-03-25 15:11 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-21 14:14 - 2017-03-25 15:04 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-21 14:14 - 2017-03-25 15:04 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-21 14:14 - 2017-03-25 15:04 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-21 14:14 - 2017-03-21 14:44 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-21 14:13 - 2017-03-21 14:13 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-21 14:13 - 2017-03-21 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-21 14:13 - 2017-03-21 14:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-21 14:13 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-20 15:11 - 2017-03-20 15:11 - 00000000 ____D C:\Users\Mandragora\Documents\Uru Live
2017-03-20 15:07 - 2017-03-20 15:07 - 00001640 _____ C:\Users\Mandragora\.recently-used.xbel
2017-03-14 12:15 - 2017-03-14 18:46 - 00000000 ____D C:\Users\Mandragora\Desktop\ebayFotos
2017-03-11 00:17 - 2017-03-11 00:17 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-03-11 00:17 - 2017-03-11 00:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-11 00:17 - 2017-03-11 00:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-03-11 00:17 - 2017-03-11 00:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-25 15:10 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-25 15:10 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-25 15:05 - 2016-02-06 17:41 - 00000000 ___RD C:\Users\Mandragora\Dropbox
2017-03-25 15:04 - 2016-06-04 15:21 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Telegram Desktop
2017-03-25 15:03 - 2015-08-16 08:04 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-25 15:02 - 2016-02-06 17:35 - 00001218 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-25 15:02 - 2012-01-06 19:50 - 00000000 ____D C:\ProgramData\clear.fi
2017-03-25 15:01 - 2013-06-13 09:32 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2017-03-25 15:01 - 2013-06-02 21:42 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-03-25 15:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-25 08:56 - 2011-11-03 03:28 - 00699682 _____ C:\Windows\system32\perfh007.dat
2017-03-25 08:56 - 2011-11-03 03:28 - 00149790 _____ C:\Windows\system32\perfc007.dat
2017-03-25 08:56 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-25 08:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-25 08:54 - 2015-02-09 13:06 - 00000000 ____D C:\AdwCleaner
2017-03-25 08:49 - 2015-07-18 16:32 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-25 08:42 - 2016-02-06 17:35 - 00001222 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-24 23:36 - 2014-08-04 12:57 - 00000000 ___RD C:\Users\Mandragora\Desktop\AW
2017-03-24 21:58 - 2016-02-06 17:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-24 21:39 - 2015-02-09 11:25 - 970902040 _____ C:\Windows\ntbtlog.txt
2017-03-24 20:09 - 2016-11-18 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-24 20:09 - 2012-04-22 21:56 - 00000000 ____D C:\ProgramData\ICQ
2017-03-24 19:43 - 2012-01-08 02:19 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Adobe
2017-03-21 17:17 - 2013-05-29 14:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\vlc
2017-03-21 16:08 - 2014-08-05 10:01 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-21 16:08 - 2013-04-17 07:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-21 15:49 - 2016-11-19 09:36 - 00000000 ____D C:\Users\Mandragora\AppData\LocalLow\Mozilla
2017-03-21 14:13 - 2012-01-06 18:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-21 14:12 - 2016-10-26 11:28 - 00000000 ____D C:\Users\Mandragora\Desktop\MA
2017-03-21 14:05 - 2016-11-18 20:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-03-21 14:05 - 2012-05-08 11:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 15:10 - 2015-08-04 18:53 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uru Live
2017-03-20 15:08 - 2012-02-19 23:46 - 00000000 ____D C:\Users\Mandragora\.gimp-2.6
2017-03-20 15:07 - 2012-02-19 23:48 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\gtk-2.0
2017-03-20 15:07 - 2012-01-06 17:29 - 00000000 ____D C:\Users\Mandragora
2017-03-16 19:01 - 2016-02-29 22:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\avidemux
2017-03-16 13:14 - 2016-11-25 22:50 - 00000000 ___RD C:\Users\Mandragora\Desktop\Fragmente der Erinnerung
2017-03-15 11:02 - 2013-03-19 10:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 11:02 - 2013-03-19 10:31 - 00004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 11:02 - 2013-03-19 10:31 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-15 11:02 - 2011-08-12 08:32 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 11:02 - 2011-08-12 08:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-12 12:49 - 2014-08-18 18:35 - 00000132 _____ C:\Users\Mandragora\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2017-03-11 20:55 - 2016-01-15 21:42 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\TS3Client
2017-03-09 22:13 - 2016-02-06 17:35 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Dropbox
2017-03-07 21:44 - 2013-04-09 15:18 - 00000000 ___RD C:\Users\Mandragora\Desktop\ALEA
2017-03-06 23:07 - 2014-03-04 15:02 - 00004096 ____H C:\Users\Mandragora\AppData\Local\keyfile3.drm
2017-02-25 19:12 - 2012-01-07 16:29 - 00000000 ___RD C:\Users\Mandragora\Desktop\Studium
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2010-06-02 04:21 - 2010-06-02 04:21 - 1347354 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1078962 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1397830 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1115221 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0916430 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 4162630 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0179133 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0133103 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0087101 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0046010 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0698612 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0695865 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1607358 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1606039 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0195766 _____ () C:\Program Files (x86)\APR2007_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0151225 _____ () C:\Program Files (x86)\APR2007_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0096817 _____ () C:\Program Files (x86)\APR2007_xinput_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0053302 _____ () C:\Program Files (x86)\APR2007_xinput_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1350542 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1077644 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0182903 _____ () C:\Program Files (x86)\AUG2006_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0137235 _____ () C:\Program Files (x86)\AUG2006_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0087142 _____ () C:\Program Files (x86)\AUG2006_xinput_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0046058 _____ () C:\Program Files (x86)\AUG2006_xinput_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0852286 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0796867 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1800160 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1708152 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0198096 _____ () C:\Program Files (x86)\AUG2007_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0153012 _____ () C:\Program Files (x86)\AUG2007_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0867612 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0849167 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1794084 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1464672 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0121772 _____ () C:\Program Files (x86)\Aug2008_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0092996 _____ () C:\Program Files (x86)\Aug2008_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0271412 _____ () C:\Program Files (x86)\Aug2008_XAudio_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0271038 _____ () C:\Program Files (x86)\Aug2008_XAudio_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0919044 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0900598 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 3112111 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 3319740 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0232635 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0192131 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0136301 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0105044 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0930116 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0728456 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0122408 _____ () C:\Program Files (x86)\Aug2009_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093106 _____ () C:\Program Files (x86)\Aug2009_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0273264 _____ () C:\Program Files (x86)\Aug2009_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0272642 _____ () C:\Program Files (x86)\Aug2009_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1357976 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1079456 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0212807 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0191720 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1571154 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1574376 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0192475 _____ () C:\Program Files (x86)\DEC2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0145599 _____ () C:\Program Files (x86)\DEC2006_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0089944 _____ (Microsoft Corporation) C:\Program Files (x86)\DSETUP.dll
2010-06-02 04:22 - 2010-06-02 04:22 - 1801048 _____ () C:\Program Files (x86)\dsetup32.dll
2010-06-02 04:22 - 2010-06-02 04:22 - 0042410 _____ () C:\Program Files (x86)\dxdllreg_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0537432 _____ () C:\Program Files (x86)\DXSETUP.exe
2010-06-02 04:22 - 2010-06-02 04:22 - 0094011 _____ () C:\Program Files (x86)\dxupdate.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1247499 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1013225 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1362796 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1084720 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0178359 _____ () C:\Program Files (x86)\Feb2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0132409 _____ () C:\Program Files (x86)\Feb2006_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0194675 _____ () C:\Program Files (x86)\FEB2007_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0147983 _____ () C:\Program Files (x86)\FEB2007_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0054678 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0020713 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0122446 _____ () C:\Program Files (x86)\Feb2010_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093180 _____ () C:\Program Files (x86)\Feb2010_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0276960 _____ () C:\Program Files (x86)\Feb2010_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0277191 _____ () C:\Program Files (x86)\Feb2010_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1336002 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1064925 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0180785 _____ () C:\Program Files (x86)\JUN2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0133671 _____ () C:\Program Files (x86)\JUN2006_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0699044 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0698472 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1607774 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1607286 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0197122 _____ () C:\Program Files (x86)\JUN2007_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0152909 _____ () C:\Program Files (x86)\JUN2007_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0867828 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0849919 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1792608 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1463878 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0055154 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021905 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0121054 _____ () C:\Program Files (x86)\JUN2008_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093128 _____ () C:\Program Files (x86)\JUN2008_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0269628 _____ () C:\Program Files (x86)\JUN2008_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0269024 _____ () C:\Program Files (x86)\JUN2008_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0944460 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0931471 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0752783 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0762188 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0235955 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0197283 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0138205 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0109445 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0937246 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0768036 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0124596 _____ () C:\Program Files (x86)\Jun2010_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093686 _____ () C:\Program Files (x86)\Jun2010_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0277338 _____ () C:\Program Files (x86)\Jun2010_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0278060 _____ () C:\Program Files (x86)\Jun2010_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0844884 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0818260 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1769862 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1443282 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0055058 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021867 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0122336 _____ () C:\Program Files (x86)\Mar2008_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093734 _____ () C:\Program Files (x86)\Mar2008_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0251194 _____ () C:\Program Files (x86)\Mar2008_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0226250 _____ () C:\Program Files (x86)\Mar2008_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1067160 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1040745 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1973702 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1612446 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0054600 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021298 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0121506 _____ () C:\Program Files (x86)\Mar2009_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0092740 _____ () C:\Program Files (x86)\Mar2009_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0275044 _____ () C:\Program Files (x86)\Mar2009_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0273018 _____ () C:\Program Files (x86)\Mar2009_XAudio_x86.cab
2013-06-26 17:03 - 2014-07-18 12:57 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2010-06-02 04:22 - 2010-06-02 04:22 - 0864600 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0803884 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1802058 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1709360 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0046144 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0018496 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0196762 _____ () C:\Program Files (x86)\NOV2007_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0148264 _____ () C:\Program Files (x86)\NOV2007_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0994154 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0965421 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1906878 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1550796 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0054522 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021851 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0121794 _____ () C:\Program Files (x86)\Nov2008_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0092684 _____ () C:\Program Files (x86)\Nov2008_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0273960 _____ () C:\Program Files (x86)\Nov2008_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0272611 _____ () C:\Program Files (x86)\Nov2008_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0086037 _____ () C:\Program Files (x86)\Oct2005_xinput_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0045359 _____ () C:\Program Files (x86)\Oct2005_xinput_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1412902 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1127217 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0182361 _____ () C:\Program Files (x86)\OCT2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0138017 _____ () C:\Program Files (x86)\OCT2006_XACT_x86.cab
2014-08-18 18:35 - 2017-03-12 12:49 - 0000132 _____ () C:\Users\Mandragora\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2015-08-23 14:33 - 2015-08-23 14:33 - 0001456 _____ () C:\Users\Mandragora\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-03-04 15:02 - 2017-03-06 23:07 - 0004096 ____H () C:\Users\Mandragora\AppData\Local\keyfile3.drm
2016-03-16 11:30 - 2016-03-16 11:30 - 0007597 _____ () C:\Users\Mandragora\AppData\Local\Resmon.ResmonCfg
2011-11-02 19:03 - 2011-11-02 19:05 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Mandragora\fbchathistory.dat
C:\Users\Public\AlexaNSISPlugin.3912.dll
Einige Dateien in TEMP:
====================
2013-01-28 23:20 - 2013-01-28 23:20 - 0248008 _____ (Ask.com) C:\Users\Mandragora\AppData\Local\Temp\AskSLib.dll
2012-01-06 18:04 - 2012-01-06 18:04 - 3486088 _____ (Ask) C:\Users\Mandragora\AppData\Local\Temp\asktoolbar.exe
2005-10-18 22:47 - 2005-10-18 22:47 - 0733184 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRun.exe
2012-01-06 23:41 - 2005-10-10 22:32 - 0573440 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRunGUI.dll
2013-10-07 12:40 - 2014-08-05 10:01 - 0000000 ____D () C:\Users\Mandragora\AppData\Local\Temp\avgnt.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 0255072 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Mandragora\AppData\Local\Temp\avguidx.dll
2015-11-12 18:15 - 2015-11-12 18:15 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BingSvc.exe
2015-04-30 23:06 - 2015-11-12 18:15 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcProcessor.exe
2015-04-30 23:06 - 2015-11-12 18:15 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcUpdater.exe
2012-01-06 18:03 - 2012-01-06 18:03 - 0334848 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\BunndleOfferManager.dll
2012-10-10 19:53 - 2012-10-10 19:53 - 4720736 _____ () C:\Users\Mandragora\AppData\Local\Temp\CommonInstaller.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 0026936 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x64.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 0028984 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x86.dll
2012-04-08 10:39 - 2012-04-08 10:40 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\EADEB76.exe
2012-02-02 11:32 - 2007-06-03 21:59 - 0879688 _____ () C:\Users\Mandragora\AppData\Local\Temp\EAInstall.dll
2012-02-02 11:37 - 2005-10-18 22:47 - 0339968 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\eauninstall.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU17A7.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2BB3.exe
2001-10-11 12:01 - 2001-10-11 12:01 - 4091904 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2E80.DLL
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU41B.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU4A4.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU524.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBUEF0.exe
2012-01-18 22:44 - 2004-08-18 09:33 - 1453843 ____R (Macromedia, Inc.) C:\Users\Mandragora\AppData\Local\Temp\First15.exe
2013-03-19 10:34 - 2013-03-19 10:34 - 16486616 _____ (Adobe Systems Incorporated) C:\Users\Mandragora\AppData\Local\Temp\fp_pl_pfs_installer.exe
2012-01-06 19:04 - 2012-01-06 19:04 - 3763360 _____ (Adobe Systems, Inc.) C:\Users\Mandragora\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
2012-02-02 11:32 - 2007-06-03 21:59 - 0109640 _____ (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\GameuxInstallHelper.dll
2015-02-09 11:41 - 2005-09-18 14:52 - 0073728 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\Harry Potter and the Goblet of Fire_uninst.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 0163936 _____ () C:\Users\Mandragora\AppData\Local\Temp\MachineIdCreator.exe
2014-01-19 17:59 - 2003-10-06 19:59 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\MakeFilesHidden.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 12143200 _____ () C:\Users\Mandragora\AppData\Local\Temp\oi_{58DB1360-58CA-435F-A459-597FDDFC2474}.exe
2014-01-19 17:59 - 2003-10-06 19:58 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\OpenTxtFile.exe
2012-03-26 19:14 - 2012-03-26 19:14 - 14763880 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_413e.exe
2013-04-02 12:43 - 2013-04-02 12:43 - 14809416 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_5fe.exe
2012-03-09 15:53 - 2012-03-09 15:53 - 14739304 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_7759.exe
2014-11-08 09:33 - 2015-01-25 21:19 - 0553984 _____ () C:\Users\Mandragora\AppData\Local\Temp\Quarantine.exe
2014-08-04 12:43 - 2014-08-04 12:42 - 0111104 _____ () C:\Users\Mandragora\AppData\Local\Temp\readSTILog.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 0032568 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-win32.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 0032056 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-x64.dll
2014-01-19 17:59 - 2003-10-06 19:57 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\ShellEx.exe
2012-06-07 18:00 - 2014-08-12 20:21 - 35595360 _____ (Skype Technologies S.A.) C:\Users\Mandragora\AppData\Local\Temp\SkypeSetup.exe
2015-05-03 20:39 - 2015-05-03 20:40 - 36124056 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011080.exe
2015-11-04 18:52 - 2015-11-04 18:53 - 39228760 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011541.exe
2017-02-28 09:16 - 2017-02-28 09:18 - 42463240 _____ (Digital Wave Ltd ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34013494.exe
2016-03-25 11:19 - 2016-03-25 11:21 - 40830448 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34015287.exe
2016-08-09 10:11 - 2016-08-09 10:11 - 42463240 _____ (Digital Wave Ltd ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34018299.exe
2016-06-30 17:47 - 2016-06-30 17:48 - 41478784 _____ (Digital Wave Ltd ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34019719.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 8212064 _____ () C:\Users\Mandragora\AppData\Local\Temp\ToolbarInstaller.exe
2009-03-28 22:08 - 2009-03-28 22:08 - 0195056 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\UninstallEADM.dll
2012-01-18 22:44 - 2004-08-18 09:34 - 0023040 ____R () C:\Users\Mandragora\AppData\Local\Temp\VP6Install.exe
2012-01-18 22:44 - 2004-08-18 09:34 - 0442368 ____R (On2.com) C:\Users\Mandragora\AppData\Local\Temp\VP6VFW.dll
2012-01-06 18:04 - 2012-01-06 18:05 - 13657088 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-17 12:24
==================== Ende von FRST.txt ============================
Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von Mandragora (25-03-2017 15:14:22)
Gestartet von E:\
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-06 16:29:27)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-910591887-2798395287-988946140-500 - Administrator - Disabled)
Gast (S-1-5-21-910591887-2798395287-988946140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-910591887-2798395287-988946140-1003 - Limited - Enabled)
Mandragora (S-1-5-21-910591887-2798395287-988946140-1001 - Administrator - Enabled) => C:\Users\Mandragora
UpdatusUser (S-1-5-21-910591887-2798395287-988946140-1004 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version: - Spicy Horse Games)
Antichamber (HKLM\...\Steam App 219890) (Version: - Alexander Bruce)
Antichamber (HKLM\...\UDK-03d800e5-0cb9-4097-934c-b65f9cb978bc) (Version: - Epic Games, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Blender (HKLM\...\{3ABDE236-0A3F-4D0D-BECB-DB67EE21C593}) (Version: 2.77.0 - Blender Foundation)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Discord (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 22.4.24 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper 2) (Version: - )
Electronic Arts Product Registration (HKLM-x32\...\InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}) (Version: 1.01.0000 - Electronic Arts)
Electronic Arts Product Registration (x32 Version: 1.01.0000 - Electronic Arts) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
EXMARaLDA 1.9 (HKLM-x32\...\EXMARaLDA_is1) (Version: - Thomas Schmidt, Kai Woerner, Timm Lehmberg, Hanna Hedeland)
f.lux (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Flux) (Version: - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 52.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 de)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
Myst Online: Uru Live (remove only) (HKLM-x32\...\MOUL) (Version: - )
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
realMyst (HKLM-x32\...\Steam App 63600) (Version: - Cyan Worlds)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Rememoried (HKLM\...\Steam App 368450) (Version: - Vladimir Kudelka)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Sony PC Companion (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Telegram Desktop version 1.0.14 (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP)
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
UDPixel.exe (HKLM-x32\...\UDPixel) (Version: - )
Uru - Ages Beyond Myst (HKLM-x32\...\Uru - Ages Beyond Myst) (Version: 1.0.0.0 - ubi.com)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1074EB25-B430-4337-BA99-EEC5ED58CBB7} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {2D04712F-98CD-45EC-A93C-81AF858F27D8} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
Task: {2D840F2C-F801-4B70-B60B-2B3C0FC281EE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {38AB495B-06AD-4576-8F08-654CE683FB3B} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {41B2EC03-DD3F-40AE-B427-53CEF1552856} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {44A38F1C-2804-49F0-9E90-23FC769A4071} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {506E0C36-3A40-4735-8DD9-7330B66DDA22} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {6A3DD29B-BD60-4503-A9F0-18B4D91C6762} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: {6B062F60-CC7C-4344-85C3-F16FCC7A2A61} - System32\Tasks\AdobeAAMUpdater-1.0-acerAspire-Mandragora => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {814DE142-C4AB-4762-8098-81B792BBC521} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {93F5ED5B-41F9-4C81-9D19-7811DFACCE78} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {CF89131E-D69D-4419-A8BE-F322CF3AA529} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {EDC0473E-1B12-4AE5-975B-09C5E538A8C3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {F3A3CC50-29C6-4F72-8778-6C8980DF0411} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Meine Websites auf MSN\target.lnk -> hxxp://www.msnusers.co
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-08-15 17:59 - 2013-06-21 11:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-01-22 00:45 - 2009-01-22 00:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2012-01-18 23:27 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2011-08-12 08:37 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-03-21 14:13 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-21 14:13 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-12-25 11:15 - 2015-06-10 10:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2012-01-05 14:22 - 2012-01-05 14:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2017-03-24 20:17 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-03-24 20:17 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-25 11:15 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-12-25 11:15 - 2015-10-20 17:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2017-03-24 21:57 - 2017-03-21 19:06 - 00842560 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-03-24 21:58 - 2017-02-28 21:49 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-03-24 21:58 - 2017-02-28 21:49 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-03-24 21:58 - 2017-02-28 21:49 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-03-24 21:58 - 2017-02-28 21:50 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-03-24 21:58 - 2017-02-28 21:49 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-03-24 21:57 - 2017-02-28 21:49 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-03-24 21:57 - 2017-02-28 21:50 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-03-24 21:57 - 2017-02-28 21:49 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-03-24 21:58 - 2017-02-28 21:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-03-24 21:57 - 2017-02-28 21:49 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-03-24 21:57 - 2017-02-28 21:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-03-24 21:58 - 2017-02-28 21:51 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-03-24 21:58 - 2017-02-28 21:50 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-03-24 21:57 - 2017-02-28 21:47 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-03-24 21:57 - 2017-03-21 19:09 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-03-24 21:58 - 2017-03-21 19:10 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-03-24 21:57 - 2017-02-28 21:56 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-03-24 21:57 - 2017-02-28 21:56 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-03-24 21:57 - 2017-03-21 19:10 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-03-24 20:17 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-25 11:07 - 2014-10-25 11:07 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-08-12 07:58 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Mandragora\Desktop\MA:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1525.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1723.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL2518.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL3615.tmp:com.dropbox.attributes [168]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.220.18.8 - 89.246.64.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{8D117281-4ECC-4D19-9A59-9498F7049ABB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C0DE20F1-3440-46BD-9197-A8685EB04C4B}] => (Allow) LPort=2869
FirewallRules: [{14C5742C-BF4C-4731-812B-14F870F6F9A2}] => (Allow) LPort=1900
FirewallRules: [{D8793EF8-B554-4D44-8902-432762F4DFA1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4080E16E-1E76-4968-B921-5DF209A535C7}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E80B59D9-F81C-4F5F-8292-2C812AC1E6F1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9285B7C0-4A2C-4D66-B888-7007B8F102A4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9F1855DD-5903-48DF-BE88-6208B718D06C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{A0EB8BE4-5FA2-4789-B8CB-383F57867C70}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{D4315AE7-D9C3-4EEE-AB80-92E6DFDDDCA2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{1BA4D3BD-94CE-4217-903C-31389FABCAE4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{90EA422D-F8D3-45AF-9245-892B2C136ED2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{BE9A9460-6078-437A-A167-90F2C5E501BC}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{D976413F-D66E-417A-BB73-4CC8CEB44FF8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{C6452A2D-E8E1-4C9E-80D9-7AC71E440F7F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [TCP Query User{2CC2C2BA-03D8-4D03-99FC-FB0BDF2F23C6}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [UDP Query User{8FCC3D8A-EE00-451F-AF68-EAFCF22F6825}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [TCP Query User{27B2111E-D0DF-4697-8FD6-B51EAC1A1C67}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{F2849A07-BE71-47A6-8473-77BF115418C4}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{4535CEA3-CC0E-4AC7-815A-C086DB030FD5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5AA8A058-2530-4203-AC67-7A983D159AA4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F938FAA4-2AF2-489A-ABE2-1CB0C89F0884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0640F3D-0672-4696-8C7D-DAC1642D5189}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A933A339-8EF5-4CE4-AB80-B7120D8AD34D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{96EF1256-DD44-456A-BEB3-4FCA497F5F4D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5F34E618-2483-4E2D-9B56-753A6B271719}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{641A77A7-ECBE-424F-AB5F-1156DA6330FD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{402BA76D-02C5-458E-BB2E-C60036F5D793}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1F7841DF-8A25-40E3-9544-3107E0620873}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EFF70E2A-C1E2-4D17-9B12-860F82A572CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{F3E2C821-CD8E-4A6B-AEBD-EC97AEDEEDBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{04E0FF11-3A03-4908-98D7-8AAD30B2F09E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{D92D7B03-6763-4DAB-AE0E-68EC21C36650}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{7EDD9AA7-2FDD-4C1B-8F90-B505CF9A2877}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86A9C794-2D65-4423-B45C-7C01B99D4606}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{798A6D6F-CBCC-47EF-8ED6-075942B1E1EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{38E294B4-31CC-4F35-8B5A-7EEF3EEB3D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{91AA941D-965F-4FDB-A9D1-BCE8FA795C9C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{901FE775-BE28-4B27-84E6-1870E7C69FF6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{01431CD5-4F5B-484F-8F1F-99D9228C496E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{3C658FEC-5396-454A-92FF-0E2A08A29295}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{466A95DE-0CA3-4A02-9014-F26D2E11A26E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{B2221D6B-A8BD-4BB1-8422-005277358460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{D6220000-49CE-4ED3-AFDF-4A0CE797458D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
02-03-2017 11:53:33 Windows Update
10-03-2017 12:51:12 Windows Update
17-03-2017 12:20:57 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/25/2017 03:05:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/25/2017 03:02:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 03:02:08 PM) (Source: SDUpdSvc.exe) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/25/2017 09:02:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 08:59:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 08:57:33 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT-AUTORITÄT)
Description: Das Profilverzeichnis kann nicht gelöscht werden C:\Users\TEMP. Dies liegt u. U. daran, dass Dateien in diesem Verzeichnis von einem anderen Programm verwendet werden.
DETAIL - Das Verzeichnis ist nicht leer.
Error: (03/25/2017 08:53:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\TEMP\Desktop\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/25/2017 08:53:02 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/25/2017 08:44:54 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: acerAspire)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.
Error: (03/25/2017 08:44:54 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: acerAspire)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.
Systemfehler:
=============
Error: (03/25/2017 03:03:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (03/25/2017 03:03:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (03/25/2017 03:02:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (03/25/2017 03:02:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (03/25/2017 03:01:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/25/2017 03:01:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/25/2017 09:03:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet:
Die Daten sind unzulässig.
Error: (03/25/2017 09:03:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Sicherheitscenter" wurde mit folgendem Fehler beendet:
Der Authentifizierungsdienst ist unbekannt.
Error: (03/25/2017 09:02:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (03/25/2017 09:02:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 62%
Installierter physikalischer RAM: 3947.86 MB
Verfügbarer physikalischer RAM: 1497.68 MB
Summe virtueller Speicher: 7893.93 MB
Verfügbarer virtueller Speicher: 5211.55 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:115 GB) NTFS
Drive e: (SCARAB) (Removable) (Total:3.91 GB) (Free:3.45 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1BCD5BD1)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.9 GB) (Disk ID: CD152345)
Partition 1: (Active) - (Size=3.9 GB) - (Type=0B)
==================== Ende von Addition.txt ============================
|
|
25.03.2017, 16:19
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail Spybot deinstallieren, das Zeug ist komplett fürn Arsch. Bitte auch Avira deinstallieren. Das Teil empfehlen wir schon seit Jahren aus mehreren Gründen nicht mehr. Ein Grund ist ne rel. hohe Fehlalarmquote, der zweite Hauptgrund ist, dass die immer noch mit ASK zusammenarbeiten (Avira Suchfunktion geht über ASK). Auch andere Freewareanbieter wie AVG, Avast oder Panda sprangen auf diesen Zug auf; so was ist bei Sicherheitssoftware einfach inakzeptabel. Vgl. Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog Gib Bescheid wenn Avira weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________ --> Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail |
|
25.03.2017, 16:58
| #7 |
| | Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail So, müsste beides weg sein.  Hier die neuen Logs: FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von Mandragora (Administrator) auf ACERASPIRE (25-03-2017 16:46:50)
Gestartet von C:\Users\Mandragora\Desktop
Geladene Profile: Mandragora & UpdatusUser (Verfügbare Profile: Mandragora & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Flux Software LLC) C:\Users\Mandragora\AppData\Local\FluxSoftware\Flux\flux.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Telegram Messenger LLP) C:\Users\Mandragora\AppData\Roaming\Telegram Desktop\Telegram.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Farbar) C:\Users\Mandragora\Desktop\FRST64bit.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28065728 2017-03-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [BingSvc] => C:\Users\Mandragora\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [f.lux] => C:\Users\Mandragora\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\MountPoints2: {fe347389-8546-11e4-94f6-dc0ea103d22b} - E:\Startme.exe
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1004\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\S-1-5-21-910591887-2798395287-988946140-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [450048 2011-09-13] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-10]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-06-04]
ShortcutTarget: Telegram.lnk -> C:\Users\Mandragora\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
ProxyServer: [S-1-5-21-910591887-2798395287-988946140-1001] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 62.220.18.8 89.246.64.8
Tcpip\..\Interfaces\{2D354F33-412B-4746-916B-D93389455A7C}: [DhcpNameServer] 192.168.1.250
Tcpip\..\Interfaces\{5DAF830A-DF25-4C60-9337-70381CE34126}: [DhcpNameServer] 62.220.18.8 89.246.64.8
Internet Explorer:
==================
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-910591887-2798395287-988946140-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll => Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll => Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-01] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 [2017-03-25]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> Bing
FF Homepage: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> hxxps://www.bing.com/
FF Session Restore: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> ist aktiviert.
FF Extension: (NoScript) - C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-20]
FF Extension: (Adblock Plus) - C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-25] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-08] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default [2016-05-20]
CHR Extension: (Google Docs) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-20]
CHR Extension: (Google Drive) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-20]
CHR Extension: (YouTube) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-20]
CHR Extension: (Google Mail) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-20]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-03-11] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S2 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-25] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-25] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-25] (Malwarebytes)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-25 16:46 - 2017-03-25 16:50 - 00023062 _____ C:\Users\Mandragora\Desktop\FRST.txt
2017-03-25 16:45 - 2017-03-21 14:31 - 02424832 _____ (Farbar) C:\Users\Mandragora\Desktop\FRST64bit.exe
2017-03-25 16:25 - 2017-03-25 16:26 - 00000085 _____ C:\Windows\wininit.ini
2017-03-25 16:25 - 2017-03-25 16:25 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-03-25 08:44 - 2017-03-25 08:57 - 00000000 ____D C:\Users\TEMP
2017-03-24 21:58 - 2017-03-24 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-24 21:51 - 2017-03-24 21:51 - 00000000 ____D C:\Program Files (x86)\ESET
2017-03-24 21:43 - 2017-03-24 21:50 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\AVAST Software
2017-03-24 21:39 - 2017-03-24 21:40 - 00219870 _____ C:\TDSSKiller.3.1.0.12_24.03.2017_21.39.23_log.txt
2017-03-24 21:26 - 2017-03-24 21:22 - 01663904 _____ (Malwarebytes) C:\Users\Mandragora\Desktop\JRT.exe
2017-03-24 20:17 - 2017-03-25 16:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-24 20:17 - 2017-03-25 16:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-24 19:37 - 2017-03-24 17:46 - 02870984 _____ (ESET) C:\Users\Mandragora\Desktop\esetsmartinstaller_deu.exe
2017-03-24 19:37 - 2017-03-24 17:37 - 04031440 _____ C:\Users\Mandragora\Desktop\AdwCleaner_6.044.exe
2017-03-21 23:58 - 2017-03-25 16:46 - 00000000 ____D C:\FRST
2017-03-21 15:55 - 2017-03-21 16:12 - 00218608 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_15.55.26_log.txt
2017-03-21 15:54 - 2017-03-21 15:54 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Mandragora\Desktop\tdsskiller.exe
2017-03-21 14:14 - 2017-03-25 16:41 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-21 14:14 - 2017-03-25 16:41 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-21 14:14 - 2017-03-25 16:41 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-21 14:14 - 2017-03-25 16:41 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-21 14:14 - 2017-03-21 14:44 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-21 14:13 - 2017-03-21 14:13 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-21 14:13 - 2017-03-21 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-21 14:13 - 2017-03-21 14:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-21 14:13 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-20 15:11 - 2017-03-20 15:11 - 00000000 ____D C:\Users\Mandragora\Documents\Uru Live
2017-03-20 15:07 - 2017-03-20 15:07 - 00001640 _____ C:\Users\Mandragora\.recently-used.xbel
2017-03-14 12:15 - 2017-03-14 18:46 - 00000000 ____D C:\Users\Mandragora\Desktop\ebayFotos
2017-03-11 00:17 - 2017-03-11 00:17 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-03-11 00:17 - 2017-03-11 00:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-11 00:17 - 2017-03-11 00:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-03-11 00:17 - 2017-03-11 00:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-25 16:46 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-25 16:46 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-25 16:43 - 2016-11-19 09:36 - 00000000 ____D C:\Users\Mandragora\AppData\LocalLow\Mozilla
2017-03-25 16:42 - 2016-02-06 17:41 - 00000000 ___RD C:\Users\Mandragora\Dropbox
2017-03-25 16:42 - 2016-02-06 17:35 - 00001222 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-25 16:42 - 2013-04-17 07:42 - 00000000 ____D C:\ProgramData\Avira
2017-03-25 16:41 - 2012-01-06 19:50 - 00000000 ____D C:\ProgramData\clear.fi
2017-03-25 16:40 - 2016-06-04 15:21 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Telegram Desktop
2017-03-25 16:40 - 2015-08-16 08:04 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-25 16:39 - 2016-02-06 17:35 - 00001218 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-25 16:39 - 2013-06-13 09:32 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2017-03-25 16:39 - 2013-06-02 21:42 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-03-25 16:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-25 16:38 - 2013-04-17 07:47 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Avira
2017-03-25 16:31 - 2016-10-26 11:28 - 00000000 ____D C:\Users\Mandragora\Desktop\MA
2017-03-25 16:30 - 2012-01-07 16:29 - 00000000 ___RD C:\Users\Mandragora\Desktop\Studium
2017-03-25 08:56 - 2011-11-03 03:28 - 00699682 _____ C:\Windows\system32\perfh007.dat
2017-03-25 08:56 - 2011-11-03 03:28 - 00149790 _____ C:\Windows\system32\perfc007.dat
2017-03-25 08:56 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-25 08:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-25 08:54 - 2015-02-09 13:06 - 00000000 ____D C:\AdwCleaner
2017-03-25 08:49 - 2015-07-18 16:32 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-24 23:36 - 2014-08-04 12:57 - 00000000 ___RD C:\Users\Mandragora\Desktop\AW
2017-03-24 21:58 - 2016-02-06 17:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-24 21:39 - 2015-02-09 11:25 - 970902040 _____ C:\Windows\ntbtlog.txt
2017-03-24 20:09 - 2016-11-18 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-24 20:09 - 2012-04-22 21:56 - 00000000 ____D C:\ProgramData\ICQ
2017-03-24 19:43 - 2012-01-08 02:19 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Adobe
2017-03-21 17:17 - 2013-05-29 14:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\vlc
2017-03-21 14:13 - 2012-01-06 18:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-21 14:05 - 2016-11-18 20:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-03-21 14:05 - 2012-05-08 11:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 15:10 - 2015-08-04 18:53 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uru Live
2017-03-20 15:08 - 2012-02-19 23:46 - 00000000 ____D C:\Users\Mandragora\.gimp-2.6
2017-03-20 15:07 - 2012-02-19 23:48 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\gtk-2.0
2017-03-20 15:07 - 2012-01-06 17:29 - 00000000 ____D C:\Users\Mandragora
2017-03-16 19:01 - 2016-02-29 22:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\avidemux
2017-03-16 13:14 - 2016-11-25 22:50 - 00000000 ___RD C:\Users\Mandragora\Desktop\Fragmente der Erinnerung
2017-03-15 11:02 - 2013-03-19 10:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 11:02 - 2013-03-19 10:31 - 00004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 11:02 - 2013-03-19 10:31 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-15 11:02 - 2011-08-12 08:32 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 11:02 - 2011-08-12 08:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-12 12:49 - 2014-08-18 18:35 - 00000132 _____ C:\Users\Mandragora\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2017-03-11 20:55 - 2016-01-15 21:42 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\TS3Client
2017-03-09 22:13 - 2016-02-06 17:35 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Dropbox
2017-03-07 21:44 - 2013-04-09 15:18 - 00000000 ___RD C:\Users\Mandragora\Desktop\ALEA
2017-03-06 23:07 - 2014-03-04 15:02 - 00004096 ____H C:\Users\Mandragora\AppData\Local\keyfile3.drm
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2010-06-02 04:21 - 2010-06-02 04:21 - 1347354 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1078962 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1397830 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1115221 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0916430 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 4162630 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0179133 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0133103 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0087101 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0046010 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0698612 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0695865 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1607358 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1606039 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0195766 _____ () C:\Program Files (x86)\APR2007_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0151225 _____ () C:\Program Files (x86)\APR2007_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0096817 _____ () C:\Program Files (x86)\APR2007_xinput_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0053302 _____ () C:\Program Files (x86)\APR2007_xinput_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1350542 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1077644 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0182903 _____ () C:\Program Files (x86)\AUG2006_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0137235 _____ () C:\Program Files (x86)\AUG2006_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0087142 _____ () C:\Program Files (x86)\AUG2006_xinput_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0046058 _____ () C:\Program Files (x86)\AUG2006_xinput_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0852286 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0796867 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1800160 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1708152 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0198096 _____ () C:\Program Files (x86)\AUG2007_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0153012 _____ () C:\Program Files (x86)\AUG2007_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0867612 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0849167 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1794084 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1464672 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0121772 _____ () C:\Program Files (x86)\Aug2008_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0092996 _____ () C:\Program Files (x86)\Aug2008_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0271412 _____ () C:\Program Files (x86)\Aug2008_XAudio_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0271038 _____ () C:\Program Files (x86)\Aug2008_XAudio_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0919044 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0900598 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 3112111 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 3319740 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0232635 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0192131 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0136301 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0105044 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0930116 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0728456 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0122408 _____ () C:\Program Files (x86)\Aug2009_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093106 _____ () C:\Program Files (x86)\Aug2009_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0273264 _____ () C:\Program Files (x86)\Aug2009_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0272642 _____ () C:\Program Files (x86)\Aug2009_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1357976 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1079456 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0212807 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0191720 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1571154 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1574376 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0192475 _____ () C:\Program Files (x86)\DEC2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0145599 _____ () C:\Program Files (x86)\DEC2006_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0089944 _____ (Microsoft Corporation) C:\Program Files (x86)\DSETUP.dll
2010-06-02 04:22 - 2010-06-02 04:22 - 1801048 _____ () C:\Program Files (x86)\dsetup32.dll
2010-06-02 04:22 - 2010-06-02 04:22 - 0042410 _____ () C:\Program Files (x86)\dxdllreg_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0537432 _____ () C:\Program Files (x86)\DXSETUP.exe
2010-06-02 04:22 - 2010-06-02 04:22 - 0094011 _____ () C:\Program Files (x86)\dxupdate.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1247499 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1013225 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1362796 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1084720 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0178359 _____ () C:\Program Files (x86)\Feb2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0132409 _____ () C:\Program Files (x86)\Feb2006_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0194675 _____ () C:\Program Files (x86)\FEB2007_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0147983 _____ () C:\Program Files (x86)\FEB2007_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0054678 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0020713 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0122446 _____ () C:\Program Files (x86)\Feb2010_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093180 _____ () C:\Program Files (x86)\Feb2010_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0276960 _____ () C:\Program Files (x86)\Feb2010_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0277191 _____ () C:\Program Files (x86)\Feb2010_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1336002 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1064925 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0180785 _____ () C:\Program Files (x86)\JUN2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0133671 _____ () C:\Program Files (x86)\JUN2006_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0699044 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0698472 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1607774 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1607286 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0197122 _____ () C:\Program Files (x86)\JUN2007_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0152909 _____ () C:\Program Files (x86)\JUN2007_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0867828 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0849919 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1792608 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1463878 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0055154 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021905 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0121054 _____ () C:\Program Files (x86)\JUN2008_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093128 _____ () C:\Program Files (x86)\JUN2008_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0269628 _____ () C:\Program Files (x86)\JUN2008_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0269024 _____ () C:\Program Files (x86)\JUN2008_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0944460 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0931471 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0752783 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0762188 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0235955 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0197283 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0138205 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0109445 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0937246 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0768036 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0124596 _____ () C:\Program Files (x86)\Jun2010_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093686 _____ () C:\Program Files (x86)\Jun2010_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0277338 _____ () C:\Program Files (x86)\Jun2010_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0278060 _____ () C:\Program Files (x86)\Jun2010_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0844884 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0818260 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1769862 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1443282 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0055058 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021867 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0122336 _____ () C:\Program Files (x86)\Mar2008_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093734 _____ () C:\Program Files (x86)\Mar2008_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0251194 _____ () C:\Program Files (x86)\Mar2008_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0226250 _____ () C:\Program Files (x86)\Mar2008_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1067160 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1040745 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1973702 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1612446 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0054600 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021298 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0121506 _____ () C:\Program Files (x86)\Mar2009_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0092740 _____ () C:\Program Files (x86)\Mar2009_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0275044 _____ () C:\Program Files (x86)\Mar2009_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0273018 _____ () C:\Program Files (x86)\Mar2009_XAudio_x86.cab
2013-06-26 17:03 - 2014-07-18 12:57 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2010-06-02 04:22 - 2010-06-02 04:22 - 0864600 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0803884 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1802058 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1709360 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0046144 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0018496 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0196762 _____ () C:\Program Files (x86)\NOV2007_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0148264 _____ () C:\Program Files (x86)\NOV2007_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0994154 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0965421 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1906878 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1550796 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0054522 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021851 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0121794 _____ () C:\Program Files (x86)\Nov2008_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0092684 _____ () C:\Program Files (x86)\Nov2008_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0273960 _____ () C:\Program Files (x86)\Nov2008_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0272611 _____ () C:\Program Files (x86)\Nov2008_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0086037 _____ () C:\Program Files (x86)\Oct2005_xinput_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0045359 _____ () C:\Program Files (x86)\Oct2005_xinput_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1412902 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1127217 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0182361 _____ () C:\Program Files (x86)\OCT2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0138017 _____ () C:\Program Files (x86)\OCT2006_XACT_x86.cab
2014-08-18 18:35 - 2017-03-12 12:49 - 0000132 _____ () C:\Users\Mandragora\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2015-08-23 14:33 - 2015-08-23 14:33 - 0001456 _____ () C:\Users\Mandragora\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-03-04 15:02 - 2017-03-06 23:07 - 0004096 ____H () C:\Users\Mandragora\AppData\Local\keyfile3.drm
2016-03-16 11:30 - 2016-03-16 11:30 - 0007597 _____ () C:\Users\Mandragora\AppData\Local\Resmon.ResmonCfg
2011-11-02 19:03 - 2011-11-02 19:05 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Mandragora\fbchathistory.dat
C:\Users\Public\AlexaNSISPlugin.3912.dll
Einige Dateien in TEMP:
====================
2013-01-28 23:20 - 2013-01-28 23:20 - 0248008 _____ (Ask.com) C:\Users\Mandragora\AppData\Local\Temp\AskSLib.dll
2012-01-06 18:04 - 2012-01-06 18:04 - 3486088 _____ (Ask) C:\Users\Mandragora\AppData\Local\Temp\asktoolbar.exe
2005-10-18 22:47 - 2005-10-18 22:47 - 0733184 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRun.exe
2012-01-06 23:41 - 2005-10-10 22:32 - 0573440 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRunGUI.dll
2013-10-07 12:40 - 2014-08-05 10:01 - 0000000 ____D () C:\Users\Mandragora\AppData\Local\Temp\avgnt.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 0255072 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Mandragora\AppData\Local\Temp\avguidx.dll
2015-11-12 18:15 - 2015-11-12 18:15 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BingSvc.exe
2015-04-30 23:06 - 2015-11-12 18:15 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcProcessor.exe
2015-04-30 23:06 - 2015-11-12 18:15 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcUpdater.exe
2012-01-06 18:03 - 2012-01-06 18:03 - 0334848 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\BunndleOfferManager.dll
2012-10-10 19:53 - 2012-10-10 19:53 - 4720736 _____ () C:\Users\Mandragora\AppData\Local\Temp\CommonInstaller.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 0026936 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x64.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 0028984 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x86.dll
2012-04-08 10:39 - 2012-04-08 10:40 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\EADEB76.exe
2012-02-02 11:32 - 2007-06-03 21:59 - 0879688 _____ () C:\Users\Mandragora\AppData\Local\Temp\EAInstall.dll
2012-02-02 11:37 - 2005-10-18 22:47 - 0339968 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\eauninstall.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU17A7.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2BB3.exe
2001-10-11 12:01 - 2001-10-11 12:01 - 4091904 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2E80.DLL
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU41B.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU4A4.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU524.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBUEF0.exe
2012-01-18 22:44 - 2004-08-18 09:33 - 1453843 ____R (Macromedia, Inc.) C:\Users\Mandragora\AppData\Local\Temp\First15.exe
2013-03-19 10:34 - 2013-03-19 10:34 - 16486616 _____ (Adobe Systems Incorporated) C:\Users\Mandragora\AppData\Local\Temp\fp_pl_pfs_installer.exe
2012-01-06 19:04 - 2012-01-06 19:04 - 3763360 _____ (Adobe Systems, Inc.) C:\Users\Mandragora\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
2012-02-02 11:32 - 2007-06-03 21:59 - 0109640 _____ (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\GameuxInstallHelper.dll
2015-02-09 11:41 - 2005-09-18 14:52 - 0073728 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\Harry Potter and the Goblet of Fire_uninst.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 0163936 _____ () C:\Users\Mandragora\AppData\Local\Temp\MachineIdCreator.exe
2014-01-19 17:59 - 2003-10-06 19:59 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\MakeFilesHidden.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 12143200 _____ () C:\Users\Mandragora\AppData\Local\Temp\oi_{58DB1360-58CA-435F-A459-597FDDFC2474}.exe
2014-01-19 17:59 - 2003-10-06 19:58 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\OpenTxtFile.exe
2012-03-26 19:14 - 2012-03-26 19:14 - 14763880 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_413e.exe
2013-04-02 12:43 - 2013-04-02 12:43 - 14809416 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_5fe.exe
2012-03-09 15:53 - 2012-03-09 15:53 - 14739304 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_7759.exe
2014-11-08 09:33 - 2015-01-25 21:19 - 0553984 _____ () C:\Users\Mandragora\AppData\Local\Temp\Quarantine.exe
2014-08-04 12:43 - 2014-08-04 12:42 - 0111104 _____ () C:\Users\Mandragora\AppData\Local\Temp\readSTILog.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 0032568 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-win32.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 0032056 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-x64.dll
2014-01-19 17:59 - 2003-10-06 19:57 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\ShellEx.exe
2012-06-07 18:00 - 2014-08-12 20:21 - 35595360 _____ (Skype Technologies S.A.) C:\Users\Mandragora\AppData\Local\Temp\SkypeSetup.exe
2015-05-03 20:39 - 2015-05-03 20:40 - 36124056 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011080.exe
2015-11-04 18:52 - 2015-11-04 18:53 - 39228760 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011541.exe
2017-02-28 09:16 - 2017-02-28 09:18 - 42463240 _____ (Digital Wave Ltd ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34013494.exe
2016-03-25 11:19 - 2016-03-25 11:21 - 40830448 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34015287.exe
2016-08-09 10:11 - 2016-08-09 10:11 - 42463240 _____ (Digital Wave Ltd ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34018299.exe
2016-06-30 17:47 - 2016-06-30 17:48 - 41478784 _____ (Digital Wave Ltd ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34019719.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 8212064 _____ () C:\Users\Mandragora\AppData\Local\Temp\ToolbarInstaller.exe
2009-03-28 22:08 - 2009-03-28 22:08 - 0195056 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\UninstallEADM.dll
2012-01-18 22:44 - 2004-08-18 09:34 - 0023040 ____R () C:\Users\Mandragora\AppData\Local\Temp\VP6Install.exe
2012-01-18 22:44 - 2004-08-18 09:34 - 0442368 ____R (On2.com) C:\Users\Mandragora\AppData\Local\Temp\VP6VFW.dll
2012-01-06 18:04 - 2012-01-06 18:05 - 13657088 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-17 12:24
==================== Ende von FRST.txt ============================
Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von Mandragora (25-03-2017 16:51:26)
Gestartet von C:\Users\Mandragora\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-06 16:29:27)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-910591887-2798395287-988946140-500 - Administrator - Disabled)
Gast (S-1-5-21-910591887-2798395287-988946140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-910591887-2798395287-988946140-1003 - Limited - Enabled)
Mandragora (S-1-5-21-910591887-2798395287-988946140-1001 - Administrator - Enabled) => C:\Users\Mandragora
UpdatusUser (S-1-5-21-910591887-2798395287-988946140-1004 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version: - Spicy Horse Games)
Antichamber (HKLM\...\Steam App 219890) (Version: - Alexander Bruce)
Antichamber (HKLM\...\UDK-03d800e5-0cb9-4097-934c-b65f9cb978bc) (Version: - Epic Games, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Blender (HKLM\...\{3ABDE236-0A3F-4D0D-BECB-DB67EE21C593}) (Version: 2.77.0 - Blender Foundation)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Discord (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 22.4.24 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper 2) (Version: - )
Electronic Arts Product Registration (HKLM-x32\...\InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}) (Version: 1.01.0000 - Electronic Arts)
Electronic Arts Product Registration (x32 Version: 1.01.0000 - Electronic Arts) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
EXMARaLDA 1.9 (HKLM-x32\...\EXMARaLDA_is1) (Version: - Thomas Schmidt, Kai Woerner, Timm Lehmberg, Hanna Hedeland)
f.lux (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Flux) (Version: - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 52.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 de)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
Myst Online: Uru Live (remove only) (HKLM-x32\...\MOUL) (Version: - )
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
realMyst (HKLM-x32\...\Steam App 63600) (Version: - Cyan Worlds)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Rememoried (HKLM\...\Steam App 368450) (Version: - Vladimir Kudelka)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Sony PC Companion (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Telegram Desktop version 1.0.14 (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP)
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
UDPixel.exe (HKLM-x32\...\UDPixel) (Version: - )
Uru - Ages Beyond Myst (HKLM-x32\...\Uru - Ages Beyond Myst) (Version: 1.0.0.0 - ubi.com)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1074EB25-B430-4337-BA99-EEC5ED58CBB7} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {2D04712F-98CD-45EC-A93C-81AF858F27D8} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
Task: {2D840F2C-F801-4B70-B60B-2B3C0FC281EE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {38AB495B-06AD-4576-8F08-654CE683FB3B} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {41B2EC03-DD3F-40AE-B427-53CEF1552856} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {44A38F1C-2804-49F0-9E90-23FC769A4071} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {506E0C36-3A40-4735-8DD9-7330B66DDA22} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {6A3DD29B-BD60-4503-A9F0-18B4D91C6762} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: {6B062F60-CC7C-4344-85C3-F16FCC7A2A61} - System32\Tasks\AdobeAAMUpdater-1.0-acerAspire-Mandragora => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {814DE142-C4AB-4762-8098-81B792BBC521} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {93F5ED5B-41F9-4C81-9D19-7811DFACCE78} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {CF89131E-D69D-4419-A8BE-F322CF3AA529} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {EDC0473E-1B12-4AE5-975B-09C5E538A8C3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {F3A3CC50-29C6-4F72-8778-6C8980DF0411} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Meine Websites auf MSN\target.lnk -> hxxp://www.msnusers.co
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-08-15 17:59 - 2013-06-21 11:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-18 23:27 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2011-08-12 08:37 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-03-21 14:13 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-21 14:13 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-12-25 11:15 - 2015-06-10 10:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2012-01-05 14:22 - 2012-01-05 14:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-12-25 11:15 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-12-25 11:15 - 2015-10-20 17:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2017-03-24 21:57 - 2017-03-21 19:06 - 00842560 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-03-24 21:58 - 2017-02-28 21:49 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-03-24 21:58 - 2017-02-28 21:49 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-03-24 21:58 - 2017-02-28 21:49 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-03-24 21:58 - 2017-02-28 21:50 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-03-24 21:58 - 2017-02-28 21:49 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-03-24 21:57 - 2017-02-28 21:49 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-03-24 21:57 - 2017-02-28 21:50 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-03-24 21:57 - 2017-02-28 21:49 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-03-24 21:58 - 2017-02-28 21:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-03-24 21:57 - 2017-02-28 21:49 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-03-24 21:57 - 2017-02-28 21:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-03-24 21:58 - 2017-02-28 21:51 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-03-24 21:58 - 2017-02-28 21:50 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-03-24 21:57 - 2017-02-28 21:47 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-03-24 21:57 - 2017-03-21 19:09 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-03-24 21:58 - 2017-03-21 19:10 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-03-24 21:57 - 2017-02-28 21:56 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-03-24 21:57 - 2017-02-28 21:56 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-03-24 21:57 - 2017-03-21 19:10 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2014-10-25 11:07 - 2014-10-25 11:07 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-08-12 07:58 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Mandragora\Desktop\MA:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1525.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1723.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL2518.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL3615.tmp:com.dropbox.attributes [168]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.220.18.8 - 89.246.64.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{8D117281-4ECC-4D19-9A59-9498F7049ABB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C0DE20F1-3440-46BD-9197-A8685EB04C4B}] => (Allow) LPort=2869
FirewallRules: [{14C5742C-BF4C-4731-812B-14F870F6F9A2}] => (Allow) LPort=1900
FirewallRules: [{D8793EF8-B554-4D44-8902-432762F4DFA1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4080E16E-1E76-4968-B921-5DF209A535C7}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E80B59D9-F81C-4F5F-8292-2C812AC1E6F1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9285B7C0-4A2C-4D66-B888-7007B8F102A4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9F1855DD-5903-48DF-BE88-6208B718D06C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{A0EB8BE4-5FA2-4789-B8CB-383F57867C70}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{D4315AE7-D9C3-4EEE-AB80-92E6DFDDDCA2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{1BA4D3BD-94CE-4217-903C-31389FABCAE4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{90EA422D-F8D3-45AF-9245-892B2C136ED2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{BE9A9460-6078-437A-A167-90F2C5E501BC}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{D976413F-D66E-417A-BB73-4CC8CEB44FF8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{C6452A2D-E8E1-4C9E-80D9-7AC71E440F7F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [TCP Query User{2CC2C2BA-03D8-4D03-99FC-FB0BDF2F23C6}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [UDP Query User{8FCC3D8A-EE00-451F-AF68-EAFCF22F6825}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [TCP Query User{27B2111E-D0DF-4697-8FD6-B51EAC1A1C67}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{F2849A07-BE71-47A6-8473-77BF115418C4}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{4535CEA3-CC0E-4AC7-815A-C086DB030FD5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5AA8A058-2530-4203-AC67-7A983D159AA4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F938FAA4-2AF2-489A-ABE2-1CB0C89F0884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0640F3D-0672-4696-8C7D-DAC1642D5189}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A933A339-8EF5-4CE4-AB80-B7120D8AD34D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{96EF1256-DD44-456A-BEB3-4FCA497F5F4D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5F34E618-2483-4E2D-9B56-753A6B271719}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{641A77A7-ECBE-424F-AB5F-1156DA6330FD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{402BA76D-02C5-458E-BB2E-C60036F5D793}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1F7841DF-8A25-40E3-9544-3107E0620873}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EFF70E2A-C1E2-4D17-9B12-860F82A572CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{F3E2C821-CD8E-4A6B-AEBD-EC97AEDEEDBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{04E0FF11-3A03-4908-98D7-8AAD30B2F09E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{D92D7B03-6763-4DAB-AE0E-68EC21C36650}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{7EDD9AA7-2FDD-4C1B-8F90-B505CF9A2877}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86A9C794-2D65-4423-B45C-7C01B99D4606}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{798A6D6F-CBCC-47EF-8ED6-075942B1E1EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{38E294B4-31CC-4F35-8B5A-7EEF3EEB3D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{91AA941D-965F-4FDB-A9D1-BCE8FA795C9C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{901FE775-BE28-4B27-84E6-1870E7C69FF6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{01431CD5-4F5B-484F-8F1F-99D9228C496E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{3C658FEC-5396-454A-92FF-0E2A08A29295}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{466A95DE-0CA3-4A02-9014-F26D2E11A26E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{B2221D6B-A8BD-4BB1-8422-005277358460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{D6220000-49CE-4ED3-AFDF-4A0CE797458D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Wiederherstellungspunkte =========================
02-03-2017 11:53:33 Windows Update
10-03-2017 12:51:12 Windows Update
17-03-2017 12:20:57 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/25/2017 04:45:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/25/2017 04:40:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 04:27:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 04:22:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 03:05:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/25/2017 03:02:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 03:02:08 PM) (Source: SDUpdSvc.exe) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/25/2017 09:02:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 08:59:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 08:57:33 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT-AUTORITÄT)
Description: Das Profilverzeichnis kann nicht gelöscht werden C:\Users\TEMP. Dies liegt u. U. daran, dass Dateien in diesem Verzeichnis von einem anderen Programm verwendet werden.
DETAIL - Das Verzeichnis ist nicht leer.
Systemfehler:
=============
Error: (03/25/2017 04:39:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/25/2017 04:39:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/25/2017 04:27:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/25/2017 04:27:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/25/2017 04:23:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (03/25/2017 04:23:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (03/25/2017 04:22:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (03/25/2017 04:22:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (03/25/2017 04:21:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/25/2017 04:21:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 70%
Installierter physikalischer RAM: 3947.86 MB
Verfügbarer physikalischer RAM: 1165.63 MB
Summe virtueller Speicher: 7893.93 MB
Verfügbarer virtueller Speicher: 5277.95 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:116.79 GB) NTFS
Drive e: (SCARAB) (Removable) (Total:3.91 GB) (Free:3.45 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1BCD5BD1)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.9 GB) (Disk ID: CD152345)
Partition 1: (Active) - (Size=3.9 GB) - (Type=0B)
==================== Ende von Addition.txt ============================
|
|
25.03.2017, 17:02
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2017, 18:43
| #9 |
| | Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail Kein Fund Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.18124
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4139630592, free: 1950064640
Downloaded database version: v2017.03.25.05
Downloaded database version: v2017.03.11.01
Downloaded database version: v2017.03.14.01
=======================================
Initializing...
------------ Kernel report ------------
03/25/2017 17:16:21
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\bScsiSDa.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\bScsiMSa.sys
\SystemRoot\system32\DRIVERS\b57xdbd.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\b57xdmp.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Windows\system32\drivers\acedrv11.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mwac.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\MBAMChameleon.sys
\SystemRoot\system32\drivers\WudfPf.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2017.03.25.05
rootkit: v2017.03.11.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007619060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80074b68f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007619060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004e92050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1BCD5BD1
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 37748736
Partition is bootable
Partition file system is NTFS
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 37750784 Numsec = 204800
Partition is bootable
Partition file system is NTFS
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 37955584 Numsec = 587184128
Partition is not bootable
Partition file system is NTFS
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Done!
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.83" is compressed (flags = 1)
Scan finished
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2017.03.25.05
rootkit: v2017.03.11.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18124
Mandragora :: ACERASPIRE [administrator]
25.03.2017 17:16:38
mbar-log-2017-03-25 (17-16-38).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 398012
Time elapsed: 1 hour(s), 15 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
25.03.2017, 23:01
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Wir haben leider noch ne ältere Anleitung vom adwCleaner, bitte nochmal ausführen und so einstellen:  2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2017, 23:25
| #11 |
| | Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-MailCode:
ATTFilter # AdwCleaner v6.044 - Bericht erstellt am 25/03/2017 um 23:17:17
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-23.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : Mandragora - ACERASPIRE
# Gestartet von : C:\Users\Mandragora\Desktop\AdwCleaner_6.044.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Keine schädlichen Dienste gefunden.
***** [ Ordner ] *****
Keine schädlichen Ordner gefunden.
***** [ Dateien ] *****
Keine schädlichen Dateien gefunden.
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Keine schädlichen Aufgaben gefunden.
***** [ Registrierungsdatenbank ] *****
Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [1220 Bytes] - [25/03/2017 23:17:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1293 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by Mandragora (Administrator) on 25.03.2017 at 23:18:29,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 13
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHA3IF56 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MU4XEI8Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOZ5AYW5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCYCX1O1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VV2K5P4K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZX64U4P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHA3IF56 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MU4XEI8Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOZ5AYW5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCYCX1O1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VV2K5P4K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZX64U4P (Temporary Internet Files Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.03.2017 at 23:22:37,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
25.03.2017, 23:41
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2017, 08:24
| #13 |
| | Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-MailCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von Mandragora (Administrator) auf ACERASPIRE (26-03-2017 09:15:24)
Gestartet von C:\Users\Mandragora\Desktop
Geladene Profile: Mandragora & UpdatusUser (Verfügbare Profile: Mandragora & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Inc.) C:\Program Files (x86)\Acer\clear.fi Client\ExtractDeviceIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Flux Software LLC) C:\Users\Mandragora\AppData\Local\FluxSoftware\Flux\flux.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Telegram Messenger LLP) C:\Users\Mandragora\AppData\Roaming\Telegram Desktop\Telegram.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Farbar) C:\Users\Mandragora\Desktop\FRST64bit.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28065728 2017-03-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [BingSvc] => C:\Users\Mandragora\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [f.lux] => C:\Users\Mandragora\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\MountPoints2: {fe347389-8546-11e4-94f6-dc0ea103d22b} - E:\Startme.exe
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1004\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\S-1-5-21-910591887-2798395287-988946140-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [450048 2011-09-13] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-10]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-06-04]
ShortcutTarget: Telegram.lnk -> C:\Users\Mandragora\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
ProxyServer: [S-1-5-21-910591887-2798395287-988946140-1001] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 62.220.18.8 89.246.64.8
Tcpip\..\Interfaces\{2D354F33-412B-4746-916B-D93389455A7C}: [DhcpNameServer] 192.168.1.250
Tcpip\..\Interfaces\{5DAF830A-DF25-4C60-9337-70381CE34126}: [DhcpNameServer] 62.220.18.8 89.246.64.8
Internet Explorer:
==================
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-910591887-2798395287-988946140-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll => Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll => Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-01] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 [2017-03-25]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> Bing
FF Homepage: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> hxxps://www.bing.com/
FF Session Restore: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> ist aktiviert.
FF Extension: (NoScript) - C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-20]
FF Extension: (Adblock Plus) - C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-25] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-08] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default [2016-05-20]
CHR Extension: (Google Docs) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-20]
CHR Extension: (Google Drive) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-20]
CHR Extension: (YouTube) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-20]
CHR Extension: (Google Mail) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-20]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-03-11] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S2 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-26] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-26] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-26] (Malwarebytes)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-26 09:15 - 2017-03-26 09:19 - 00022595 _____ C:\Users\Mandragora\Desktop\FRST.txt
2017-03-26 00:13 - 2017-03-26 00:17 - 00000000 ____D C:\AdwCleaner
2017-03-26 00:11 - 2017-03-26 00:04 - 01663904 _____ (Malwarebytes) C:\Users\Mandragora\Desktop\JRT.exe
2017-03-26 00:11 - 2017-03-26 00:03 - 04031440 _____ C:\Users\Mandragora\Desktop\AdwCleaner_6.044.exe
2017-03-25 18:16 - 2017-03-25 19:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-25 18:14 - 2017-03-25 19:35 - 00000000 ____D C:\Users\Mandragora\Desktop\mbar
2017-03-25 18:12 - 2017-03-25 18:08 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Mandragora\Desktop\mbar-1.09.3.1001.exe
2017-03-25 17:45 - 2017-03-21 15:31 - 02424832 _____ (Farbar) C:\Users\Mandragora\Desktop\FRST64bit.exe
2017-03-25 17:25 - 2017-03-25 17:25 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-03-25 09:44 - 2017-03-25 09:57 - 00000000 ____D C:\Users\TEMP
2017-03-24 22:58 - 2017-03-24 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-24 22:51 - 2017-03-24 22:51 - 00000000 ____D C:\Program Files (x86)\ESET
2017-03-24 22:43 - 2017-03-24 22:50 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\AVAST Software
2017-03-24 22:39 - 2017-03-24 22:40 - 00219870 _____ C:\TDSSKiller.3.1.0.12_24.03.2017_21.39.23_log.txt
2017-03-24 21:17 - 2017-03-25 17:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-24 21:17 - 2017-03-25 17:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-24 20:37 - 2017-03-24 18:46 - 02870984 _____ (ESET) C:\Users\Mandragora\Desktop\esetsmartinstaller_deu.exe
2017-03-22 00:58 - 2017-03-26 09:15 - 00000000 ____D C:\FRST
2017-03-21 16:55 - 2017-03-21 17:12 - 00218608 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_15.55.26_log.txt
2017-03-21 16:54 - 2017-03-21 16:54 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Mandragora\Desktop\tdsskiller.exe
2017-03-21 15:14 - 2017-03-26 09:19 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-21 15:14 - 2017-03-26 09:14 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-21 15:14 - 2017-03-26 09:14 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-21 15:14 - 2017-03-26 09:14 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-21 15:14 - 2017-03-21 15:44 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-21 15:13 - 2017-03-21 15:13 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-21 15:13 - 2017-03-21 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-21 15:13 - 2017-03-21 15:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-21 15:13 - 2017-02-24 07:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-20 16:11 - 2017-03-20 16:11 - 00000000 ____D C:\Users\Mandragora\Documents\Uru Live
2017-03-20 16:07 - 2017-03-20 16:07 - 00001640 _____ C:\Users\Mandragora\.recently-used.xbel
2017-03-14 13:15 - 2017-03-14 19:46 - 00000000 ____D C:\Users\Mandragora\Desktop\ebayFotos
2017-03-11 01:17 - 2017-03-11 01:17 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-26 09:16 - 2016-02-06 18:41 - 00000000 ___RD C:\Users\Mandragora\Dropbox
2017-03-26 09:16 - 2012-01-06 20:50 - 00000000 ____D C:\ProgramData\clear.fi
2017-03-26 09:15 - 2016-06-04 16:21 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Telegram Desktop
2017-03-26 09:14 - 2016-02-06 18:35 - 00001218 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-26 09:14 - 2015-08-16 09:04 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-26 09:13 - 2013-06-13 10:32 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2017-03-26 09:13 - 2013-06-02 22:42 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-03-26 09:13 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-26 00:21 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-26 00:21 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-25 19:42 - 2016-02-06 18:35 - 00001222 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-25 19:36 - 2016-11-19 10:36 - 00000000 ____D C:\Users\Mandragora\AppData\LocalLow\Mozilla
2017-03-25 17:42 - 2013-04-17 08:42 - 00000000 ____D C:\ProgramData\Avira
2017-03-25 17:38 - 2013-04-17 08:47 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Avira
2017-03-25 17:31 - 2016-10-26 12:28 - 00000000 ____D C:\Users\Mandragora\Desktop\MA
2017-03-25 17:30 - 2012-01-07 17:29 - 00000000 ___RD C:\Users\Mandragora\Desktop\Studium
2017-03-25 09:56 - 2011-11-03 04:28 - 00699682 _____ C:\Windows\system32\perfh007.dat
2017-03-25 09:56 - 2011-11-03 04:28 - 00149790 _____ C:\Windows\system32\perfc007.dat
2017-03-25 09:56 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-25 09:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-03-25 09:49 - 2015-07-18 17:32 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-25 00:36 - 2014-08-04 13:57 - 00000000 ___RD C:\Users\Mandragora\Desktop\AW
2017-03-24 22:58 - 2016-02-06 18:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-24 22:39 - 2015-02-09 12:25 - 970902040 _____ C:\Windows\ntbtlog.txt
2017-03-24 21:09 - 2016-11-18 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-24 21:09 - 2012-04-22 22:56 - 00000000 ____D C:\ProgramData\ICQ
2017-03-24 20:43 - 2012-01-08 03:19 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Adobe
2017-03-21 18:17 - 2013-05-29 15:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\vlc
2017-03-21 15:13 - 2012-01-06 19:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-21 15:05 - 2016-11-18 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-03-21 15:05 - 2012-05-08 12:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 16:10 - 2015-08-04 19:53 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uru Live
2017-03-20 16:08 - 2012-02-20 00:46 - 00000000 ____D C:\Users\Mandragora\.gimp-2.6
2017-03-20 16:07 - 2012-02-20 00:48 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\gtk-2.0
2017-03-20 16:07 - 2012-01-06 18:29 - 00000000 ____D C:\Users\Mandragora
2017-03-16 20:01 - 2016-02-29 23:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\avidemux
2017-03-16 14:14 - 2016-11-25 23:50 - 00000000 ___RD C:\Users\Mandragora\Desktop\Fragmente der Erinnerung
2017-03-15 12:02 - 2013-03-19 11:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 12:02 - 2013-03-19 11:31 - 00004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 12:02 - 2013-03-19 11:31 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-15 12:02 - 2011-08-12 09:32 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 12:02 - 2011-08-12 09:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-12 13:49 - 2014-08-18 19:35 - 00000132 _____ C:\Users\Mandragora\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2017-03-11 21:55 - 2016-01-15 22:42 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\TS3Client
2017-03-09 23:13 - 2016-02-06 18:35 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Dropbox
2017-03-07 22:44 - 2013-04-09 16:18 - 00000000 ___RD C:\Users\Mandragora\Desktop\ALEA
2017-03-07 00:07 - 2014-03-04 16:02 - 00004096 ____H C:\Users\Mandragora\AppData\Local\keyfile3.drm
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2010-06-02 05:21 - 2010-06-02 05:21 - 1347354 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1078962 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1397830 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1115221 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0916430 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 4162630 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0179133 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0133103 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0087101 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0046010 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0698612 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0695865 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1607358 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1606039 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0195766 _____ () C:\Program Files (x86)\APR2007_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0151225 _____ () C:\Program Files (x86)\APR2007_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0096817 _____ () C:\Program Files (x86)\APR2007_xinput_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0053302 _____ () C:\Program Files (x86)\APR2007_xinput_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1350542 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1077644 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0182903 _____ () C:\Program Files (x86)\AUG2006_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0137235 _____ () C:\Program Files (x86)\AUG2006_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0087142 _____ () C:\Program Files (x86)\AUG2006_xinput_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0046058 _____ () C:\Program Files (x86)\AUG2006_xinput_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0852286 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0796867 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1800160 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1708152 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0198096 _____ () C:\Program Files (x86)\AUG2007_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0153012 _____ () C:\Program Files (x86)\AUG2007_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0867612 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0849167 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1794084 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1464672 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0121772 _____ () C:\Program Files (x86)\Aug2008_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0092996 _____ () C:\Program Files (x86)\Aug2008_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0271412 _____ () C:\Program Files (x86)\Aug2008_XAudio_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0271038 _____ () C:\Program Files (x86)\Aug2008_XAudio_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0919044 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0900598 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 3112111 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 3319740 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0232635 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0192131 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0136301 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0105044 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0930116 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0728456 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0122408 _____ () C:\Program Files (x86)\Aug2009_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093106 _____ () C:\Program Files (x86)\Aug2009_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0273264 _____ () C:\Program Files (x86)\Aug2009_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0272642 _____ () C:\Program Files (x86)\Aug2009_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1357976 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1079456 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0212807 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0191720 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1571154 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1574376 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0192475 _____ () C:\Program Files (x86)\DEC2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0145599 _____ () C:\Program Files (x86)\DEC2006_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0089944 _____ (Microsoft Corporation) C:\Program Files (x86)\DSETUP.dll
2010-06-02 05:22 - 2010-06-02 05:22 - 1801048 _____ () C:\Program Files (x86)\dsetup32.dll
2010-06-02 05:22 - 2010-06-02 05:22 - 0042410 _____ () C:\Program Files (x86)\dxdllreg_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0537432 _____ () C:\Program Files (x86)\DXSETUP.exe
2010-06-02 05:22 - 2010-06-02 05:22 - 0094011 _____ () C:\Program Files (x86)\dxupdate.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1247499 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1013225 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1362796 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1084720 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0178359 _____ () C:\Program Files (x86)\Feb2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0132409 _____ () C:\Program Files (x86)\Feb2006_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0194675 _____ () C:\Program Files (x86)\FEB2007_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0147983 _____ () C:\Program Files (x86)\FEB2007_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0054678 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0020713 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0122446 _____ () C:\Program Files (x86)\Feb2010_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093180 _____ () C:\Program Files (x86)\Feb2010_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0276960 _____ () C:\Program Files (x86)\Feb2010_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0277191 _____ () C:\Program Files (x86)\Feb2010_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1336002 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1064925 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0180785 _____ () C:\Program Files (x86)\JUN2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0133671 _____ () C:\Program Files (x86)\JUN2006_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0699044 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0698472 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1607774 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1607286 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0197122 _____ () C:\Program Files (x86)\JUN2007_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0152909 _____ () C:\Program Files (x86)\JUN2007_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0867828 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0849919 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1792608 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1463878 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0055154 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021905 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0121054 _____ () C:\Program Files (x86)\JUN2008_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093128 _____ () C:\Program Files (x86)\JUN2008_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0269628 _____ () C:\Program Files (x86)\JUN2008_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0269024 _____ () C:\Program Files (x86)\JUN2008_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0944460 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0931471 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0752783 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0762188 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0235955 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0197283 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0138205 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0109445 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0937246 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0768036 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0124596 _____ () C:\Program Files (x86)\Jun2010_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093686 _____ () C:\Program Files (x86)\Jun2010_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0277338 _____ () C:\Program Files (x86)\Jun2010_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0278060 _____ () C:\Program Files (x86)\Jun2010_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0844884 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0818260 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1769862 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1443282 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0055058 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021867 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0122336 _____ () C:\Program Files (x86)\Mar2008_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093734 _____ () C:\Program Files (x86)\Mar2008_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0251194 _____ () C:\Program Files (x86)\Mar2008_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0226250 _____ () C:\Program Files (x86)\Mar2008_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1067160 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1040745 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1973702 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1612446 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0054600 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021298 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0121506 _____ () C:\Program Files (x86)\Mar2009_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0092740 _____ () C:\Program Files (x86)\Mar2009_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0275044 _____ () C:\Program Files (x86)\Mar2009_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0273018 _____ () C:\Program Files (x86)\Mar2009_XAudio_x86.cab
2013-06-26 18:03 - 2014-07-18 13:57 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2010-06-02 05:22 - 2010-06-02 05:22 - 0864600 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0803884 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1802058 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1709360 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0046144 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0018496 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0196762 _____ () C:\Program Files (x86)\NOV2007_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0148264 _____ () C:\Program Files (x86)\NOV2007_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0994154 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0965421 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1906878 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1550796 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0054522 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021851 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0121794 _____ () C:\Program Files (x86)\Nov2008_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0092684 _____ () C:\Program Files (x86)\Nov2008_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0273960 _____ () C:\Program Files (x86)\Nov2008_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0272611 _____ () C:\Program Files (x86)\Nov2008_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0086037 _____ () C:\Program Files (x86)\Oct2005_xinput_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0045359 _____ () C:\Program Files (x86)\Oct2005_xinput_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1412902 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1127217 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0182361 _____ () C:\Program Files (x86)\OCT2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0138017 _____ () C:\Program Files (x86)\OCT2006_XACT_x86.cab
2014-08-18 19:35 - 2017-03-12 13:49 - 0000132 _____ () C:\Users\Mandragora\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2015-08-23 15:33 - 2015-08-23 15:33 - 0001456 _____ () C:\Users\Mandragora\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-03-04 16:02 - 2017-03-07 00:07 - 0004096 ____H () C:\Users\Mandragora\AppData\Local\keyfile3.drm
2016-03-16 12:30 - 2016-03-16 12:30 - 0007597 _____ () C:\Users\Mandragora\AppData\Local\Resmon.ResmonCfg
2011-11-02 20:03 - 2011-11-02 20:05 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Mandragora\fbchathistory.dat
C:\Users\Public\AlexaNSISPlugin.3912.dll
Einige Dateien in TEMP:
====================
2013-01-29 00:20 - 2013-01-29 00:20 - 0248008 _____ (Ask.com) C:\Users\Mandragora\AppData\Local\Temp\AskSLib.dll
2012-01-06 19:04 - 2012-01-06 19:04 - 3486088 _____ (Ask) C:\Users\Mandragora\AppData\Local\Temp\asktoolbar.exe
2005-10-18 23:47 - 2005-10-18 23:47 - 0733184 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRun.exe
2012-01-07 00:41 - 2005-10-10 23:32 - 0573440 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRunGUI.dll
2013-10-07 13:40 - 2014-08-05 11:01 - 0000000 ____D () C:\Users\Mandragora\AppData\Local\Temp\avgnt.exe
2012-10-10 20:53 - 2012-10-10 20:53 - 0255072 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Mandragora\AppData\Local\Temp\avguidx.dll
2015-11-12 19:15 - 2015-11-12 19:15 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BingSvc.exe
2015-05-01 00:06 - 2015-11-12 19:15 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcProcessor.exe
2015-05-01 00:06 - 2015-11-12 19:15 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcUpdater.exe
2012-01-06 19:03 - 2012-01-06 19:03 - 0334848 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\BunndleOfferManager.dll
2012-10-10 20:53 - 2012-10-10 20:53 - 4720736 _____ () C:\Users\Mandragora\AppData\Local\Temp\CommonInstaller.exe
2014-07-16 11:24 - 2014-07-16 11:24 - 0026936 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x64.dll
2014-07-16 11:24 - 2014-07-16 11:24 - 0028984 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x86.dll
2012-04-08 11:39 - 2012-04-08 11:40 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\EADEB76.exe
2012-02-02 12:32 - 2007-06-03 22:59 - 0879688 _____ () C:\Users\Mandragora\AppData\Local\Temp\EAInstall.dll
2012-02-02 12:37 - 2005-10-18 23:47 - 0339968 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\eauninstall.exe
2001-09-29 03:30 - 2001-09-29 03:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU17A7.exe
2001-09-29 03:30 - 2001-09-29 03:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2BB3.exe
2001-10-11 13:01 - 2001-10-11 13:01 - 4091904 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2E80.DLL
2001-09-29 03:30 - 2001-09-29 03:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU41B.exe
2001-09-29 03:30 - 2001-09-29 03:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU4A4.exe
2001-09-29 03:30 - 2001-09-29 03:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU524.exe
2001-09-29 03:30 - 2001-09-29 03:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBUEF0.exe
2012-01-18 23:44 - 2004-08-18 10:33 - 1453843 ____R (Macromedia, Inc.) C:\Users\Mandragora\AppData\Local\Temp\First15.exe
2013-03-19 11:34 - 2013-03-19 11:34 - 16486616 _____ (Adobe Systems Incorporated) C:\Users\Mandragora\AppData\Local\Temp\fp_pl_pfs_installer.exe
2012-01-06 20:04 - 2012-01-06 20:04 - 3763360 _____ (Adobe Systems, Inc.) C:\Users\Mandragora\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
2012-02-02 12:32 - 2007-06-03 22:59 - 0109640 _____ (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\GameuxInstallHelper.dll
2015-02-09 12:41 - 2005-09-18 15:52 - 0073728 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\Harry Potter and the Goblet of Fire_uninst.exe
2012-10-10 20:53 - 2012-10-10 20:53 - 0163936 _____ () C:\Users\Mandragora\AppData\Local\Temp\MachineIdCreator.exe
2014-01-19 18:59 - 2003-10-06 20:59 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\MakeFilesHidden.exe
2012-10-10 20:53 - 2012-10-10 20:53 - 12143200 _____ () C:\Users\Mandragora\AppData\Local\Temp\oi_{58DB1360-58CA-435F-A459-597FDDFC2474}.exe
2014-01-19 18:59 - 2003-10-06 20:58 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\OpenTxtFile.exe
2012-03-26 20:14 - 2012-03-26 20:14 - 14763880 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_413e.exe
2013-04-02 13:43 - 2013-04-02 13:43 - 14809416 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_5fe.exe
2012-03-09 16:53 - 2012-03-09 16:53 - 14739304 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_7759.exe
2014-11-08 10:33 - 2015-01-25 22:19 - 0553984 _____ () C:\Users\Mandragora\AppData\Local\Temp\Quarantine.exe
2014-08-04 13:43 - 2014-08-04 13:42 - 0111104 _____ () C:\Users\Mandragora\AppData\Local\Temp\readSTILog.dll
2014-07-16 11:24 - 2014-07-16 11:24 - 0032568 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-win32.dll
2014-07-16 11:24 - 2014-07-16 11:24 - 0032056 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-x64.dll
2014-01-19 18:59 - 2003-10-06 20:57 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\ShellEx.exe
2012-06-07 19:00 - 2014-08-12 21:21 - 35595360 _____ (Skype Technologies S.A.) C:\Users\Mandragora\AppData\Local\Temp\SkypeSetup.exe
2015-05-03 21:39 - 2015-05-03 21:40 - 36124056 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011080.exe
2015-11-04 19:52 - 2015-11-04 19:53 - 39228760 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011541.exe
2017-02-28 10:16 - 2017-02-28 10:18 - 42463240 _____ (Digital Wave Ltd ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34013494.exe
2016-03-25 12:19 - 2016-03-25 12:21 - 40830448 _____ (DVDVideoSoft Ltd. ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34015287.exe
2016-08-09 11:11 - 2016-08-09 11:11 - 42463240 _____ (Digital Wave Ltd ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34018299.exe
2016-06-30 18:47 - 2016-06-30 18:48 - 41478784 _____ (Digital Wave Ltd ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34019719.exe
2012-10-10 20:53 - 2012-10-10 20:53 - 8212064 _____ () C:\Users\Mandragora\AppData\Local\Temp\ToolbarInstaller.exe
2009-03-28 23:08 - 2009-03-28 23:08 - 0195056 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\UninstallEADM.dll
2012-01-18 23:44 - 2004-08-18 10:34 - 0023040 ____R () C:\Users\Mandragora\AppData\Local\Temp\VP6Install.exe
2012-01-18 23:44 - 2004-08-18 10:34 - 0442368 ____R (On2.com) C:\Users\Mandragora\AppData\Local\Temp\VP6VFW.dll
2012-01-06 19:04 - 2012-01-06 19:05 - 13657088 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-17 13:24
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von Mandragora (26-03-2017 09:20:46)
Gestartet von C:\Users\Mandragora\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-06 16:29:27)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-910591887-2798395287-988946140-500 - Administrator - Disabled)
Gast (S-1-5-21-910591887-2798395287-988946140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-910591887-2798395287-988946140-1003 - Limited - Enabled)
Mandragora (S-1-5-21-910591887-2798395287-988946140-1001 - Administrator - Enabled) => C:\Users\Mandragora
UpdatusUser (S-1-5-21-910591887-2798395287-988946140-1004 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version: - Spicy Horse Games)
Antichamber (HKLM\...\Steam App 219890) (Version: - Alexander Bruce)
Antichamber (HKLM\...\UDK-03d800e5-0cb9-4097-934c-b65f9cb978bc) (Version: - Epic Games, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Blender (HKLM\...\{3ABDE236-0A3F-4D0D-BECB-DB67EE21C593}) (Version: 2.77.0 - Blender Foundation)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Discord (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 22.4.24 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper 2) (Version: - )
Electronic Arts Product Registration (HKLM-x32\...\InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}) (Version: 1.01.0000 - Electronic Arts)
Electronic Arts Product Registration (x32 Version: 1.01.0000 - Electronic Arts) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
EXMARaLDA 1.9 (HKLM-x32\...\EXMARaLDA_is1) (Version: - Thomas Schmidt, Kai Woerner, Timm Lehmberg, Hanna Hedeland)
f.lux (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Flux) (Version: - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 52.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 de)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
Myst Online: Uru Live (remove only) (HKLM-x32\...\MOUL) (Version: - )
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
realMyst (HKLM-x32\...\Steam App 63600) (Version: - Cyan Worlds)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Rememoried (HKLM\...\Steam App 368450) (Version: - Vladimir Kudelka)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Sony PC Companion (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Telegram Desktop version 1.0.14 (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP)
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
UDPixel.exe (HKLM-x32\...\UDPixel) (Version: - )
Uru - Ages Beyond Myst (HKLM-x32\...\Uru - Ages Beyond Myst) (Version: 1.0.0.0 - ubi.com)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1074EB25-B430-4337-BA99-EEC5ED58CBB7} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {2D04712F-98CD-45EC-A93C-81AF858F27D8} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
Task: {2D840F2C-F801-4B70-B60B-2B3C0FC281EE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {38AB495B-06AD-4576-8F08-654CE683FB3B} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {41B2EC03-DD3F-40AE-B427-53CEF1552856} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {44A38F1C-2804-49F0-9E90-23FC769A4071} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {506E0C36-3A40-4735-8DD9-7330B66DDA22} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {6A3DD29B-BD60-4503-A9F0-18B4D91C6762} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: {6B062F60-CC7C-4344-85C3-F16FCC7A2A61} - System32\Tasks\AdobeAAMUpdater-1.0-acerAspire-Mandragora => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {814DE142-C4AB-4762-8098-81B792BBC521} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {93F5ED5B-41F9-4C81-9D19-7811DFACCE78} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {CF89131E-D69D-4419-A8BE-F322CF3AA529} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {EDC0473E-1B12-4AE5-975B-09C5E538A8C3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {F3A3CC50-29C6-4F72-8778-6C8980DF0411} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Meine Websites auf MSN\target.lnk -> hxxp://www.msnusers.co
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-08-15 18:59 - 2013-06-21 12:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-21 15:13 - 2017-02-24 07:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-21 15:13 - 2017-02-24 07:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2011-08-12 09:37 - 2011-06-10 19:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-03 06:27 - 2013-09-03 06:27 - 04689312 _____ () C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\AMocWrapper.dll
2014-12-25 12:15 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2012-01-05 15:22 - 2012-01-05 15:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 15:22 - 2012-01-05 15:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 15:22 - 2012-01-05 15:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-08-24 19:03 - 2011-08-24 19:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-12-25 12:15 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-12-25 12:15 - 2015-10-20 18:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2017-03-24 22:57 - 2017-03-21 20:06 - 00842560 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-03-24 22:58 - 2017-02-28 22:49 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-03-24 22:58 - 2017-02-28 22:49 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-03-24 22:58 - 2017-02-28 22:49 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-03-24 22:58 - 2017-02-28 22:50 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-03-24 22:58 - 2017-02-28 22:49 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-03-24 22:57 - 2017-02-28 22:49 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-03-24 22:57 - 2017-02-28 22:50 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-03-24 22:57 - 2017-02-28 22:49 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-03-24 22:58 - 2017-02-28 22:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-03-24 22:57 - 2017-02-28 22:49 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-03-24 22:57 - 2017-02-28 22:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-03-24 22:58 - 2017-02-28 22:51 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-03-24 22:58 - 2017-02-28 22:50 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-03-24 22:57 - 2017-02-28 22:47 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-03-24 22:57 - 2017-03-21 20:09 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-03-24 22:58 - 2017-03-21 20:10 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-03-24 22:57 - 2017-02-28 22:56 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-03-24 22:57 - 2017-02-28 22:56 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-03-24 22:57 - 2017-03-21 20:10 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2014-10-25 12:07 - 2014-10-25 12:07 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-08-12 08:58 - 2011-04-30 09:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Mandragora\Desktop\MA:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1525.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1723.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL2518.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL3615.tmp:com.dropbox.attributes [168]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.220.18.8 - 89.246.64.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{8D117281-4ECC-4D19-9A59-9498F7049ABB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C0DE20F1-3440-46BD-9197-A8685EB04C4B}] => (Allow) LPort=2869
FirewallRules: [{14C5742C-BF4C-4731-812B-14F870F6F9A2}] => (Allow) LPort=1900
FirewallRules: [{D8793EF8-B554-4D44-8902-432762F4DFA1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4080E16E-1E76-4968-B921-5DF209A535C7}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E80B59D9-F81C-4F5F-8292-2C812AC1E6F1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9285B7C0-4A2C-4D66-B888-7007B8F102A4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9F1855DD-5903-48DF-BE88-6208B718D06C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{A0EB8BE4-5FA2-4789-B8CB-383F57867C70}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{D4315AE7-D9C3-4EEE-AB80-92E6DFDDDCA2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{1BA4D3BD-94CE-4217-903C-31389FABCAE4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{90EA422D-F8D3-45AF-9245-892B2C136ED2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{BE9A9460-6078-437A-A167-90F2C5E501BC}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{D976413F-D66E-417A-BB73-4CC8CEB44FF8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{C6452A2D-E8E1-4C9E-80D9-7AC71E440F7F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [TCP Query User{2CC2C2BA-03D8-4D03-99FC-FB0BDF2F23C6}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [UDP Query User{8FCC3D8A-EE00-451F-AF68-EAFCF22F6825}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [TCP Query User{27B2111E-D0DF-4697-8FD6-B51EAC1A1C67}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{F2849A07-BE71-47A6-8473-77BF115418C4}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{4535CEA3-CC0E-4AC7-815A-C086DB030FD5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5AA8A058-2530-4203-AC67-7A983D159AA4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F938FAA4-2AF2-489A-ABE2-1CB0C89F0884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0640F3D-0672-4696-8C7D-DAC1642D5189}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A933A339-8EF5-4CE4-AB80-B7120D8AD34D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{96EF1256-DD44-456A-BEB3-4FCA497F5F4D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5F34E618-2483-4E2D-9B56-753A6B271719}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{641A77A7-ECBE-424F-AB5F-1156DA6330FD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{402BA76D-02C5-458E-BB2E-C60036F5D793}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1F7841DF-8A25-40E3-9544-3107E0620873}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EFF70E2A-C1E2-4D17-9B12-860F82A572CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{F3E2C821-CD8E-4A6B-AEBD-EC97AEDEEDBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{04E0FF11-3A03-4908-98D7-8AAD30B2F09E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{D92D7B03-6763-4DAB-AE0E-68EC21C36650}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{7EDD9AA7-2FDD-4C1B-8F90-B505CF9A2877}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86A9C794-2D65-4423-B45C-7C01B99D4606}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{798A6D6F-CBCC-47EF-8ED6-075942B1E1EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{38E294B4-31CC-4F35-8B5A-7EEF3EEB3D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{91AA941D-965F-4FDB-A9D1-BCE8FA795C9C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{901FE775-BE28-4B27-84E6-1870E7C69FF6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{01431CD5-4F5B-484F-8F1F-99D9228C496E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{3C658FEC-5396-454A-92FF-0E2A08A29295}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{466A95DE-0CA3-4A02-9014-F26D2E11A26E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{B2221D6B-A8BD-4BB1-8422-005277358460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{D6220000-49CE-4ED3-AFDF-4A0CE797458D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Wiederherstellungspunkte =========================
02-03-2017 12:53:33 Windows Update
10-03-2017 13:51:12 Windows Update
17-03-2017 13:20:57 Windows Update
26-03-2017 00:18:35 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/26/2017 09:14:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/26/2017 12:08:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 06:12:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\Bereinigung\Tools\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/25/2017 06:11:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 05:45:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/25/2017 05:40:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 05:27:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 05:22:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 04:05:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/25/2017 04:02:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Systemfehler:
=============
Error: (03/26/2017 09:13:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/26/2017 09:13:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/26/2017 12:19:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/26/2017 12:06:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/26/2017 12:06:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/25/2017 06:11:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/25/2017 06:11:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/25/2017 05:39:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/25/2017 05:39:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/25/2017 05:27:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 62%
Installierter physikalischer RAM: 3947.86 MB
Verfügbarer physikalischer RAM: 1464.53 MB
Summe virtueller Speicher: 7893.93 MB
Verfügbarer virtueller Speicher: 5488.56 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:116.84 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1BCD5BD1)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
27.03.2017, 08:42
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter BootExecute: autocheck autochk * sdnclean64.exe
Task: {2D04712F-98CD-45EC-A93C-81AF858F27D8} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
Task: {6A3DD29B-BD60-4503-A9F0-18B4D91C6762} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
C:\Windows\System32\Tasks\Safer-Networking
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Spybot - Search & Destroy
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\ProgramData\Avira
C:\Users\Mandragora\AppData\Roaming\Avira
C:\Users\Mandragora\AppData\Local\Temp\AskSLib.dll
C:\Users\Mandragora\AppData\Local\Temp\asktoolbar.exe
C:\Users\Mandragora\fbchathistory.dat
C:\Users\Public\AlexaNSISPlugin.3912.dll
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2017, 09:57
| #15 |
| | Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail Ist ja wirklich interessant, dass immer noch Rückstände von AVG und Avira vorhanden waren...  Übrigens bekam ich jetzt schon öfter die Meldung vom Benutzerkontrollzentrum, die ich bestätigen sollte. Die Meldung betrifft den Java Auto Updater (jucheck.exe -auto -critical). Ich habe bisher auf Nein geklickt, weil ich nicht weiß, was dieses -critical bedeuten soll. Hier das Fixlog von FRST: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von Mandragora (27-03-2017 10:45:30) Run:1
Gestartet von C:\Users\Mandragora\Desktop
Geladene Profile: Mandragora & UpdatusUser (Verfügbare Profile: Mandragora & UpdatusUser)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
BootExecute: autocheck autochk * sdnclean64.exe
Task: {2D04712F-98CD-45EC-A93C-81AF858F27D8} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
Task: {6A3DD29B-BD60-4503-A9F0-18B4D91C6762} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
C:\Windows\System32\Tasks\Safer-Networking
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Spybot - Search & Destroy
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\ProgramData\Avira
C:\Users\Mandragora\AppData\Roaming\Avira
C:\Users\Mandragora\AppData\Local\Temp\AskSLib.dll
C:\Users\Mandragora\AppData\Local\Temp\asktoolbar.exe
C:\Users\Mandragora\fbchathistory.dat
C:\Users\Public\AlexaNSISPlugin.3912.dll
emptytemp:
*****************
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Wert erfolgreich wiederhergestellt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D04712F-98CD-45EC-A93C-81AF858F27D8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D04712F-98CD-45EC-A93C-81AF858F27D8} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A3DD29B-BD60-4503-A9F0-18B4D91C6762} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A3DD29B-BD60-4503-A9F0-18B4D91C6762} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_HP_rmv => Schlüssel erfolgreich entfernt
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => erfolgreich verschoben
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => erfolgreich verschoben
C:\Windows\System32\Tasks\Safer-Networking => erfolgreich verschoben
C:\Program Files (x86)\Spybot - Search & Destroy 2 => erfolgreich verschoben
C:\ProgramData\Spybot - Search & Destroy => erfolgreich verschoben
"C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job" => nicht gefunden.
"C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job" => nicht gefunden.
C:\ProgramData\Avira => erfolgreich verschoben
C:\Users\Mandragora\AppData\Roaming\Avira => erfolgreich verschoben
C:\Users\Mandragora\AppData\Local\Temp\AskSLib.dll => erfolgreich verschoben
C:\Users\Mandragora\AppData\Local\Temp\asktoolbar.exe => erfolgreich verschoben
C:\Users\Mandragora\fbchathistory.dat => erfolgreich verschoben
C:\Users\Public\AlexaNSISPlugin.3912.dll => erfolgreich verschoben
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 323550662 B
Java, Flash, Steam htmlcache => 40043642 B
Windows/system/drivers => 1746134052 B
Edge => 0 B
Chrome => 14641954 B
Firefox => 382748910 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 98654064 B
systemprofile32 => 840035 B
LocalService => 0 B
NetworkService => 1068694 B
UpdatusUser => 0 B
Mandragora => 5525388215 B
UpdatusUser => 0 B
RecycleBin => 1513492765 B
EmptyTemp: => 9 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 10:50:49 ====
|
|
| Themen zu Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail |
| adware, antivir, antivirus, avg, avira, browser, converter, cpu, desktop, dllhost.exe, error, flash player, google, helper, home, internet, kaspersky, launch, malewarbytes, mp3, problem gelöst, realtek, registry, safer networking, server, services.exe, software, super, system, trojaner, windows |
Linear-Darstellung
