Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: RSA 2048 Virus mit Verschlüsselungen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 28.10.2015, 21:39   #1
Ramsi Hartma
 
RSA 2048 Virus mit Verschlüsselungen - Standard

RSA 2048 Virus mit Verschlüsselungen



Einen schönen guten Abend die Herren und Damen.

Ich bin das erste mal bei euch unterwegs und habe direkt ein eher unschönes Anliegen.
Gestern, beim starten des PC´s bekam ich die Textmeldung, dass mein PC mit oben genannten Virus befallen ist, meine Dateien verschlüsselt wurden und ich bitte per Bitcoin dafür zahlen soll. Glücklicherweise, sind - wie bisher festgestellt - fast nur unwichtige und zu entbehrende Dateien verschlüsselt. Mein POroblem ist, ich bekomme den Befall offenbar nicht auf herkömmlichen Weg vom PC. Es laufen dauerhaft offenbar als Windows getarnte oder tatsächlich Windows Prozesse, die genutzt werden um den PC offenbar extrem auszulasten. Meine RAM Auslastung ist immer min. bei 50 - 100%. Ich kann die Prozesse nicht beenden und im Secure Task Manager werden Sie als sehr bedrohlich eingestuft da keine Beschreibung usw. um Beispiele zu nennen: conhost.exe, taskhost.exe und notepad.exe. All diese Prozesse öaufen 2 - 4 mal im Hintergrund. Ich habe Malewarebytes aktiv im Hintergrund ( erst seit dem BEfall ) und habe im Suchlauf mit aktueller Datenbank keine Bedrohungen mehr gefunden, Avira findet auch keinen Virus. Das Internet ist so schnell wie nie, aber jeder Prozess, der unmittelbar über den Explorer läuft ist endlos langsam und der Explorer hat auch immer ca. 30% der AMD Quadcore CPU in Beschlag. Ich hoffe Ihr könnt mir helfen. Ich habe bereits die FRST.exe heruntergeladen, da diese in einem anderen Thread mit selben Thema als erstes von euch angefordert wurde ( Logs daraus ) Ich freue mich auf eure Hilfe.

Danke an alle

Alt 28.10.2015, 22:02   #2
schrauber
/// the machine
/// TB-Ausbilder
 

RSA 2048 Virus mit Verschlüsselungen - Standard

RSA 2048 Virus mit Verschlüsselungen



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 28.10.2015, 22:18   #3
Ramsi Hartma
 
RSA 2048 Virus mit Verschlüsselungen - Standard

RSA 2048 Virus mit Verschlüsselungen



Vielen Dank für die schnelle Antwort. Ich werde mir morgen nach der Arbeit gegen 19.00 mal möglichst viel Zeit einplanen und die angeforderten Files hochladen
__________________

Alt 29.10.2015, 19:34   #4
schrauber
/// the machine
/// TB-Ausbilder
 

RSA 2048 Virus mit Verschlüsselungen - Standard

RSA 2048 Virus mit Verschlüsselungen



ok.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.10.2015, 20:23   #5
Ramsi Hartma
 
RSA 2048 Virus mit Verschlüsselungen - Standard

RSA 2048 Virus mit Verschlüsselungen



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:29-10-2015
durchgeführt von Onpoint (2015-10-29 20:20:59)
Gestartet von G:\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2011-06-17 12:42:20)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1458833429-1062236089-2201144009-500 - Administrator - Disabled)
Gast (S-1-5-21-1458833429-1062236089-2201144009-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1458833429-1062236089-2201144009-1003 - Limited - Enabled)
Onpoint (S-1-5-21-1458833429-1062236089-2201144009-1000 - Administrator - Enabled) => C:\Users\Onpoint
UpdatusUser (S-1-5-21-1458833429-1062236089-2201144009-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\uTorrent) (Version: 3.3.1.29963 - BitTorrent Inc.)
ACDSee Pro 2 (HKLM\...\{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}) (Version: 2.0.219 - ACD Systems International)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Audition CS6 (HKLM\...\{30FD541D-3C9D-41C4-B240-A994EE4E0231}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Alesis io|2 ASIO Driver (HKLM\...\{311EEFFE-8354-42D8-B2A0-A0666689F69F}) (Version: 1.0.0 - Alesis)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ATI Catalyst Install Manager (HKLM\...\{5155EC96-7397-FCC0-154C-F4814DA6B86C}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{5dfbeba9-9f22-463d-8c95-c861911810a2}) (Version: 1.1.47.11018 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.47.11018 - Avira Operations GmbH & Co. KG) Hidden
bl (Version: 1.0.0 - Your Company Name) Hidden
Call of Duty: Black Ops (HKLM\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
Cool Edit Pro 2.0 (HKLM\...\Cool Edit Pro 2.0) (Version:  - )
CS-80V2 2.0 (HKLM\...\CS-80V2_is1) (Version:  - Arturia)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Dropbox (HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Druckerdeinstallation für EPSON SX430 Series (HKLM\...\EPSON SX430 Series) (Version:  - SEIKO EPSON Corporation)
eLicenser Control (HKLM\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.0.16151 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
File Type Advisor 1.0 (HKLM\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free IP Switcher (HKLM\...\Free IP Switcher) (Version: hxxp://www.eusing.com/ipswitch/free_ip_switcher.htm - Eusing Software)
Free M4a to MP3 Converter 8.0 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
Google Chrome (HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{8A7CB3D4-0C49-4A19-8504-CF250CE1F5E8}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.0.4.922 - IObit)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Live 8.2.2 (HKLM\...\Live 8.2.2) (Version:  - )
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
MKV Player 2.1.17 (HKLM\...\MKV Player_is1) (Version:  - )
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 301.42 - NVIDIA Corporation)
NVIDIA Grafiktreiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.42 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.8.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
ph (Version: 1.0.0 - Your Company Name) Hidden
Picture Collage Maker Free 2.1.2 (HKLM\...\{DEB7295A-D00E-4D45-846C-2947E8C3F080}_is1) (Version:  - PearlMountain Soft)
Samplitude 11 (HKLM\...\{AE0009FD-8F50-4565-835D-4432BD18D792}) (Version: 11.0.1.0 - MAGIX AG)
Security Task Manager 2.1d (HKLM\...\Security Task Manager) (Version: 2.1d - Neuber Software)
SiSoftware Sandra Lite 2011.SP2 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1) (Version: 17.50.2011.6 - SiSoftware)
Steinberg Cubase LE (HKLM\...\Steinberg Cubase LE) (Version:  - )
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{FC16C025-71D3-430F-BE61-B7E713E5B582}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
SynthMaster 2.5 VST/VSTi version 2.5.3.109 (HKLM\...\{724D6BD0-88D0-4354-A124-6EE4D36E9EF2}_is1) (Version: 2.5.3.109 - KV331 Audio)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.342 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.342 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.342 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4600.4 - TuneUp Software) Hidden
Video DVD Maker v3.30.0.75 (HKLM\...\{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}) (Version:  - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
XMedia Recode Version 3.2.0.2 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.0.2 - XMedia Recode)
XnView 2.32 (HKLM\...\XnView_is1) (Version: 2.32 - Gougelet Pierre-e)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Onpoint\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Onpoint\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\Onpoint\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\46.0.2490.80\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Onpoint\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Onpoint\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Onpoint\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Onpoint\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Onpoint\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Wiederherstellungspunkte =========================

28-10-2015 21:23:13 "Windows Live ID Sign-in Assistant" deinstallieren

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:04 - 2014-09-10 16:59 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0128651B-F837-47F3-BAB4-E41CDF188EBA} - System32\Tasks\AdobeAAMUpdater-1.0-Onpoint-PC-Onpoint => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {0F97DE12-2EDD-4A98-BA51-8EB6ADF9222D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {1440E683-96E8-48B4-9A6B-55381CEBC2F3} - System32\Tasks\Google Updater and Installer => C:\Users\Onpoint\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {16E25601-B1E3-498E-BE94-6B9B35E580B8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000UA => C:\Users\Onpoint\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {1F832F1E-21ED-4A6D-9CBC-67C17484440E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-07-21] (TuneUp Software)
Task: {4CB71AF6-FAE4-4E43-9519-F1176668990E} - System32\Tasks\FileAdvisorUpdate => C:\Program Files\File Type Advisor\fileadvisor.exe [2013-07-12] (File Type Advisor)
Task: {6116501C-AB06-46D8-9F38-9617BB0F81C6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000Core => C:\Users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {68E17EFD-2665-4F9B-90C6-975638732BE4} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {755F1BB6-CA93-45EE-A576-E2ED2F93D6AA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7FC90254-8F4B-4033-8697-6B179A25D014} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000UA => C:\Users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {809E92E1-8CE8-4A27-9816-CC96D30F79FD} - System32\Tasks\{02591D7E-F28C-4528-88E0-1B0BE7C5D4BF} => pcalua.exe -a C:\Users\Onpoint\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\installationsverwaltung.exe -d C:\Users\Onpoint\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\ -c --picaDir="G:\Traumfabrik Music GbR\ Steuer"
Task: {BE508C33-21BC-4460-B99B-EC5AE1D0EE9C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated)
Task: {C1BA9686-9EE7-4AB0-BE0E-A4D9BDA74A1B} - System32\Tasks\FileAdvisorCheck => C:\Program Files\File Type Advisor\file-type-advisor.exe [2013-07-12] (filetypeadvisor.com                                         )
Task: {C21CE928-3F09-465C-B408-EBDFD6557474} - System32\Tasks\AutoPico Daily Restart => G:\Tools\System\Microsoft Office\KMSpico\AutoPico.exe
Task: {C9DAD041-723A-43D0-A991-A1CAD4C58677} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000Core => C:\Users\Onpoint\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {CB086D9E-FCB3-4EAA-BBA7-67A89DF9569F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D8E6B67C-BF06-47F6-B0D4-ADC28F538D6F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-24] (Adobe Systems Incorporated)
Task: {E0B07B32-1C19-4D65-8E33-0AF845D26981} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {E4255437-F12F-4592-84EF-5364BA52D682} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000Core.job => C:\Users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000UA.job => C:\Users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000Core.job => C:\Users\Onpoint\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000UA.job => C:\Users\Onpoint\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2012-01-12 15:31 - 2012-05-15 10:27 - 00079168 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-07-21 11:27 - 2014-07-21 11:27 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2015-10-29 20:12 - 2015-10-29 20:12 - 00071168 _____ () c:\users\onpoint\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprquhkp.dll
2015-03-04 22:45 - 2015-09-24 00:07 - 00012800 _____ () C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 22:45 - 2015-09-24 00:07 - 00779776 _____ () C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 12:30 - 2015-09-24 00:07 - 00056320 _____ () C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 22:45 - 2015-09-24 00:07 - 00012288 _____ () C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-10-27 23:40 - 2015-10-20 15:08 - 01532744 _____ () C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-27 23:40 - 2015-10-20 15:08 - 00081224 _____ () C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\46.0.2490.80\libegl.dll
2015-10-27 23:40 - 2015-10-20 15:08 - 16493384 _____ () C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Classes\.exe: exefile =>  <===== ACHTUNG
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Classes\exefile:  <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 217.68.161.141 - 217.68.161.171
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{90FF1ADC-1DA0-4447-B994-28115A45CCF3}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2\RpcAgentSrv.exe
FirewallRules: [{C6C6FA91-3E7C-4AA3-8F3B-BC488A01EE6E}] => (Allow) E:\Games\Steam\Steam.exe
FirewallRules: [{09B2E8BB-497D-4B18-84E7-1303C8F7B475}] => (Allow) E:\Games\Steam\Steam.exe
FirewallRules: [{238DD0F1-FC3D-4E50-885A-C138FA582162}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{27B3CBA0-8D2A-40BF-A55F-366CC640E341}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{DBDA333E-0B50-4E1B-9FB3-46CB47B4F9F4}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [{FF3AD8EB-C753-411A-84F9-4451F93D60AB}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [{EB28F755-46E0-430E-8863-4B375E7BBFBB}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [{59C7CF8C-3A0B-434F-8F98-598346B0B440}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [{E0558C44-7573-4EFF-B377-C77B4BDDCC57}] => (Allow) E:\Games\Steam\steamapps\common\call of duty black ops\BlackOps.exe
FirewallRules: [{7C07985D-8772-4CA5-B9A2-6BC2FEF6D377}] => (Allow) E:\Games\Steam\steamapps\common\call of duty black ops\BlackOps.exe
FirewallRules: [{B5AA5041-0515-4494-B4B2-E0EAD2156C00}] => (Allow) E:\Games\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe
FirewallRules: [{0EB52DD9-95B9-4A6E-852B-43AE6162B93F}] => (Allow) E:\Games\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe
FirewallRules: [{F85D9DF2-B21D-4B63-A18D-FB237DE66838}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{F062AB5A-AC61-4CC9-B76E-D811844EC5FC}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{1126A7B6-C240-4127-B114-BA6BB9887391}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C570CDB0-9B62-46BA-9461-8C1A50ABED4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9E5ECF47-E88D-483D-B792-84AB7FA0C63B}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [{C4A6190B-FBA0-4969-99EB-40DE343AC530}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [TCP Query User{C22DEA18-5C76-452A-8241-5BCB74DB0AF0}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{B2D1BFC2-F546-46A2-9ADA-DE87A8B5A1E3}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{2A3D400A-B151-4BD6-98FE-7EB5DD12D3B4}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{365504BB-97D0-4928-801C-87C69E5290CD}] => (Allow) LPort=2869
FirewallRules: [{23D5B980-5EDD-4B16-9279-181AF73261BE}] => (Allow) LPort=1900
FirewallRules: [{66BF9D27-A9FB-427B-B1FD-6E21DDC040A7}] => (Allow) C:\Users\Onpoint\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AD7225B9-8F1A-41C9-821D-6EEF96729662}] => (Allow) C:\Users\Onpoint\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{1917D7E4-41C5-4BEC-8491-575DAFD865CD}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{A382292A-BB53-42A8-998A-05DCFC07FA95}C:\program files\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{3D5B4B76-FAF3-48FE-9DA6-E2FBF8F51D59}] => (Allow) C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7D41D652-223F-4F68-B232-0F66719F2ED4}] => (Allow) C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{E127261D-1F16-4FD3-83C7-55AC16E4EA45}C:\users\onpoint\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\onpoint\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{27991C2A-9490-4A68-8860-7B373E0885C0}C:\users\onpoint\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\onpoint\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{046983D9-627E-4A49-9A3D-7F128D87ABFE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{17156758-7564-45EF-825E-C7FFB59CC61D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{279E4CD6-AD47-4FFE-990D-91BA667B177D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9EDA0EFA-333E-4EE6-B8C5-5500CFCCA849}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{ED2BF081-8A33-4E95-9388-82F678FD3DA0}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4314C534-AF20-4C83-B3D1-A8EDE1471057}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{509D2C62-DA02-43E5-A2FC-D445A720F498}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B8A24840-3BB2-4512-950C-6BD8BC9E5D38}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3BDF81ED-3028-41FC-A0DA-9A44B799234E}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{AD63A512-28F5-48EE-B6DF-B1D2E0134B6A}] => (Allow) LPort=5357
FirewallRules: [{F2EA8829-C9A3-46CB-B921-4CD1AFF50BCD}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{4F412CCB-E988-4E4D-9D45-AE4E13CBF420}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{2157830F-CE1C-4A47-8428-F0F0C6C7FC45}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [{5E9D7D61-9270-40AF-A123-3B80B105FFF1}] => (Allow) E:\Games\Steam\Steam.exe
FirewallRules: [{E0D3BE81-C342-4034-8F09-79197220C4F5}] => (Allow) E:\Games\Steam\Steam.exe
FirewallRules: [{6111A8A0-9839-4EFE-AD95-CE0CABABB7F9}] => (Allow) E:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{58DFFAEC-1E7B-4069-BF4B-604CCAE8CD61}] => (Allow) E:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{C83D590A-661D-4662-B483-A2DCBF1D1D8F}] => (Allow) G:\Games\SteamLibrary\steamapps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{DC606EA5-A7D9-452B-A290-29C808175E64}] => (Allow) G:\Games\SteamLibrary\steamapps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [TCP Query User{CB9D0981-6B4D-4109-A9AA-04CB4B2558D0}G:\tools\system\bitcoin\bitcoin-qt.exe] => (Allow) G:\tools\system\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{177F5592-EEEB-4C59-8522-BD7758818519}G:\tools\system\bitcoin\bitcoin-qt.exe] => (Allow) G:\tools\system\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{D3543D74-DC40-4A9B-B3D9-A875806D5CE9}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{90F79F5F-0CBE-4BC6-A19F-D5805AC705C6}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{B49F95ED-E351-4C9F-BC7B-ABA2AC9C4ABF}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4967FECB-2853-485C-A655-B32C14CC1DBB}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9E6CCF13-219F-4D61-B4A1-76F48AD0C302}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8A54C6B2-136C-4A10-9EF9-4D3241BAE4F9}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A7744C23-6663-44FE-8999-D05F01EBA8F7}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{774D578B-1E21-49BE-8362-6E8EAB15DADD}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D728FB61-6BC9-40E2-BBE3-448E197C45AE}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2A39EACF-2566-42A6-B1FA-7D3C45DC4E61}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0F1E9690-94B8-4D0C-9DBA-784BCC213D22}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{93B5280B-3748-4EED-96E1-C22D3048A9B1}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{845BA505-F8B6-46D4-B289-97ED82D06AC7}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E16E71B6-E46F-47C5-9868-62EB6D67D0F7}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0CCDA807-DA90-4228-B941-CBAF87639877}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B102AB5A-F4E1-4B53-9080-22A20C40AE2B}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CEAF1557-9EA7-49D5-B58A-9F4D82FF5810}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E6DEB691-4C19-4A1A-B723-A00D5A5F067A}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4F3249C6-DDB6-4710-858D-73B6AE39D540}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CFED0DA5-F5BD-4008-8820-331086729625}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A456DE7A-CB10-4EAE-8D41-A9A0380700E7}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{45CF864E-470D-4F34-B3EF-CBBEA02401E0}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C9C58728-F55E-4925-84AB-98F21813C7D4}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D57F3F62-8B79-43CE-9B76-84834A0B0369}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DADB47D8-6651-402D-827A-F53B7255090C}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BD691F88-89D8-45FE-BDFE-A449112CF27A}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{48D6633A-66BF-4B24-9EC7-1C6A542C75A1}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{884EAD61-5368-4347-A272-990F7118393D}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{5AAEB739-EFA2-4C75-8526-C1B5809961D3}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{6FD700A4-7D22-4EE9-93A0-860D370FE1A1}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [{C3DA5325-D014-4C86-9457-AB7149D90DB5}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Fast-Ethernet-Netzwerkkarte für Realtek RTL8139/810x-Familie
Description: Fast-Ethernet-Netzwerkkarte für Realtek RTL8139/810x-Familie
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8023xp
Problem: : This device cannot find enough free resources that it can use. If you want to use this device, you will need to disable one of the other devices on this system. (Code12)
Resolution: Two devices have been assigned the same input/output (I/O) ports, the same interrupt, or the same Direct Memory Access channel (either by the BIOS, the operating system, or a combination of the two). This error message can also appear if the BIOS did not allocate enough resources to the device (for example, if a universal serial bus (USB) controller does not get an interrupt from the BIOS because of a corrupt Multiprocessor System (MPS) table).
You can use Device Manager to determine where the conflict is and disable the conflicting device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/28/2015 09:23:12 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {41bb1f5b-a1cb-4dd5-8818-2cdf800e1305}

Error: (10/28/2015 01:36:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TuneUpUtilitiesService32.exe, Version: 14.0.1000.342, Zeitstempel: 0x53ccea19
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003224d
ID des fehlerhaften Prozesses: 0x668
Startzeit der fehlerhaften Anwendung: 0xTuneUpUtilitiesService32.exe0
Pfad der fehlerhaften Anwendung: TuneUpUtilitiesService32.exe1
Pfad des fehlerhaften Moduls: TuneUpUtilitiesService32.exe2
Berichtskennung: TuneUpUtilitiesService32.exe3

Error: (10/28/2015 12:14:59 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {334fd191-408a-4200-9ea8-c13a642fe1ae}

Error: (10/27/2015 11:05:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {334fd191-408a-4200-9ea8-c13a642fe1ae}

Error: (10/27/2015 11:00:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden.

Details:
Could not query the status of the EventSystem service.

System Error:
Der Computer wird heruntergefahren.
.

Error: (10/27/2015 06:21:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: gcucc-a.exe, Version: 0.220.211.106, Zeitstempel: 0x562e2b48
Name des fehlerhaften Moduls: gcucc-a.exe, Version: 0.220.211.106, Zeitstempel: 0x562e2b48
Ausnahmecode: 0xc0000417
Fehleroffset: 0x00025ad6
ID des fehlerhaften Prozesses: 0x1600
Startzeit der fehlerhaften Anwendung: 0xgcucc-a.exe0
Pfad der fehlerhaften Anwendung: gcucc-a.exe1
Pfad des fehlerhaften Moduls: gcucc-a.exe2
Berichtskennung: gcucc-a.exe3

Error: (10/27/2015 05:34:31 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225

Error: (10/25/2015 09:11:17 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225

Error: (10/24/2015 12:59:05 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225

Error: (10/16/2015 03:17:29 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225


Systemfehler:
=============
Error: (10/29/2015 08:14:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (10/29/2015 08:14:08 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (10/29/2015 08:12:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (10/29/2015 08:12:28 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (10/29/2015 08:11:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (10/28/2015 09:59:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/28/2015 08:52:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (10/28/2015 08:52:39 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (10/28/2015 08:50:54 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (10/28/2015 08:50:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 965 Processor
Prozentuale Nutzung des RAM: 61%
Installierter physikalischer RAM: 3327.24 MB
Verfügbarer physikalischer RAM: 1284 MB
Summe virtueller Speicher: 9325.53 MB
Verfügbarer virtueller Speicher: 6692.74 MB

==================== Laufwerke ================================

Drive b: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive c: (Windows) (Fixed) (Total:39.43 GB) (Free:8.07 GB) NTFS
Drive d: (Downloads) (Fixed) (Total:12.69 GB) (Free:10.43 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (Games&Tools) (Fixed) (Total:61.83 GB) (Free:3.51 GB) NTFS
Drive f: (Musik&Filme) (Fixed) (Total:195.31 GB) (Free:14.78 GB) NTFS
Drive g: (Games&Tools) (Fixed) (Total:361.33 GB) (Free:204.98 GB) NTFS
Drive h: (TuneUp Utilities) (CDROM) (Total:0.29 GB) (Free:0 GB) UDF

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: D0A4D0A4)
Partition 1: (Active) - (Size=12.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=61.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 8B58F025)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=361.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=39.4 GB) - (Type=07 NTFS)

==================== Ende vom Addition.txt ============================
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:29-10-2015
durchgeführt von Onpoint (Administrator) auf ONPOINT-PC (29-10-2015 20:20:26)
Gestartet von G:\Downloads
Geladene Profile: Onpoint (Verfügbare Profile: Onpoint & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Malwarebytes Corporation) G:\Tools\System\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) G:\Tools\System\ Malwarebytes Anti-Malware \mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) G:\Tools\System\ Malwarebytes Anti-Malware \mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Dropbox, Inc.) C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [782520 2015-09-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-09-10] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\Run: [GoogleChromeAutoLaunch_F39032C19F5C81D8B6437859BCCB58BB] => C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\Run: [Ctnglh] => rundll32 "C:\Users\Onpoint\AppData\Roaming\DLLDEV327.dll",Gkmjezt
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\Run: [Dropbox Update] => C:\Users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: H - H:\Autorun.exe
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {03bc4b90-7123-11e2-b067-c72790526d56} - I:\LGAutoRun.exe
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {1648fdc8-98dc-11e0-8858-806e6f6e6963} - H:\autorun.exe
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {4cad1590-3ed2-11e2-9060-f4c298c1e85b} - H:\Setup.exe
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {55d51832-98e5-11e0-a804-a1b97abd6879} - H:\Autorun.exe
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {5a258710-a422-11e1-84bf-b02bf06cd4d5} - I:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {63c11fd7-9b51-11e1-b4b5-a21ccafa447b} - I:\autorun.exe
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {63c11ff6-9b51-11e1-b4b5-a21ccafa447b} - I:\autorun.exe
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {63c1236d-9b51-11e1-b4b5-a21ccafa447b} - I:\autorun.exe
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {70175df7-992a-11e1-ad7e-fb93c64832f5} - I:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {70175e37-992a-11e1-ad7e-fb93c64832f5} - I:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {ae5f7a28-9b8b-11e1-ba9a-e57530d07aa1} - I:\autorun.exe
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {ba3cdf89-9dcd-11e1-93d6-c1c38aa16f54} - I:\autorun.exe
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {f391d2a2-a3ff-11e1-abfa-b9d2d235f55b} - I:\autorun.exe
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {fc946d8c-9bcb-11e1-b87f-a424f9def0a1} - I:\autorun.exe
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {fcfbd940-a32c-11e1-b553-d1d57e33fcbe} - I:\autorun.exe
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\MountPoints2: {fe3eb1db-9c20-11e1-9338-ed2a78be3755} - I:\autorun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
Startup: C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autostart - Verknüpfung [2015-10-28] ()
Startup: C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-10-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171 8.8.8.8
Tcpip\..\Interfaces\{56DAC62F-F8D2-4E68-A0A7-73D49DEAB4B4}: [DhcpNameServer] 217.68.161.141 217.68.161.171 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000 -> {CE054885-F5D9-455F-8C2E-F037D8B1AA95} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2013-12-03] (IObit)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-04] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000 -> Kein Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  Keine Datei
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Onpoint\AppData\Roaming\Mozilla\Firefox\Profiles\Sm2qOauC.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-24] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-05-15] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-05-15] (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1458833429-1062236089-2201144009-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-1458833429-1062236089-2201144009-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-1458833429-1062236089-2201144009-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Onpoint\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\Onpoint\AppData\Roaming\Mozilla\Firefox\Profiles\Sm2qOauC.default\Extensions\abs@avira.com [2015-10-27] [ist nicht signiert]

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR Plugin: (Native Client) - C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\46.0.2490.80\pdf.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Google Update) - C:\Users\Onpoint\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => Keine Datei
CHR Profile: C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Mixcloud Harvester Downloader) - C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\afaibpbhjbconbdfokmbkgdgidflbola [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Google-Suche) - C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast Online Security) - C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-27]
CHR Extension: (YouTube Unblocker) - C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2015-10-27] [UpdateUrl: hxxp://www.unblocker.yt/addon/chrome/updates.xml] <==== ACHTUNG
CHR Extension: (Google Mail) - C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1147720 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [240872 2015-09-10] (Avira Operations GmbH & Co. KG)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2013-04-14] (SEIKO EPSON CORPORATION)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit)
R2 MBAMScheduler; G:\Tools\System\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; G:\Tools\System\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4176896 2011-12-05] (Native Instruments GmbH) [Datei ist nicht signiert]
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2\RpcAgentSrv.exe [93848 2009-08-10] (SiSoftware) [Datei ist nicht signiert]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-21] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-08-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [55912 2015-09-24] (Avira Operations GmbH & Co. KG)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [127488 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.) [Datei ist nicht signiert]
S3 eapihdrv; C:\Users\Onpoint\AppData\Local\Temp\ehdrv.sys [135760 2015-10-27] (ESET)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [124416 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.) [Datei ist nicht signiert]
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-10-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [648808 2011-07-06] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-12-05] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-10] (Avira Operations GmbH & Co. KG)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-11-12] (TuneUp Software)
U3 anhr5r8t; C:\Windows\system32\Drivers\anhr5r8t.sys [0 ] (Advanced Micro Devices) <==== ACHTUNG (Null Byte Datei/Ordner)
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-29 20:19 - 2015-10-29 20:20 - 00000000 ____D C:\FRST
2015-10-28 00:04 - 2015-10-28 21:19 - 00000000 ____D C:\ProgramData\SecTaskMan
2015-10-27 23:52 - 2015-10-27 23:52 - 00000855 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-10-27 23:52 - 2015-10-27 23:52 - 00000854 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2015-10-27 23:52 - 2015-10-27 23:52 - 00000854 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-10-27 23:25 - 2015-10-27 23:25 - 00000000 ____D C:\Program Files\ESET
2015-10-27 23:05 - 2015-10-27 23:06 - 00000079 _____ C:\Windows\wininit.ini
2015-10-27 22:37 - 2015-10-27 22:37 - 00000000 ____D C:\Program Files (x86)
2015-10-27 22:24 - 2015-10-29 20:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-27 22:24 - 2015-10-27 22:37 - 00000819 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-10-27 22:24 - 2015-10-27 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-10-27 22:24 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-27 22:24 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-27 22:24 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-27 21:56 - 2015-10-27 21:56 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-27 21:51 - 2015-10-28 01:35 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-10-27 21:51 - 2015-10-27 23:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-27 21:51 - 2015-10-27 21:51 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-10-27 21:51 - 2015-10-27 21:51 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-10-27 21:51 - 2015-10-27 21:51 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-10-27 21:33 - 2015-10-27 21:33 - 00006152 _____ C:\Users\Onpoint\AppData\Roaming\howto_recover_file_nwswx.html
2015-10-27 21:33 - 2015-10-27 21:33 - 00006152 _____ C:\Users\Onpoint\AppData\Local\howto_recover_file_nwswx.html
2015-10-27 21:33 - 2015-10-27 21:33 - 00002259 _____ C:\Users\Onpoint\AppData\Roaming\howto_recover_file_nwswx.txt
2015-10-27 21:33 - 2015-10-27 21:33 - 00002259 _____ C:\Users\Onpoint\AppData\Local\howto_recover_file_nwswx.txt
2015-10-27 21:31 - 2015-10-27 21:31 - 00006152 _____ C:\Users\Public\Documents\howto_recover_file_nwswx.html
2015-10-27 21:31 - 2015-10-27 21:31 - 00002259 _____ C:\Users\Public\Documents\howto_recover_file_nwswx.txt
2015-10-27 21:30 - 2015-10-27 21:33 - 00006152 _____ C:\ProgramData\howto_recover_file_nwswx.html
2015-10-27 21:30 - 2015-10-27 21:33 - 00002259 _____ C:\ProgramData\howto_recover_file_nwswx.txt
2015-10-27 21:29 - 2015-10-27 21:29 - 00000254 _____ C:\Users\Onpoint\Documents\recover_file_gagipblns.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\Downloads\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\Documents\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\Desktop\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\AppData\Roaming\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\AppData\LocalLow\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\AppData\Local\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\AppData\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\Public\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\Public\Downloads\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\Onpoint\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\Onpoint\Downloads\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\Onpoint\Documents\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\Downloads\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\Documents\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\Desktop\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\AppData\Roaming\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\AppData\LocalLow\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\AppData\Local\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\AppData\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\Public\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\Public\Downloads\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\Onpoint\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\Onpoint\Downloads\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\Onpoint\Documents\howto_recover_file_mrjno.txt
2015-10-27 21:04 - 2015-10-27 21:06 - 00006152 _____ C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\howto_recover_file_mrjno.html
2015-10-27 21:04 - 2015-10-27 21:06 - 00002259 _____ C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\howto_recover_file_mrjno.txt
2015-10-27 21:04 - 2015-10-27 21:04 - 00006152 _____ C:\Users\Onpoint\AppData\howto_recover_file_mrjno.html
2015-10-27 21:04 - 2015-10-27 21:04 - 00002259 _____ C:\Users\Onpoint\AppData\howto_recover_file_mrjno.txt
2015-10-27 21:03 - 2015-10-27 21:03 - 00006152 _____ C:\Users\Onpoint\AppData\LocalLow\howto_recover_file_mrjno.html
2015-10-27 21:03 - 2015-10-27 21:03 - 00002259 _____ C:\Users\Onpoint\AppData\LocalLow\howto_recover_file_mrjno.txt
2015-10-27 20:57 - 2015-10-27 21:06 - 00006152 _____ C:\Users\Onpoint\AppData\Local\howto_recover_file_mrjno.html
2015-10-27 20:57 - 2015-10-27 21:06 - 00002259 _____ C:\Users\Onpoint\AppData\Local\howto_recover_file_mrjno.txt
2015-10-27 20:57 - 2015-10-27 21:04 - 00006152 _____ C:\Users\Onpoint\AppData\Roaming\howto_recover_file_mrjno.html
2015-10-27 20:57 - 2015-10-27 21:04 - 00002259 _____ C:\Users\Onpoint\AppData\Roaming\howto_recover_file_mrjno.txt
2015-10-27 20:56 - 2015-10-27 21:06 - 00006152 _____ C:\Users\Public\Documents\howto_recover_file_mrjno.html
2015-10-27 20:56 - 2015-10-27 21:06 - 00002259 _____ C:\Users\Public\Documents\howto_recover_file_mrjno.txt
2015-10-27 20:55 - 2015-10-27 20:57 - 00006152 _____ C:\ProgramData\howto_recover_file_mrjno.html
2015-10-27 20:55 - 2015-10-27 20:57 - 00002259 _____ C:\ProgramData\howto_recover_file_mrjno.txt
2015-10-27 20:54 - 2015-10-27 20:54 - 00000254 _____ C:\Users\Onpoint\Documents\recover_file_egsyiqrap.txt
2015-10-27 18:21 - 2015-10-27 21:33 - 00000000 ___HD C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-10-27 18:21 - 2015-10-27 18:21 - 00000254 _____ C:\Users\Onpoint\Documents\recover_file_sooikjdow.txt
2015-10-25 21:21 - 2015-10-27 22:59 - 00002109 _____ C:\Users\Onpoint\Desktop\JDownloader 2.lnk
2015-10-25 21:21 - 2015-10-27 21:04 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-10-25 21:19 - 2015-10-27 21:34 - 00000000 ____D C:\Users\Onpoint\AppData\Local\JDownloader 2.0
2015-10-24 12:52 - 2015-10-27 21:04 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-15 16:13 - 2015-10-27 21:04 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Mozilla

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-29 20:16 - 2009-07-14 05:34 - 00029440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-29 20:16 - 2009-07-14 05:34 - 00029440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-29 20:15 - 2011-06-17 13:22 - 01469130 _____ C:\Windows\WindowsUpdate.log
2015-10-29 20:12 - 2014-04-22 11:54 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Dropbox
2015-10-29 20:11 - 2014-01-07 02:44 - 00031629 _____ C:\Windows\setupact.log
2015-10-29 20:11 - 2011-06-17 13:49 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-29 20:11 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-28 21:34 - 2011-06-17 14:07 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000UA.job
2015-10-28 21:21 - 2013-03-02 11:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-28 21:13 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2015-10-28 21:09 - 2015-06-21 11:58 - 00001232 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000UA.job
2015-10-28 20:59 - 2012-01-05 17:24 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Adobe
2015-10-28 01:50 - 2014-01-15 20:30 - 00007602 _____ C:\Users\Onpoint\AppData\Local\Resmon.ResmonCfg
2015-10-28 01:35 - 2014-01-07 02:43 - 02243784 _____ C:\Windows\PFRO.log
2015-10-28 00:30 - 2014-02-09 12:34 - 00000000 ____D C:\avast! sandbox
2015-10-27 23:41 - 2011-06-17 14:08 - 00002380 _____ C:\Users\Onpoint\Desktop\Google Chrome.lnk
2015-10-27 23:04 - 2015-09-24 18:10 - 00120832 ___SH C:\Users\Onpoint\Desktop\Thumbs.db
2015-10-27 23:01 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\LiveKernelReports
2015-10-27 22:59 - 2015-06-21 15:44 - 00000765 _____ C:\Users\Onpoint\Desktop\Start Tor Browser.lnk
2015-10-27 22:59 - 2015-04-25 16:04 - 00000701 _____ C:\Users\Onpoint\Desktop\XnView.lnk
2015-10-27 22:59 - 2014-11-27 18:13 - 00001274 _____ C:\Users\Onpoint\Desktop\TV Halle - Verknüpfung.lnk
2015-10-27 22:59 - 2014-04-22 12:03 - 00001021 _____ C:\Users\Onpoint\Desktop\Dropbox.lnk
2015-10-27 22:59 - 2013-09-07 12:44 - 00000877 _____ C:\Users\Onpoint\Desktop\Free M4a to MP3 Converter.lnk
2015-10-27 22:59 - 2013-07-14 19:03 - 00000823 _____ C:\Users\Onpoint\Desktop\JDownloader.lnk
2015-10-27 22:59 - 2013-07-11 16:44 - 00001362 _____ C:\Users\Onpoint\Desktop\impOSCar2.lnk
2015-10-27 22:59 - 2013-05-11 16:11 - 00001482 _____ C:\Users\Onpoint\Desktop\Adobe Audition CS6.lnk
2015-10-27 22:59 - 2013-05-03 16:40 - 00000000 ____D C:\Users\Onpoint\AppData\LocalLow\Delta
2015-10-27 22:59 - 2012-11-25 15:01 - 00001367 _____ C:\Users\Onpoint\Desktop\Free YouTube to MP3 Converter.lnk
2015-10-27 22:59 - 2012-02-10 14:20 - 00000821 _____ C:\Users\Onpoint\Desktop\Live 8.2.2.lnk
2015-10-27 22:59 - 2011-08-11 12:25 - 00000994 _____ C:\Users\Onpoint\Desktop\Reason 4 - Verknüpfung.lnk
2015-10-27 22:59 - 2011-06-17 15:09 - 00012415 _____ C:\Users\Onpoint\Desktop\ReCycle.lnk
2015-10-27 22:59 - 2011-06-17 14:37 - 00000932 _____ C:\Users\Onpoint\Desktop\Steam.lnk
2015-10-27 22:59 - 2011-06-17 14:14 - 00000683 _____ C:\Users\Onpoint\Desktop\WinRAR.lnk
2015-10-27 22:59 - 2011-06-17 13:58 - 00001338 _____ C:\Users\Onpoint\Desktop\SiSoftware Sandra Lite 2011.SP2.lnk
2015-10-27 22:59 - 2011-06-17 13:57 - 00000355 _____ C:\Users\Onpoint\Desktop\Computer.lnk
2015-10-27 21:40 - 2011-06-17 13:42 - 00000000 ____D C:\Users\Onpoint
2015-10-27 21:34 - 2014-12-29 12:48 - 00000000 ____D C:\Users\Onpoint\AppData\Local\HP
2015-10-27 21:34 - 2013-09-07 12:44 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Lollipop
2015-10-27 21:34 - 2011-06-17 14:07 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Google
2015-10-27 21:33 - 2015-06-21 11:58 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Dropbox
2015-10-27 21:33 - 2015-02-24 18:09 - 00000000 ____D C:\ProgramData\Xilisoft
2015-10-27 21:33 - 2015-02-19 13:06 - 00000000 ____D C:\Users\Onpoint\AppData\Local\elfopatch
2015-10-27 21:33 - 2014-12-29 12:51 - 00000000 ____D C:\ProgramData\Visan
2015-10-27 21:33 - 2014-05-04 14:22 - 00000000 ____D C:\ProgramData\Syncrosoft
2015-10-27 21:33 - 2013-12-15 17:40 - 00000000 ____D C:\ProgramData\TEMP
2015-10-27 21:33 - 2013-10-23 11:40 - 00000000 __HDC C:\ProgramData\{F4FF7251-2B0F-48B9-A31D-1930EB197336}
2015-10-27 21:33 - 2013-10-23 11:40 - 00000000 __HDC C:\ProgramData\{ECCA2E41-2653-4A28-BB8F-62B24E1A584D}
2015-10-27 21:33 - 2013-10-23 11:35 - 00000000 __HDC C:\ProgramData\{F7BFF4EE-E380-444D-BF91-DE4716D46130}
2015-10-27 21:33 - 2013-10-23 11:34 - 00000000 __HDC C:\ProgramData\{08BCEE1B-8DEC-401F-989A-111EE3AF2366}
2015-10-27 21:33 - 2013-10-23 11:33 - 00000000 __HDC C:\ProgramData\{9A73EE13-A1FF-4899-BA10-5DF1DE4A86CA}
2015-10-27 21:33 - 2013-10-23 11:33 - 00000000 __HDC C:\ProgramData\{699830EE-64F0-4782-AEDE-0FCCC40946BA}
2015-10-27 21:33 - 2013-10-23 11:33 - 00000000 __HDC C:\ProgramData\{5D4AD7AA-51B3-4EF1-8DBC-4D6CBFF4668D}
2015-10-27 21:33 - 2013-10-23 11:30 - 00000000 __HDC C:\ProgramData\{6268CC84-62BB-4890-B980-FC891FC3470E}
2015-10-27 21:33 - 2013-09-07 12:44 - 00000000 ____D C:\Users\Onpoint\AppData\Local\avgchrome
2015-10-27 21:33 - 2013-07-21 16:56 - 00000000 __HDC C:\ProgramData\{62CAB22A-9020-41D6-A410-EAB112E32063}
2015-10-27 21:33 - 2013-07-11 17:47 - 00000000 __HDC C:\ProgramData\{E051D9C8-9503-489B-8E90-21CEB1DF11C1}
2015-10-27 21:33 - 2013-07-11 16:59 - 00000000 __HDC C:\ProgramData\{A4FF347C-7353-4B5D-B479-1933EFF12E9A}
2015-10-27 21:33 - 2013-07-11 16:58 - 00000000 __HDC C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}
2015-10-27 21:33 - 2013-07-11 16:56 - 00000000 __HDC C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}
2015-10-27 21:33 - 2013-07-11 16:53 - 00000000 __HDC C:\ProgramData\{B9F6456A-E0C8-4BD3-A6E8-AFA8859EC4C4}
2015-10-27 21:33 - 2013-07-11 16:53 - 00000000 __HDC C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2015-10-27 21:33 - 2013-07-11 16:53 - 00000000 __HDC C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
2015-10-27 21:33 - 2013-05-29 18:02 - 00000000 ____D C:\ProgramData\xhip
2015-10-27 21:33 - 2013-04-02 19:30 - 00000000 ____D C:\Users\Onpoint\AppData\Local\ACD Systems
2015-10-27 21:33 - 2013-04-02 19:25 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Downloaded Installations
2015-10-27 21:33 - 2013-01-15 15:35 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-10-27 21:33 - 2012-05-29 22:40 - 00000000 ____D C:\ProgramData\Vodafone
2015-10-27 21:33 - 2012-02-10 14:11 - 00000000 __HDC C:\ProgramData\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
2015-10-27 21:33 - 2012-02-06 16:47 - 00000000 __HDC C:\ProgramData\{13A9B825-42CB-4973-913D-2194B5A4CF94}
2015-10-27 21:33 - 2012-01-05 17:56 - 00000000 ____D C:\ProgramData\Sun
2015-10-27 21:33 - 2011-06-17 14:41 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Activision
2015-10-27 21:33 - 2011-06-17 14:32 - 00000000 ____D C:\ProgramData\Propellerhead Software
2015-10-27 21:33 - 2011-06-17 14:12 - 00000000 __SHD C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2015-10-27 21:33 - 2011-06-17 14:12 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-10-27 21:32 - 2014-12-29 12:51 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-10-27 21:32 - 2014-12-29 12:50 - 00000000 ____D C:\ProgramData\HP
2015-10-27 21:32 - 2014-05-04 12:28 - 00000000 ____D C:\ProgramData\Oracle
2015-10-27 21:32 - 2013-12-03 11:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-27 21:32 - 2013-12-03 11:14 - 00000000 ____D C:\ProgramData\ProductData
2015-10-27 21:32 - 2013-12-03 11:14 - 00000000 ____D C:\ProgramData\IObit
2015-10-27 21:32 - 2013-07-11 16:53 - 00000000 ____D C:\ProgramData\Native Instruments
2015-10-27 21:32 - 2011-06-17 13:49 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-27 21:31 - 2015-06-21 11:58 - 00000000 ____D C:\ProgramData\Dropbox
2015-10-27 21:31 - 2014-05-04 14:22 - 00000000 ____D C:\ProgramData\eLicenser
2015-10-27 21:31 - 2014-05-04 14:21 - 00000000 ____D C:\ProgramData\Arturia
2015-10-27 21:31 - 2014-05-04 13:16 - 00000000 ____D C:\ProgramData\Avira
2015-10-27 21:31 - 2013-09-19 10:45 - 00000000 ____D C:\ProgramData\elsterformular
2015-10-27 21:31 - 2013-05-03 15:38 - 00000000 ____D C:\ProgramData\Babylon
2015-10-27 21:31 - 2013-04-14 09:03 - 00000000 ____D C:\ProgramData\EPSON
2015-10-27 21:31 - 2012-12-05 12:40 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-10-27 21:31 - 2012-05-08 18:30 - 00000000 ____D C:\ProgramData\FLEXnet
2015-10-27 21:31 - 2011-09-06 10:26 - 00000000 ____D C:\ProgramData\AVAST Software
2015-10-27 21:31 - 2011-06-17 14:21 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2015-10-27 21:30 - 2012-01-05 17:04 - 00000000 ____D C:\ProgramData\Adobe
2015-10-27 21:29 - 2013-04-02 19:29 - 00000000 ____D C:\ProgramData\ACD Systems
2015-10-27 21:29 - 2012-01-07 23:07 - 00000000 ____D C:\ProgramData\Ableton
2015-10-27 21:29 - 2011-06-23 10:08 - 00000000 ____D C:\Temp
2015-10-27 21:06 - 2014-12-09 12:01 - 00000000 ____D C:\Users\Onpoint\Documents\Ableton
2015-10-27 21:06 - 2014-12-05 23:25 - 00000000 ____D C:\Users\Onpoint\Library
2015-10-27 21:06 - 2014-12-05 21:49 - 00000000 ____D C:\Users\Onpoint\Documents\Usenet.nl
2015-10-27 21:06 - 2014-11-28 16:57 - 24084910 _____ C:\Users\Onpoint\Documents\Unbenannt 1 Präsentation.ppt.ccc
2015-10-27 21:06 - 2014-11-28 16:57 - 00985886 _____ C:\Users\Onpoint\Documents\Unbenannt 3 Präsentation.odp.ccc
2015-10-27 21:06 - 2014-11-27 18:44 - 00823118 _____ C:\Users\Onpoint\Documents\Unbenannt 2 Präsentation.odp.ccc
2015-10-27 21:06 - 2014-11-27 18:43 - 00823118 _____ C:\Users\Onpoint\Documents\Unbenannt 1 Präsentation.odp.ccc
2015-10-27 21:06 - 2014-11-27 14:40 - 00000000 ____D C:\Users\Onpoint\Downloads\Microsoft-Office-2013
2015-10-27 21:06 - 2013-11-06 12:38 - 00000000 ____D C:\Users\Onpoint\Documents\Amazon MP3
2015-10-27 21:06 - 2013-10-23 11:38 - 00000000 ____D C:\Users\Public\Documents\Kontakt Elements Selection R2 Library
2015-10-27 21:06 - 2013-10-23 11:35 - 00000000 ____D C:\Users\Public\Documents\Abbey Road 60s Drums Vintage Library
2015-10-27 21:06 - 2013-10-23 11:34 - 00000000 ____D C:\Users\Public\Documents\Reaktor Elements Selection
2015-10-27 21:06 - 2013-10-23 11:33 - 00000000 ____D C:\Users\Public\Documents\Reaktor Spark R2
2015-10-27 21:06 - 2013-09-14 08:51 - 00267118 _____ C:\Users\Onpoint\Documents\Unbenannt 1 handout.odt.ccc
2015-10-27 21:06 - 2013-06-15 15:25 - 00000000 ____D C:\Users\Onpoint\Documents\Adobe
2015-10-27 21:06 - 2013-05-11 16:11 - 00000000 ____D C:\Users\Public\Documents\Adobe
2015-10-27 21:06 - 2013-04-19 18:52 - 00000000 ____D C:\Users\Onpoint\Desktop\WhatsApp Images
2015-10-27 21:06 - 2013-01-15 18:07 - 00000000 ____D C:\Users\Onpoint\Documents\Adobe Scripts
2015-10-27 21:06 - 2012-01-31 20:37 - 00000000 ____D C:\Users\Onpoint\Documents\Native Instruments
2015-10-27 21:06 - 2011-07-07 12:11 - 00000000 ____D C:\Users\Onpoint\Documents\DVDVideoSoft
2015-10-27 21:06 - 2011-06-17 13:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-27 21:06 - 2011-06-17 13:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-27 21:06 - 2009-07-14 09:56 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-10-27 21:06 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-27 21:06 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2015-10-27 21:05 - 2014-11-30 16:27 - 314102190 _____ C:\Users\Onpoint\Desktop\Unbenannt 1 Präsentation [Wiederhergestellt].ppt.ccc
2015-10-27 21:04 - 2015-07-31 12:29 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\ProductData
2015-10-27 21:04 - 2015-06-21 20:53 - 00000478 _____ C:\Users\Onpoint\Desktop\Neues Textdokument.txt.ccc
2015-10-27 21:04 - 2015-04-25 16:04 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\XnView
2015-10-27 21:04 - 2015-02-24 18:11 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Xilisoft
2015-10-27 21:04 - 2014-12-07 22:38 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\XMedia Recode
2015-10-27 21:04 - 2014-12-05 21:49 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Usenet.nl
2015-10-27 21:04 - 2014-11-11 14:35 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Snz
2015-10-27 21:04 - 2014-08-10 17:31 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Sixth
2015-10-27 21:04 - 2014-06-26 13:15 - 00000000 ____D C:\Users\Onpoint\Desktop\Schulter MRT
2015-10-27 21:04 - 2014-03-08 10:39 - 00114014 _____ C:\Users\Onpoint\Desktop\BasaleStimulation.pdf.ccc
2015-10-27 21:04 - 2014-02-18 16:39 - 00096270 _____ C:\Users\Onpoint\Desktop\c2598f8e84c84019afbc190e666632fe-1392541278123.jpeg.ccc
2015-10-27 21:04 - 2014-01-27 11:30 - 00000000 ____D C:\Users\Onpoint\Desktop\LEave me vocals
2015-10-27 21:04 - 2013-11-06 12:38 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-10-27 21:04 - 2013-08-11 20:10 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free IP Switcher
2015-10-27 21:04 - 2013-07-29 20:07 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\uTorrent
2015-10-27 21:04 - 2013-07-23 10:36 - 00000000 ____D C:\Users\Onpoint\Desktop\Samples
2015-10-27 21:04 - 2013-07-23 10:00 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\SSync
2015-10-27 21:04 - 2013-07-23 10:00 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\SCheck
2015-10-27 21:04 - 2013-07-14 19:52 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\WinRAR
2015-10-27 21:04 - 2013-07-11 16:44 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GForce
2015-10-27 21:04 - 2013-01-15 15:35 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\NVIDIA
2015-10-27 21:04 - 2012-08-01 12:30 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\ProgSense
2015-10-27 21:04 - 2012-08-01 12:29 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Orbit
2015-10-27 21:04 - 2012-07-13 20:18 - 03583646 _____ C:\Users\Onpoint\Desktop\SDC10375.JPG.ccc
2015-10-27 21:04 - 2012-05-29 21:47 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-10-27 21:04 - 2012-05-08 18:30 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Vodafone
2015-10-27 21:04 - 2012-02-10 13:31 - 11010478 _____ C:\Users\Onpoint\AppData\Roaming\Sandra.mdb.ccc
2015-10-27 21:04 - 2012-01-05 17:58 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\OpenOffice.org
2015-10-27 21:04 - 2011-08-07 19:09 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftMaker Office
2015-10-27 21:04 - 2011-07-20 12:31 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\vlc
2015-10-27 21:04 - 2011-06-21 10:58 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Steinberg
2015-10-27 21:04 - 2011-06-17 14:32 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Propellerhead Software
2015-10-27 21:04 - 2011-06-17 14:13 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\TuneUp Software
2015-10-27 21:04 - 2011-06-17 14:08 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-27 21:04 - 2011-06-17 14:00 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Option
2015-10-27 21:04 - 2011-06-17 13:42 - 00000000 ___RD C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-27 21:04 - 2011-06-17 13:42 - 00000000 ___RD C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-27 21:03 - 2015-05-03 16:07 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Steam
2015-10-27 21:03 - 2014-12-29 12:50 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\HpUpdate
2015-10-27 21:03 - 2014-12-17 19:49 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\com.adobe.amp
2015-10-27 21:03 - 2014-11-27 15:21 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Microsoft Help
2015-10-27 21:03 - 2014-11-27 14:40 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Temp2102f2aadb7275ce4011279dbd4bc1a6
2015-10-27 21:03 - 2014-08-05 11:01 - 00000000 ____D C:\Users\Onpoint\AppData\Local\TuneUp Software
2015-10-27 21:03 - 2014-05-04 13:18 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Avira
2015-10-27 21:03 - 2014-01-08 18:33 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2015-10-27 21:03 - 2014-01-08 18:33 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\chc
2015-10-27 21:03 - 2013-12-03 11:21 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Malwarebytes
2015-10-27 21:03 - 2013-12-03 11:14 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\IObit
2015-10-27 21:03 - 2013-11-06 12:38 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Amazon
2015-10-27 21:03 - 2013-09-19 10:46 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\elsterformular
2015-10-27 21:03 - 2013-09-08 12:44 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\FileAdvisor
2015-10-27 21:03 - 2013-08-11 20:10 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Eusing
2015-10-27 21:03 - 2013-07-23 10:00 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Intermediate
2015-10-27 21:03 - 2013-07-23 10:00 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\DataMgr
2015-10-27 21:03 - 2013-07-23 10:00 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Common
2015-10-27 21:03 - 2013-07-23 09:51 - 00000000 ____D C:\Users\Onpoint\AppData\Local\PDF24
2015-10-27 21:03 - 2013-07-11 17:04 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\GForce
2015-10-27 21:03 - 2013-05-03 15:38 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Babylon
2015-10-27 21:03 - 2013-05-03 15:33 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2015-10-27 21:03 - 2013-04-02 19:30 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\ACD Systems
2015-10-27 21:03 - 2012-12-05 12:47 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\DAEMON Tools Lite
2015-10-27 21:03 - 2012-10-24 18:03 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Microsoft Games
2015-10-27 21:03 - 2012-08-23 09:51 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Windows Live
2015-10-27 21:03 - 2012-08-01 12:30 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\GrabPro
2015-10-27 21:03 - 2012-05-08 18:30 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Bytemobile
2015-10-27 21:03 - 2012-05-08 18:30 - 00000000 ____D C:\Users\Onpoint\AppData\Local\{86DD38A2-C8BD-404A-A1BD-907F6B69C913}
2015-10-27 21:03 - 2012-01-31 20:37 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Native Instruments
2015-10-27 21:03 - 2012-01-07 23:07 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Ableton
2015-10-27 21:03 - 2012-01-05 17:56 - 00000000 ____D C:\Users\Onpoint\AppData\LocalLow\Sun
2015-10-27 21:03 - 2012-01-05 17:42 - 00000000 ____D C:\Users\Onpoint\AppData\LocalLow\Temp
2015-10-27 21:03 - 2012-01-05 17:24 - 00000000 ____D C:\Users\Onpoint\AppData\LocalLow\Adobe
2015-10-27 21:03 - 2011-07-07 12:12 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\DVDVideoSoftIEHelpers
2015-10-27 21:03 - 2011-07-07 12:12 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\DVDVideoSoft
2015-10-27 21:03 - 2011-06-18 15:35 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Xara
2015-10-27 21:03 - 2011-06-17 14:21 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\DAEMON Tools Pro
2015-10-27 21:03 - 2011-06-17 14:15 - 00000000 ____D C:\Users\Onpoint\AppData\Local\PackageAware
2015-10-27 21:03 - 2011-06-17 14:09 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Macromedia
2015-10-27 21:03 - 2011-06-17 14:09 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Adobe
2015-10-27 21:03 - 2011-06-17 13:42 - 00000000 ____D C:\Users\Onpoint\AppData\Local\VirtualStore
2015-10-27 20:57 - 2011-06-17 13:44 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-24 14:22 - 2013-03-02 11:06 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-24 14:22 - 2013-03-02 11:06 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-14 15:31 - 2015-09-04 20:51 - 00001063 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-10-14 15:31 - 2014-08-22 08:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-14 15:31 - 2014-05-04 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-10-13 12:44 - 2013-09-07 12:44 - 00000000 ____D C:\Program Files\File Type Advisor

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-10-14 03:44 - 2013-10-14 03:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2015-02-24 19:22 - 2015-02-24 19:22 - 0169472 __RSH () C:\Users\Onpoint\AppData\Roaming\DLLDEV327.dll
2015-10-27 20:57 - 2015-10-27 21:04 - 0006152 _____ () C:\Users\Onpoint\AppData\Roaming\howto_recover_file_mrjno.html
2015-10-27 20:57 - 2015-10-27 21:04 - 0002259 _____ () C:\Users\Onpoint\AppData\Roaming\howto_recover_file_mrjno.txt
2015-10-27 21:33 - 2015-10-27 21:33 - 0006152 _____ () C:\Users\Onpoint\AppData\Roaming\howto_recover_file_nwswx.html
2015-10-27 21:33 - 2015-10-27 21:33 - 0002259 _____ () C:\Users\Onpoint\AppData\Roaming\howto_recover_file_nwswx.txt
2012-02-10 13:31 - 2015-10-27 21:04 - 11010478 _____ () C:\Users\Onpoint\AppData\Roaming\Sandra.mdb.ccc
2014-06-19 12:11 - 2014-06-19 12:11 - 0000024 _____ () C:\Users\Onpoint\AppData\Roaming\temp.ini
2013-05-09 19:48 - 2015-01-07 17:28 - 0014848 _____ () C:\Users\Onpoint\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-27 20:57 - 2015-10-27 21:06 - 0006152 _____ () C:\Users\Onpoint\AppData\Local\howto_recover_file_mrjno.html
2015-10-27 20:57 - 2015-10-27 21:06 - 0002259 _____ () C:\Users\Onpoint\AppData\Local\howto_recover_file_mrjno.txt
2015-10-27 21:33 - 2015-10-27 21:33 - 0006152 _____ () C:\Users\Onpoint\AppData\Local\howto_recover_file_nwswx.html
2015-10-27 21:33 - 2015-10-27 21:33 - 0002259 _____ () C:\Users\Onpoint\AppData\Local\howto_recover_file_nwswx.txt
2014-01-15 20:30 - 2015-10-28 01:50 - 0007602 _____ () C:\Users\Onpoint\AppData\Local\Resmon.ResmonCfg
2014-12-29 12:49 - 2014-12-29 12:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-10-27 20:55 - 2015-10-27 20:57 - 0006152 _____ () C:\ProgramData\howto_recover_file_mrjno.html
2015-10-27 20:55 - 2015-10-27 20:57 - 0002259 _____ () C:\ProgramData\howto_recover_file_mrjno.txt
2015-10-27 21:30 - 2015-10-27 21:33 - 0006152 _____ () C:\ProgramData\howto_recover_file_nwswx.html
2015-10-27 21:30 - 2015-10-27 21:33 - 0002259 _____ () C:\ProgramData\howto_recover_file_nwswx.txt

Einige Dateien in TEMP:
====================
C:\Users\Onpoint\AppData\Local\Temp\avgnt.exe
C:\Users\Onpoint\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprquhkp.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-24 14:25

==================== Ende vom FRST.txt ============================
         


Alt 30.10.2015, 20:36   #6
schrauber
/// the machine
/// TB-Ausbilder
 

RSA 2048 Virus mit Verschlüsselungen - Standard

RSA 2048 Virus mit Verschlüsselungen



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> RSA 2048 Virus mit Verschlüsselungen

Alt 30.10.2015, 22:50   #7
Ramsi Hartma
 
RSA 2048 Virus mit Verschlüsselungen - Standard

RSA 2048 Virus mit Verschlüsselungen



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.10.30.07
  rootkit: v2015.10.28.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Onpoint :: ONPOINT-PC [administrator]

30.10.2015 22:21:09
mbar-log-2015-10-30 (22-21-09).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 360107
Time elapsed: 18 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Code:
ATTFilter
22:48:24.0575 0x0964  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
22:48:29.0356 0x0964  ============================================================
22:48:29.0356 0x0964  Current date / time: 2015/10/30 22:48:29.0356
22:48:29.0356 0x0964  SystemInfo:
22:48:29.0356 0x0964  
22:48:29.0356 0x0964  OS Version: 6.1.7601 ServicePack: 1.0
22:48:29.0356 0x0964  Product type: Workstation
22:48:29.0356 0x0964  ComputerName: ONPOINT-PC
22:48:29.0356 0x0964  UserName: Onpoint
22:48:29.0356 0x0964  Windows directory: C:\Windows
22:48:29.0356 0x0964  System windows directory: C:\Windows
22:48:29.0356 0x0964  Processor architecture: Intel x86
22:48:29.0356 0x0964  Number of processors: 4
22:48:29.0356 0x0964  Page size: 0x1000
22:48:29.0356 0x0964  Boot type: Normal boot
22:48:29.0356 0x0964  ============================================================
22:48:31.0431 0x0964  KLMD registered as C:\Windows\system32\drivers\36678199.sys
22:48:32.0133 0x0964  System UUID: {ACDF612C-40B0-1404-BE46-2CE0451A2D5B}
22:48:33.0178 0x0964  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:48:33.0209 0x0964  Drive \Device\Harddisk0\DR0 - Size: 0x12A2480000 ( 74.54 Gb ), SectorSize: 0x200, Cylinders: 0x2602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:48:33.0209 0x0964  ============================================================
22:48:33.0209 0x0964  \Device\Harddisk1\DR1:
22:48:33.0209 0x0964  MBR partitions:
22:48:33.0209 0x0964  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:48:33.0209 0x0964  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x186A0000
22:48:33.0209 0x0964  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x186D2800, BlocksNum 0x2D2A8000
22:48:33.0209 0x0964  \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x4597A800, BlocksNum 0x4EDD000
22:48:33.0209 0x0964  \Device\Harddisk0\DR0:
22:48:33.0209 0x0964  MBR partitions:
22:48:33.0209 0x0964  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1962EFA
22:48:33.0225 0x0964  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1962F78, BlocksNum 0x7BAB549
22:48:33.0225 0x0964  ============================================================
22:48:33.0256 0x0964  C: <-> \Device\Harddisk1\DR1\Partition4
22:48:33.0271 0x0964  D: <-> \Device\Harddisk0\DR0\Partition1
22:48:33.0287 0x0964  E: <-> \Device\Harddisk0\DR0\Partition2
22:48:33.0318 0x0964  F: <-> \Device\Harddisk1\DR1\Partition2
22:48:33.0365 0x0964  G: <-> \Device\Harddisk1\DR1\Partition3
22:48:33.0381 0x0964  B: <-> \Device\Harddisk1\DR1\Partition1
22:48:33.0381 0x0964  ============================================================
22:48:33.0381 0x0964  Initialize success
22:48:33.0381 0x0964  ============================================================
22:49:06.0982 0x089c  ============================================================
22:49:06.0982 0x089c  Scan started
22:49:06.0982 0x089c  Mode: Manual; SigCheck; TDLFS; 
22:49:06.0982 0x089c  ============================================================
22:49:06.0982 0x089c  KSN ping started
22:49:20.0664 0x089c  KSN ping finished: true
22:49:22.0941 0x089c  ================ Scan system memory ========================
22:49:22.0941 0x089c  System memory - ok
22:49:22.0941 0x089c  ================ Scan services =============================
22:49:23.0051 0x089c  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:49:23.0129 0x089c  1394ohci - ok
22:49:23.0160 0x089c  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:49:23.0176 0x089c  ACPI - ok
22:49:23.0192 0x089c  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:49:23.0223 0x089c  AcpiPmi - ok
22:49:23.0270 0x089c  [ 11A52CF7B265631DEEB24C6149309EFF, CBA25D358185FD4BE261C6C1B518AD60F5D27D5FB418098AB262B10F5A11C178 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:49:23.0301 0x089c  AdobeARMservice - ok
22:49:23.0379 0x089c  [ 8C194A201698B4B4F77D974549819D1F, 081A2496FE1CE519E48677D99A831FF1FEEB1B33C75224CF288FA52F3E0E5FF0 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:49:23.0394 0x089c  AdobeFlashPlayerUpdateSvc - ok
22:49:23.0441 0x089c  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:49:23.0457 0x089c  adp94xx - ok
22:49:23.0488 0x089c  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:49:23.0504 0x089c  adpahci - ok
22:49:23.0519 0x089c  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:49:23.0535 0x089c  adpu320 - ok
22:49:23.0535 0x089c  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:49:23.0582 0x089c  AeLookupSvc - ok
22:49:23.0628 0x089c  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
22:49:23.0675 0x089c  AFD - ok
22:49:23.0691 0x089c  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
22:49:23.0706 0x089c  agp440 - ok
22:49:23.0722 0x089c  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
22:49:23.0722 0x089c  aic78xx - ok
22:49:23.0753 0x089c  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
22:49:23.0784 0x089c  ALG - ok
22:49:23.0800 0x089c  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:49:23.0816 0x089c  aliide - ok
22:49:23.0831 0x089c  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:49:23.0847 0x089c  amdagp - ok
22:49:23.0862 0x089c  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:49:23.0862 0x089c  amdide - ok
22:49:23.0878 0x089c  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:49:23.0909 0x089c  AmdK8 - ok
22:49:23.0925 0x089c  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:49:23.0940 0x089c  AmdPPM - ok
22:49:23.0956 0x089c  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:49:23.0972 0x089c  amdsata - ok
22:49:24.0003 0x089c  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:49:24.0003 0x089c  amdsbs - ok
22:49:24.0034 0x089c  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:49:24.0034 0x089c  amdxata - ok
22:49:24.0112 0x089c  [ 6B31C215750CD41567E962D22839EE44, FF0B92807296B88DE37F9F2EB27FF7B73AA998B98074AA54A949A2B79690AFE5 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
22:49:24.0237 0x089c  AntiVirMailService - ok
22:49:24.0284 0x089c  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:49:24.0346 0x089c  AntiVirSchedulerService - ok
22:49:24.0377 0x089c  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:49:24.0408 0x089c  AntiVirService - ok
22:49:24.0471 0x089c  [ D84E576299C73B0B1DC477D2B99958C4, D6703C2B63B9FA87C2DA009CC7B6DF76C3603C6A9874B152D685A1B92EE2DF28 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
22:49:24.0564 0x089c  AntiVirWebService - ok
22:49:24.0580 0x089c  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
22:49:24.0705 0x089c  AppID - ok
22:49:24.0720 0x089c  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:49:24.0736 0x089c  AppIDSvc - ok
22:49:24.0767 0x089c  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
22:49:24.0814 0x089c  Appinfo - ok
22:49:24.0830 0x089c  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:49:24.0861 0x089c  AppMgmt - ok
22:49:24.0970 0x089c  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:49:24.0986 0x089c  arc - ok
22:49:25.0032 0x089c  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:49:25.0064 0x089c  arcsas - ok
22:49:25.0266 0x089c  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:49:25.0282 0x089c  aspnet_state - ok
22:49:25.0313 0x089c  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:49:25.0391 0x089c  AsyncMac - ok
22:49:25.0407 0x089c  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:49:25.0407 0x089c  atapi - ok
22:49:25.0422 0x089c  [ B73C832088DD54B55E04FF6F9646AD8C, 52A9F9240FAFB2F50E48579F02221CC0D6872F834104F91EF63ADC6AA82A2CD0 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
22:49:25.0438 0x089c  AtiPcie - ok
22:49:25.0485 0x089c  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:49:25.0516 0x089c  AudioEndpointBuilder - ok
22:49:25.0532 0x089c  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:49:25.0547 0x089c  Audiosrv - ok
22:49:25.0578 0x089c  [ 98A2E56DC1197D36E81F771DB81ED798, 9AD3089D59DDD15DF74CEE49568C3CFFD97976F93B7CA246F4D51FBA5528C6BA ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:49:25.0594 0x089c  avgntflt - ok
22:49:25.0610 0x089c  [ B9D3418110A6B4EAADCB2BD1A8CEC617, 2252E518FB0A69699ECF7A940A20E9D77822F7FF7CE14FE5E30E4DDB34546D56 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:49:25.0610 0x089c  avipbb - ok
22:49:25.0688 0x089c  [ 76648BCBEB840B391E85DAD2DC04FFC9, F30FC3CB49DE1B79E8EFA78ED4679E870ADD17B3101219A1EC2D18DDE7712F66 ] Avira.ServiceHost C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
22:49:25.0750 0x089c  Avira.ServiceHost - ok
22:49:25.0781 0x089c  [ F80F5DCA8A5D9D93CC5BE933D20CAF05, 2AFBB2D62127FACBCABBB3E78F3568A6BA016ED4A97A1490BAA29A1EFB7A4408 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:49:25.0781 0x089c  avkmgr - ok
22:49:25.0828 0x089c  [ D289EE6DCF0A6393AE24416D73114E79, EF018B706DA5D583AA26DCA69E132D67D2B189F1EDFCAF2503A2FDABE105C04A ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
22:49:25.0828 0x089c  avnetflt - ok
22:49:25.0859 0x089c  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:49:25.0906 0x089c  AxInstSV - ok
22:49:25.0937 0x089c  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
22:49:25.0994 0x089c  b06bdrv - ok
22:49:26.0020 0x089c  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
22:49:26.0036 0x089c  b57nd60x - ok
22:49:26.0067 0x089c  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
22:49:26.0098 0x089c  BDESVC - ok
22:49:26.0098 0x089c  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:49:26.0129 0x089c  Beep - ok
22:49:26.0160 0x089c  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
22:49:26.0207 0x089c  BFE - ok
22:49:26.0241 0x089c  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
22:49:26.0288 0x089c  BITS - ok
22:49:26.0301 0x089c  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:49:26.0312 0x089c  blbdrive - ok
22:49:26.0328 0x089c  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:49:26.0363 0x089c  bowser - ok
22:49:26.0373 0x089c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:49:26.0405 0x089c  BrFiltLo - ok
22:49:26.0405 0x089c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:49:26.0439 0x089c  BrFiltUp - ok
22:49:26.0458 0x089c  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
22:49:26.0487 0x089c  Browser - ok
22:49:26.0504 0x089c  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:49:26.0539 0x089c  Brserid - ok
22:49:26.0554 0x089c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:49:26.0570 0x089c  BrSerWdm - ok
22:49:26.0570 0x089c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:49:26.0597 0x089c  BrUsbMdm - ok
22:49:26.0605 0x089c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:49:26.0605 0x089c  BrUsbSer - ok
22:49:26.0621 0x089c  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:49:26.0637 0x089c  BTHMODEM - ok
22:49:26.0652 0x089c  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
22:49:26.0683 0x089c  bthserv - ok
22:49:26.0715 0x089c  [ 50F8483FBEAB51809B643EDAA6B38699, F44486202B74DB7AD8D6FE3FA8DA6E9F19BD766A1FC070407180EFCAF3CF4EA6 ] Bulk            C:\Windows\system32\Drivers\HDJBulk.sys
22:49:26.0746 0x089c  Bulk - detected UnsignedFile.Multi.Generic ( 1 )
22:49:29.0081 0x089c  Detect skipped due to KSN trusted
22:49:29.0081 0x089c  Bulk - ok
22:49:29.0115 0x089c  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:49:29.0125 0x089c  cdfs - ok
22:49:29.0156 0x089c  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:49:29.0191 0x089c  cdrom - ok
22:49:29.0220 0x089c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:49:29.0241 0x089c  CertPropSvc - ok
22:49:29.0256 0x089c  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:49:29.0272 0x089c  circlass - ok
22:49:29.0303 0x089c  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
22:49:29.0319 0x089c  CLFS - ok
22:49:29.0365 0x089c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:49:29.0365 0x089c  clr_optimization_v2.0.50727_32 - ok
22:49:29.0412 0x089c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:49:29.0428 0x089c  clr_optimization_v4.0.30319_32 - ok
22:49:29.0443 0x089c  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:49:29.0459 0x089c  CmBatt - ok
22:49:29.0475 0x089c  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:49:29.0475 0x089c  cmdide - ok
22:49:29.0506 0x089c  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
22:49:29.0537 0x089c  CNG - ok
22:49:29.0537 0x089c  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:49:29.0553 0x089c  Compbatt - ok
22:49:29.0568 0x089c  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:49:29.0584 0x089c  CompositeBus - ok
22:49:29.0584 0x089c  COMSysApp - ok
22:49:29.0599 0x089c  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:49:29.0599 0x089c  crcdisk - ok
22:49:29.0644 0x089c  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:49:29.0683 0x089c  CryptSvc - ok
22:49:29.0713 0x089c  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
22:49:29.0736 0x089c  CSC - ok
22:49:29.0771 0x089c  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
22:49:29.0817 0x089c  CscService - ok
22:49:29.0837 0x089c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:49:29.0876 0x089c  DcomLaunch - ok
22:49:29.0898 0x089c  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
22:49:29.0922 0x089c  defragsvc - ok
22:49:29.0944 0x089c  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:49:29.0959 0x089c  DfsC - ok
22:49:29.0990 0x089c  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:49:30.0021 0x089c  Dhcp - ok
22:49:30.0053 0x089c  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
22:49:30.0068 0x089c  discache - ok
22:49:30.0084 0x089c  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:49:30.0099 0x089c  Disk - ok
22:49:30.0115 0x089c  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:49:30.0162 0x089c  Dnscache - ok
22:49:30.0177 0x089c  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:49:30.0209 0x089c  dot3svc - ok
22:49:30.0224 0x089c  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
22:49:30.0240 0x089c  DPS - ok
22:49:30.0365 0x089c  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:49:30.0443 0x089c  drmkaud - ok
22:49:30.0443 0x09fc  Object required for P2P: [ 76648BCBEB840B391E85DAD2DC04FFC9 ] Avira.ServiceHost
22:49:30.0536 0x089c  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:49:30.0583 0x089c  DXGKrnl - ok
22:49:30.0599 0x089c  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
22:49:30.0645 0x089c  EapHost - ok
22:49:30.0776 0x089c  [ 560EDC0912BDB68290930E2542823A24, CB9578A19F717FBD388F2BE8179CF2D4755DF11AD246E13AF1D43E25CA026386 ] eapihdrv        C:\Users\Onpoint\AppData\Local\Temp\ehdrv.sys
22:49:30.0807 0x089c  eapihdrv - ok
22:49:30.0932 0x089c  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
22:49:31.0072 0x089c  ebdrv - ok
22:49:31.0088 0x089c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
22:49:31.0150 0x089c  EFS - ok
22:49:31.0182 0x089c  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:49:31.0258 0x089c  ehRecvr - ok
22:49:31.0281 0x089c  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
22:49:31.0306 0x089c  ehSched - ok
22:49:31.0351 0x089c  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:49:31.0374 0x089c  elxstor - ok
22:49:31.0421 0x089c  [ A2349A0013832F58260FC0C95914AA22, 1DB38BEB8FF743D327E84C7D70F7D4CE4049689389A5E10346C2C151D66D26CA ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
22:49:31.0432 0x089c  EPSON_PM_RPCV4_04 - ok
22:49:31.0447 0x089c  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:49:31.0468 0x089c  ErrDev - ok
22:49:31.0491 0x089c  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
22:49:31.0527 0x089c  EventSystem - ok
22:49:31.0559 0x089c  [ 0F40E249E4DD0CE47C7CA19C5C8FB48A, EBF4A9DCEF2913095BDDACC64D02925B30CC1D779D21D31A1C3B59532D1C97E3 ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
22:49:31.0606 0x089c  ewusbnet - ok
22:49:31.0637 0x089c  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:49:31.0669 0x089c  exfat - ok
22:49:31.0684 0x089c  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:49:31.0715 0x089c  fastfat - ok
22:49:31.0762 0x089c  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
22:49:31.0809 0x089c  Fax - ok
22:49:31.0825 0x089c  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:49:31.0840 0x089c  fdc - ok
22:49:31.0840 0x089c  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
22:49:31.0871 0x089c  fdPHost - ok
22:49:31.0887 0x089c  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:49:31.0903 0x089c  FDResPub - ok
22:49:31.0918 0x089c  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:49:31.0918 0x089c  FileInfo - ok
22:49:31.0934 0x089c  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:49:31.0949 0x089c  Filetrace - ok
22:49:31.0965 0x089c  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:49:31.0965 0x089c  flpydisk - ok
22:49:31.0981 0x089c  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:49:31.0996 0x089c  FltMgr - ok
22:49:32.0043 0x089c  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
22:49:32.0137 0x089c  FontCache - ok
22:49:32.0168 0x089c  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:49:32.0168 0x089c  FontCache3.0.0.0 - ok
22:49:32.0183 0x089c  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:49:32.0199 0x089c  FsDepends - ok
22:49:32.0215 0x089c  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:49:32.0215 0x089c  Fs_Rec - ok
22:49:32.0246 0x089c  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:49:32.0261 0x089c  fvevol - ok
22:49:32.0277 0x089c  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:49:32.0293 0x089c  gagp30kx - ok
22:49:32.0324 0x089c  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:49:32.0371 0x089c  gpsvc - ok
22:49:32.0386 0x089c  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:49:32.0417 0x089c  hcw85cir - ok
22:49:32.0449 0x089c  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:49:32.0480 0x089c  HdAudAddService - ok
22:49:32.0495 0x089c  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:49:32.0527 0x089c  HDAudBus - ok
22:49:32.0558 0x089c  [ 69AF29573B2A54AA9B06411084E1EF41, 5E736557B80FCAE0FDADD5AD2D3AC3EBF914E5FB2E542D2203D3594E9B14011E ] HDJMidi         C:\Windows\system32\DRIVERS\HDJMidi.sys
22:49:32.0605 0x089c  HDJMidi - detected UnsignedFile.Multi.Generic ( 1 )
22:49:32.0901 0x09fc  Object send P2P result: true
22:49:34.0956 0x089c  Detect skipped due to KSN trusted
22:49:34.0956 0x089c  HDJMidi - ok
22:49:34.0963 0x089c  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:49:34.0978 0x089c  HidBatt - ok
22:49:34.0992 0x089c  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:49:35.0020 0x089c  HidBth - ok
22:49:35.0035 0x089c  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:49:35.0047 0x089c  HidIr - ok
22:49:35.0067 0x089c  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
22:49:35.0103 0x089c  hidserv - ok
22:49:35.0131 0x089c  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:49:35.0178 0x089c  HidUsb - ok
22:49:35.0196 0x089c  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:49:35.0212 0x089c  hkmsvc - ok
22:49:35.0243 0x089c  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:49:35.0290 0x089c  HomeGroupListener - ok
22:49:35.0306 0x089c  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:49:35.0321 0x089c  HomeGroupProvider - ok
22:49:35.0352 0x089c  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:49:35.0368 0x089c  HpSAMD - ok
22:49:35.0399 0x089c  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:49:35.0430 0x089c  HTTP - ok
22:49:35.0462 0x089c  [ 92CA47DA32009CCC00A5ADED04ABBD78, 2159A632B9C519D94180A2EED24AB8A91BE8717F0C13BEC916CF4F70E4DB5D47 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:49:35.0602 0x089c  hwdatacard - ok
22:49:35.0664 0x089c  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:49:35.0711 0x089c  hwpolicy - ok
22:49:35.0742 0x089c  [ 089085538885367E281686762A973EB5, 9D54E822C6A792A838C5620AE88ECBA5657B33589DF071F99E0E97DC277B24EA ] hwusbfake       C:\Windows\system32\DRIVERS\ewusbfake.sys
22:49:35.0774 0x089c  hwusbfake - ok
22:49:35.0805 0x089c  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:49:35.0820 0x089c  i8042prt - ok
22:49:35.0852 0x089c  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:49:35.0867 0x089c  iaStorV - ok
22:49:35.0930 0x089c  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:49:35.0976 0x089c  idsvc - ok
22:49:35.0992 0x089c  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:49:36.0008 0x089c  iirsp - ok
22:49:36.0039 0x089c  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:49:36.0070 0x089c  IKEEXT - ok
22:49:36.0086 0x089c  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:49:36.0101 0x089c  intelide - ok
22:49:36.0117 0x089c  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:49:36.0132 0x089c  intelppm - ok
22:49:36.0148 0x089c  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:49:36.0179 0x089c  IPBusEnum - ok
22:49:36.0195 0x089c  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:49:36.0226 0x089c  IpFilterDriver - ok
22:49:36.0257 0x089c  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:49:36.0304 0x089c  iphlpsvc - ok
22:49:36.0335 0x089c  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:49:36.0351 0x089c  IPMIDRV - ok
22:49:36.0351 0x089c  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:49:36.0366 0x089c  IPNAT - ok
22:49:36.0382 0x089c  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:49:36.0413 0x089c  IRENUM - ok
22:49:36.0429 0x089c  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:49:36.0444 0x089c  isapnp - ok
22:49:36.0460 0x089c  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:49:36.0476 0x089c  iScsiPrt - ok
22:49:36.0507 0x089c  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:49:36.0507 0x089c  kbdclass - ok
22:49:36.0538 0x089c  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:49:36.0554 0x089c  kbdhid - ok
22:49:36.0569 0x089c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
22:49:36.0585 0x089c  KeyIso - ok
22:49:36.0600 0x089c  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:49:36.0600 0x089c  KSecDD - ok
22:49:36.0616 0x089c  [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:49:36.0632 0x089c  KSecPkg - ok
22:49:36.0663 0x089c  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:49:36.0678 0x089c  KtmRm - ok
22:49:36.0710 0x089c  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:49:36.0741 0x089c  LanmanServer - ok
22:49:36.0756 0x089c  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:49:36.0772 0x089c  LanmanWorkstation - ok
22:49:36.0944 0x089c  [ 337FA50FFDED5E2BC94B36BF625AB681, BC77CCED8F2B52D26C7A2D7960FB5C1690F5D7E41013644C9226A85C9FF4FA2C ] LiveUpdateSvc   C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
22:49:37.0068 0x089c  LiveUpdateSvc - ok
22:49:37.0084 0x089c  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:49:37.0115 0x089c  lltdio - ok
22:49:37.0131 0x089c  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:49:37.0162 0x089c  lltdsvc - ok
22:49:37.0178 0x089c  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:49:37.0193 0x089c  lmhosts - ok
22:49:37.0193 0x089c  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:49:37.0209 0x089c  LSI_FC - ok
22:49:37.0209 0x089c  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:49:37.0224 0x089c  LSI_SAS - ok
22:49:37.0224 0x089c  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:49:37.0240 0x089c  LSI_SAS2 - ok
22:49:37.0240 0x089c  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:49:37.0256 0x089c  LSI_SCSI - ok
22:49:37.0271 0x089c  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:49:37.0287 0x089c  luafv - ok
22:49:37.0318 0x089c  [ FDBDEDB746A33BAFC17394D1960ADEAF, 6280BD2559A3A0D058BAAF0BB3719F4BEE5841EC9901452CB6D8319666901876 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
22:49:37.0334 0x089c  mbamchameleon - ok
22:49:37.0349 0x089c  [ 40C7F4B63337414F967AC53E0520B06B, 1E42F17F17B8BF748EFB15112EDA2DBD76761A011673B654020084AEC02089F1 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:49:37.0380 0x089c  MBAMProtector - ok
22:49:37.0521 0x089c  [ 86701B8E4C53280AA8642AC85F8500F4, 6839F2B840410857AE7DA215A17922A7499A9B99D96032756525878E98175103 ] MBAMScheduler   G:\Tools\System\ Malwarebytes Anti-Malware \mbamscheduler.exe
22:49:37.0583 0x089c  MBAMScheduler - ok
22:49:37.0646 0x089c  [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService     G:\Tools\System\ Malwarebytes Anti-Malware \mbamservice.exe
22:49:37.0692 0x089c  MBAMService - ok
22:49:37.0739 0x089c  [ 04B309A1A653177994630C2773E659F1, 1D9F81D2DF513FE177E5308E3DE0CE416109F87FDBD00FE7453FEB6074216C3C ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
22:49:37.0755 0x089c  MBAMSwissArmy - ok
22:49:37.0786 0x089c  [ 63254775FE0F974F5316B4EC3F163038, 05C83C2A8C29075C25E506AA4554906096320DF5517EE550724A1DE35A7A5206 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
22:49:37.0786 0x089c  MBAMWebAccessControl - ok
22:49:37.0802 0x089c  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:49:37.0833 0x089c  Mcx2Svc - ok
22:49:37.0848 0x089c  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:49:37.0864 0x089c  megasas - ok
22:49:37.0880 0x089c  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:49:37.0895 0x089c  MegaSR - ok
22:49:37.0911 0x089c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
22:49:37.0942 0x089c  MMCSS - ok
22:49:37.0942 0x089c  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
22:49:37.0973 0x089c  Modem - ok
22:49:37.0989 0x089c  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:49:38.0004 0x089c  monitor - ok
22:49:38.0020 0x089c  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:49:38.0036 0x089c  mouclass - ok
22:49:38.0051 0x089c  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:49:38.0067 0x089c  mouhid - ok
22:49:38.0098 0x089c  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:49:38.0114 0x089c  mountmgr - ok
22:49:38.0129 0x089c  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:49:38.0145 0x089c  mpio - ok
22:49:38.0160 0x089c  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:49:38.0192 0x089c  mpsdrv - ok
22:49:38.0207 0x089c  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:49:38.0270 0x089c  MpsSvc - ok
22:49:38.0285 0x089c  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:49:38.0316 0x089c  MRxDAV - ok
22:49:38.0316 0x089c  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:49:38.0363 0x089c  mrxsmb - ok
22:49:38.0394 0x089c  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:49:38.0410 0x089c  mrxsmb10 - ok
22:49:38.0426 0x089c  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:49:38.0441 0x089c  mrxsmb20 - ok
22:49:38.0457 0x089c  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:49:38.0472 0x089c  msahci - ok
22:49:38.0488 0x089c  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:49:38.0488 0x089c  msdsm - ok
22:49:38.0519 0x089c  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
22:49:38.0550 0x089c  MSDTC - ok
22:49:38.0566 0x089c  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:49:38.0582 0x089c  Msfs - ok
22:49:38.0597 0x089c  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:49:38.0613 0x089c  mshidkmdf - ok
22:49:38.0628 0x089c  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:49:38.0628 0x089c  msisadrv - ok
22:49:38.0660 0x089c  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:49:38.0691 0x089c  MSiSCSI - ok
22:49:38.0691 0x089c  msiserver - ok
22:49:38.0722 0x089c  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:49:38.0738 0x089c  MSKSSRV - ok
22:49:38.0753 0x089c  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:49:38.0769 0x089c  MSPCLOCK - ok
22:49:38.0784 0x089c  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:49:38.0800 0x089c  MSPQM - ok
22:49:38.0831 0x089c  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:49:38.0831 0x089c  MsRPC - ok
22:49:38.0862 0x089c  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:49:38.0862 0x089c  mssmbios - ok
22:49:38.0878 0x089c  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:49:38.0894 0x089c  MSTEE - ok
22:49:38.0940 0x089c  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:49:38.0956 0x089c  MTConfig - ok
22:49:38.0972 0x089c  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:49:38.0987 0x089c  Mup - ok
22:49:39.0018 0x089c  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
22:49:39.0050 0x089c  napagent - ok
22:49:39.0081 0x089c  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:49:39.0096 0x089c  NativeWifiP - ok
22:49:39.0143 0x089c  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:49:39.0190 0x089c  NDIS - ok
22:49:39.0206 0x089c  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:49:39.0221 0x089c  NdisCap - ok
22:49:39.0237 0x089c  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:49:39.0252 0x089c  NdisTapi - ok
22:49:39.0284 0x089c  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:49:39.0315 0x089c  Ndisuio - ok
22:49:39.0315 0x089c  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:49:39.0330 0x089c  NdisWan - ok
22:49:39.0362 0x089c  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:49:39.0377 0x089c  NDProxy - ok
22:49:39.0408 0x089c  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:49:39.0424 0x089c  NetBIOS - ok
22:49:39.0455 0x089c  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:49:39.0471 0x089c  NetBT - ok
22:49:39.0471 0x089c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
22:49:39.0502 0x089c  Netlogon - ok
22:49:39.0518 0x089c  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
22:49:39.0564 0x089c  Netman - ok
22:49:39.0596 0x089c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:49:39.0611 0x089c  NetMsmqActivator - ok
22:49:39.0627 0x089c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:49:39.0627 0x089c  NetPipeActivator - ok
22:49:39.0642 0x089c  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
22:49:39.0674 0x089c  netprofm - ok
22:49:39.0689 0x089c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:49:39.0689 0x089c  NetTcpActivator - ok
22:49:39.0705 0x089c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:49:39.0705 0x089c  NetTcpPortSharing - ok
22:49:39.0720 0x089c  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:49:39.0736 0x089c  nfrd960 - ok
22:49:39.0923 0x089c  [ FEB33E85DA105767265C89F97201135F, CA5465ECE3DB8F82521FC70528C465165B3636E4DC8EAEE9F3A0122672FFBB38 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
22:49:40.0157 0x089c  NIHardwareService - detected UnsignedFile.Multi.Generic ( 1 )
22:49:42.0544 0x089c  Detect skipped due to KSN trusted
22:49:42.0544 0x089c  NIHardwareService - ok
22:49:42.0560 0x089c  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:49:42.0591 0x089c  NlaSvc - ok
22:49:42.0606 0x089c  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:49:42.0622 0x089c  Npfs - ok
22:49:42.0638 0x089c  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
22:49:42.0669 0x089c  nsi - ok
22:49:42.0669 0x089c  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:49:42.0684 0x089c  nsiproxy - ok
22:49:42.0747 0x089c  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:49:42.0810 0x089c  Ntfs - ok
22:49:42.0821 0x089c  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
22:49:42.0836 0x089c  Null - ok
22:49:42.0867 0x089c  [ A0A9E53B4AAC3C6534A063ABA69BC19F, 4195D1A94B5AF37D8D89DE989AD7CAC1B7123EF8281707C3088152DD77EE9686 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
22:49:42.0899 0x089c  NVHDA - ok
22:49:43.0464 0x089c  [ AFB33A823AABC112FC7BD62AFBCDB0CD, B267AA94024363B1C4A26D853094F84895D7EA232B8A6690C315D99D3D4C79BD ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:49:43.0879 0x089c  nvlddmkm - ok
22:49:43.0926 0x089c  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:49:43.0942 0x089c  nvraid - ok
22:49:43.0957 0x089c  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:49:43.0996 0x089c  nvstor - ok
22:49:44.0063 0x089c  [ 782945716AD010AC3D41758E8E52C735, 5A2B869B697D5BCD31F59BF39E3B0C8C570DD01B1FC82063CD9530F2FC49C7D6 ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:49:44.0131 0x089c  nvsvc - ok
22:49:44.0218 0x089c  [ A974E5C310B9B00894070CEB055D467F, 37246487C0F38EE2F2F1892D7E4FF9742D2E4C5EC8185D8A0C3CACB23AF6D625 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:49:44.0337 0x089c  nvUpdatusService - ok
22:49:44.0353 0x089c  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:49:44.0368 0x089c  nv_agp - ok
22:49:44.0384 0x089c  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:49:44.0400 0x089c  ohci1394 - ok
22:49:44.0446 0x089c  [ 2B8E4C792BED0E5882702720BC528AE5, 6D7CB027BC6014CB268C49B46049CDFF3BA94D07102A65BD053335A28E83D125 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:49:44.0484 0x089c  ose - ok
22:49:44.0663 0x089c  [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:49:44.0944 0x089c  osppsvc - ok
22:49:44.0977 0x089c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:49:45.0023 0x089c  p2pimsvc - ok
22:49:45.0051 0x089c  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:49:45.0080 0x089c  p2psvc - ok
22:49:45.0107 0x089c  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:49:45.0165 0x089c  Parport - ok
22:49:45.0188 0x089c  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:49:45.0198 0x089c  partmgr - ok
22:49:45.0206 0x089c  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
22:49:45.0240 0x089c  Parvdm - ok
22:49:45.0262 0x089c  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:49:45.0278 0x089c  PcaSvc - ok
22:49:45.0290 0x089c  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
22:49:45.0301 0x089c  pci - ok
22:49:45.0313 0x089c  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:49:45.0322 0x089c  pciide - ok
22:49:45.0337 0x089c  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:49:45.0357 0x089c  pcmcia - ok
22:49:45.0372 0x089c  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:49:45.0372 0x089c  pcw - ok
22:49:45.0419 0x089c  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:49:45.0466 0x089c  PEAUTH - ok
22:49:45.0513 0x089c  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:49:45.0575 0x089c  PeerDistSvc - ok
22:49:45.0638 0x089c  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
22:49:45.0716 0x089c  pla - ok
22:49:45.0747 0x089c  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:49:45.0778 0x089c  PlugPlay - ok
22:49:45.0794 0x089c  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:49:45.0825 0x089c  PNRPAutoReg - ok
22:49:45.0840 0x089c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:49:45.0856 0x089c  PNRPsvc - ok
22:49:45.0887 0x089c  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:49:45.0903 0x089c  PolicyAgent - ok
22:49:45.0934 0x089c  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
22:49:45.0965 0x089c  Power - ok
22:49:45.0996 0x089c  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:49:46.0012 0x089c  PptpMiniport - ok
22:49:46.0028 0x089c  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:49:46.0043 0x089c  Processor - ok
22:49:46.0074 0x089c  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:49:46.0090 0x089c  ProfSvc - ok
22:49:46.0106 0x089c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:49:46.0121 0x089c  ProtectedStorage - ok
22:49:46.0137 0x089c  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:49:46.0168 0x089c  Psched - ok
22:49:46.0199 0x089c  [ 053A608BCFEB5A4D0CECDDA703B08C83, 58DA926B0F885A31CACA55E2D9F9CA014B19A7C5374B861CE3E4A11C55F4EB5C ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
22:49:46.0230 0x089c  PxHelp20 - ok
22:49:46.0293 0x089c  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:49:46.0418 0x089c  ql2300 - ok
22:49:46.0418 0x089c  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:49:46.0433 0x089c  ql40xx - ok
22:49:46.0464 0x089c  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
22:49:46.0480 0x089c  QWAVE - ok
22:49:46.0496 0x089c  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:49:46.0511 0x089c  QWAVEdrv - ok
22:49:46.0511 0x089c  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:49:46.0527 0x089c  RasAcd - ok
22:49:46.0558 0x089c  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:49:46.0574 0x089c  RasAgileVpn - ok
22:49:46.0589 0x089c  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
22:49:46.0605 0x089c  RasAuto - ok
22:49:46.0620 0x089c  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:49:46.0636 0x089c  Rasl2tp - ok
22:49:46.0667 0x089c  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
22:49:46.0683 0x089c  RasMan - ok
22:49:46.0698 0x089c  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:49:46.0714 0x089c  RasPppoe - ok
22:49:46.0714 0x089c  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:49:46.0745 0x089c  RasSstp - ok
22:49:46.0761 0x089c  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:49:46.0792 0x089c  rdbss - ok
22:49:46.0792 0x089c  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:49:46.0808 0x089c  rdpbus - ok
22:49:46.0823 0x089c  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:49:46.0839 0x089c  RDPCDD - ok
22:49:46.0854 0x089c  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:49:46.0886 0x089c  RDPDR - ok
22:49:46.0886 0x089c  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:49:46.0901 0x089c  RDPENCDD - ok
22:49:46.0917 0x089c  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:49:46.0932 0x089c  RDPREFMP - ok
22:49:46.0964 0x089c  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:49:46.0979 0x089c  RdpVideoMiniport - ok
22:49:47.0010 0x089c  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:49:47.0026 0x089c  RDPWD - ok
22:49:47.0057 0x089c  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:49:47.0073 0x089c  rdyboost - ok
22:49:47.0088 0x089c  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:49:47.0104 0x089c  RemoteAccess - ok
22:49:47.0104 0x089c  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:49:47.0135 0x089c  RemoteRegistry - ok
22:49:47.0151 0x089c  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:49:47.0166 0x089c  RpcEptMapper - ok
22:49:47.0198 0x089c  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
22:49:47.0198 0x089c  RpcLocator - ok
22:49:47.0229 0x089c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
22:49:47.0260 0x089c  RpcSs - ok
22:49:47.0276 0x089c  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:49:47.0291 0x089c  rspndr - ok
22:49:47.0307 0x089c  [ 4E20765744BFBC16F6D6E5BD5598786B, CDB5AB7F8BE3C0085D08DC00CC8DB3266ABA16228B2F022380482C9D05070839 ] RTL8023xp       C:\Windows\system32\DRIVERS\Rtnicxp.sys
22:49:47.0322 0x089c  RTL8023xp - ok
22:49:47.0369 0x089c  [ 08E0B15F88CBFFEE0BB18D321C42E1B4, CCE272623FE9A534B715BC19FF0AEA9F192223787571A42EBCC5227718C2F13E ] RTL8192cu       C:\Windows\system32\DRIVERS\RTL8192cu.sys
22:49:47.0447 0x089c  RTL8192cu - ok
22:49:47.0463 0x089c  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
22:49:47.0510 0x089c  s3cap - ok
22:49:47.0525 0x089c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
22:49:47.0541 0x089c  SamSs - ok
22:49:47.0572 0x089c  [ B05AA6AC1E03E11748212824798F9CCA, AB5E011E2EDF9C835B9523352E7A7C93ADFC8E1B1B4AAA3766F87773C0BD78AF ] SandraAgentSrv  C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2\RpcAgentSrv.exe
22:49:47.0603 0x089c  SandraAgentSrv - detected UnsignedFile.Multi.Generic ( 1 )
22:49:50.0258 0x089c  Detect skipped due to KSN trusted
22:49:50.0258 0x089c  SandraAgentSrv - ok
22:49:50.0311 0x089c  sbapifs - ok
22:49:50.0337 0x089c  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:49:50.0372 0x089c  sbp2port - ok
22:49:50.0401 0x089c  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:49:50.0422 0x089c  SCardSvr - ok
22:49:50.0432 0x089c  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:49:50.0446 0x089c  scfilter - ok
22:49:50.0493 0x089c  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
22:49:50.0539 0x089c  Schedule - ok
22:49:50.0555 0x089c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:49:50.0586 0x089c  SCPolicySvc - ok
22:49:50.0602 0x089c  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:49:50.0633 0x089c  SDRSVC - ok
22:49:50.0649 0x089c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:49:50.0664 0x089c  secdrv - ok
22:49:50.0680 0x089c  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
22:49:50.0695 0x089c  seclogon - ok
22:49:50.0711 0x089c  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
22:49:50.0742 0x089c  SENS - ok
22:49:50.0758 0x089c  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:49:50.0773 0x089c  SensrSvc - ok
22:49:50.0789 0x089c  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:49:50.0820 0x089c  Serenum - ok
22:49:50.0820 0x089c  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:49:50.0851 0x089c  Serial - ok
22:49:50.0867 0x089c  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:49:50.0883 0x089c  sermouse - ok
22:49:50.0898 0x089c  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:49:50.0914 0x089c  SessionEnv - ok
22:49:50.0929 0x089c  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:49:50.0961 0x089c  sffdisk - ok
22:49:50.0976 0x089c  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:49:50.0992 0x089c  sffp_mmc - ok
22:49:51.0023 0x089c  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:49:51.0070 0x089c  sffp_sd - ok
22:49:51.0101 0x089c  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:49:51.0117 0x089c  sfloppy - ok
22:49:51.0257 0x089c  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:49:51.0288 0x089c  SharedAccess - ok
22:49:51.0304 0x089c  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:49:51.0335 0x089c  ShellHWDetection - ok
22:49:51.0351 0x089c  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:49:51.0366 0x089c  sisagp - ok
22:49:51.0366 0x089c  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:49:51.0382 0x089c  SiSRaid2 - ok
22:49:51.0382 0x089c  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:49:51.0429 0x089c  SiSRaid4 - ok
22:49:51.0429 0x089c  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:49:51.0444 0x089c  Smb - ok
22:49:51.0491 0x089c  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:49:51.0507 0x089c  SNMPTRAP - ok
22:49:51.0507 0x089c  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:49:51.0522 0x089c  spldr - ok
22:49:51.0553 0x089c  [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler         C:\Windows\System32\spoolsv.exe
22:49:51.0588 0x089c  Spooler - ok
22:49:51.0706 0x089c  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
22:49:51.0842 0x089c  sppsvc - ok
22:49:51.0860 0x089c  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:49:51.0880 0x089c  sppuinotify - ok
22:49:51.0896 0x089c  [ 68103A2B441BBF3908EBB587F0704D6C, 0EE921D3D3D88AD0380923429E82B58078F53D7A9D53458AA33FEDF376EF1212 ] sptd            C:\Windows\System32\Drivers\sptd.sys
22:49:51.0925 0x089c  sptd - ok
22:49:51.0929 0x089c  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:49:51.0987 0x089c  srv - ok
22:49:51.0996 0x089c  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:49:52.0014 0x089c  srv2 - ok
22:49:52.0014 0x089c  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:49:52.0030 0x089c  srvnet - ok
22:49:52.0045 0x089c  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:49:52.0092 0x089c  SSDPSRV - ok
22:49:52.0108 0x089c  [ 424566865D82AA4BD8D6546C1F2065FA, 37B4C04C7C0EE0F3347A9E9F35B095478299F7324CA87AAE487BF989B0E6AE03 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
22:49:52.0123 0x089c  ssmdrv - ok
22:49:52.0139 0x089c  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:49:52.0170 0x089c  SstpSvc - ok
22:49:52.0232 0x089c  [ EBAA82F7C9B97C0E450449178E007340, D470927CC216C4E3EA23236E6C6464187CD3A49C3A4A456F488FEC8E713EA31B ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
22:49:52.0279 0x089c  Steam Client Service - ok
22:49:52.0326 0x089c  [ C354621B6B94E10AE7F5CDBE745FEB86, 790F739C71432AFFA69842C8C8BD62914A6F69FE0D242828AA317009B7176E0A ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:49:52.0373 0x089c  Stereo Service - ok
22:49:52.0404 0x089c  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:49:52.0404 0x089c  stexstor - ok
22:49:52.0446 0x089c  [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
22:49:52.0500 0x089c  StillCam - ok
22:49:52.0536 0x089c  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
22:49:52.0575 0x089c  StiSvc - ok
22:49:52.0590 0x089c  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
22:49:52.0630 0x089c  storflt - ok
22:49:52.0655 0x089c  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:49:52.0684 0x089c  storvsc - ok
22:49:52.0706 0x089c  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:49:52.0719 0x089c  swenum - ok
22:49:52.0779 0x089c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:49:52.0810 0x089c  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
22:49:55.0197 0x089c  Detect skipped due to KSN trusted
22:49:55.0197 0x089c  SwitchBoard - ok
22:49:55.0212 0x089c  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
22:49:55.0244 0x089c  swprv - ok
22:49:55.0259 0x089c  Synth3dVsc - ok
22:49:55.0290 0x089c  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
22:49:55.0353 0x089c  SysMain - ok
22:49:55.0368 0x089c  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
22:49:55.0384 0x089c  TabletInputService - ok
22:49:55.0400 0x089c  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:49:55.0446 0x089c  TapiSrv - ok
22:49:55.0462 0x089c  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
22:49:55.0493 0x089c  TBS - ok
22:49:55.0556 0x089c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:49:55.0602 0x089c  Tcpip - ok
22:49:55.0649 0x089c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:49:55.0680 0x089c  TCPIP6 - ok
22:49:55.0696 0x089c  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:49:55.0727 0x089c  tcpipreg - ok
22:49:55.0743 0x089c  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:49:55.0774 0x089c  TDPIPE - ok
22:49:55.0790 0x089c  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:49:55.0805 0x089c  TDTCP - ok
22:49:55.0821 0x089c  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:49:55.0836 0x089c  tdx - ok
22:49:55.0868 0x089c  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:49:55.0868 0x089c  TermDD - ok
22:49:55.0899 0x089c  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
22:49:55.0930 0x089c  TermService - ok
22:49:55.0930 0x089c  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
22:49:55.0946 0x089c  Themes - ok
22:49:55.0961 0x089c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
22:49:55.0977 0x089c  THREADORDER - ok
22:49:55.0992 0x089c  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
22:49:56.0008 0x089c  TrkWks - ok
22:49:56.0039 0x089c  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:49:56.0070 0x089c  TrustedInstaller - ok
22:49:56.0086 0x089c  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:49:56.0102 0x089c  tssecsrv - ok
22:49:56.0133 0x089c  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:49:56.0148 0x089c  TsUsbFlt - ok
22:49:56.0148 0x089c  tsusbhub - ok
22:49:56.0351 0x089c  [ 0BAD7F503D56EF6927417E3C1795501D, 4379355F469973598F0EE38DBB3649FE805CB2CD3E1115122338EC04A78876C1 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
22:49:56.0429 0x089c  TuneUp.UtilitiesSvc - ok
22:49:56.0460 0x089c  [ E5049C43601473B5A909058596111229, 96CFE481F767C66FA2877594384086C1BE8B2BADBF12DBF4CB72CF73898D0876 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys
22:49:56.0476 0x089c  TuneUpUtilitiesDrv - ok
22:49:56.0492 0x089c  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:49:56.0523 0x089c  tunnel - ok
22:49:56.0554 0x089c  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:49:56.0554 0x089c  uagp35 - ok
22:49:56.0570 0x089c  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:49:56.0601 0x089c  udfs - ok
22:49:56.0616 0x089c  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:49:56.0632 0x089c  UI0Detect - ok
22:49:56.0663 0x089c  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:49:56.0663 0x089c  uliagpkx - ok
22:49:56.0694 0x089c  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:49:56.0710 0x089c  umbus - ok
22:49:56.0710 0x089c  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:49:56.0726 0x089c  UmPass - ok
22:49:56.0741 0x089c  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
22:49:56.0772 0x089c  UmRdpService - ok
22:49:56.0788 0x089c  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
22:49:56.0819 0x089c  upnphost - ok
22:49:56.0850 0x089c  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:49:56.0866 0x089c  usbaudio - ok
22:49:56.0882 0x089c  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:49:56.0897 0x089c  usbccgp - ok
22:49:56.0897 0x089c  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:49:56.0913 0x089c  usbcir - ok
22:49:56.0928 0x089c  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:49:56.0944 0x089c  usbehci - ok
22:49:56.0960 0x089c  [ E5B14557793164DB879EE56F5B59C3E2, 963CB7D6A79D75F39C024BFBD594889B85D2171FBD16A89EE4B722FA42D6BA42 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
22:49:56.0960 0x089c  usbfilter - ok
22:49:56.0975 0x089c  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:49:56.0991 0x089c  usbhub - ok
22:49:56.0991 0x089c  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:49:57.0006 0x089c  usbohci - ok
22:49:57.0022 0x089c  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:49:57.0022 0x089c  usbprint - ok
22:49:57.0038 0x089c  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:49:57.0084 0x089c  USBSTOR - ok
22:49:57.0084 0x089c  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:49:57.0100 0x089c  usbuhci - ok
22:49:57.0116 0x089c  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
22:49:57.0131 0x089c  UxSms - ok
22:49:57.0178 0x089c  [ F640607B23CB330C7AF6D920F8E865B4, A1F39514A368C1EA24A8C65245439CFF7DE9D2DA7721B2642C6726BE682F9177 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
22:49:57.0178 0x089c  UxTuneUp - ok
22:49:57.0194 0x089c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
22:49:57.0209 0x089c  VaultSvc - ok
22:49:57.0225 0x089c  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:49:57.0225 0x089c  vdrvroot - ok
22:49:57.0256 0x089c  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
22:49:57.0303 0x089c  vds - ok
22:49:57.0318 0x089c  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:49:57.0318 0x089c  vga - ok
22:49:57.0334 0x089c  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:49:57.0350 0x089c  VgaSave - ok
22:49:57.0365 0x089c  VGPU - ok
22:49:57.0381 0x089c  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:49:57.0396 0x089c  vhdmp - ok
22:49:57.0412 0x089c  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:49:57.0428 0x089c  viaagp - ok
22:49:57.0443 0x089c  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
22:49:57.0459 0x089c  ViaC7 - ok
22:49:57.0474 0x089c  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:49:57.0506 0x089c  viaide - ok
22:49:57.0537 0x089c  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:49:57.0552 0x089c  vmbus - ok
22:49:57.0568 0x089c  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
22:49:57.0584 0x089c  VMBusHID - ok
22:49:57.0599 0x089c  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:49:57.0615 0x089c  volmgr - ok
22:49:57.0630 0x089c  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:49:57.0646 0x089c  volmgrx - ok
22:49:57.0662 0x089c  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:49:57.0677 0x089c  volsnap - ok
22:49:57.0708 0x089c  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:49:57.0740 0x089c  vsmraid - ok
22:49:57.0802 0x089c  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
22:49:57.0864 0x089c  VSS - ok
22:49:57.0880 0x089c  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:49:57.0896 0x089c  vwifibus - ok
22:49:57.0911 0x089c  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:49:57.0927 0x089c  vwififlt - ok
22:49:57.0942 0x089c  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:49:57.0958 0x089c  vwifimp - ok
22:49:57.0989 0x089c  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
22:49:58.0043 0x089c  W32Time - ok
22:49:58.0061 0x089c  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:49:58.0081 0x089c  WacomPen - ok
22:49:58.0113 0x089c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:49:58.0132 0x089c  WANARP - ok
22:49:58.0136 0x089c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:49:58.0153 0x089c  Wanarpv6 - ok
22:49:58.0200 0x089c  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
22:49:58.0283 0x089c  wbengine - ok
22:49:58.0299 0x089c  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:49:58.0317 0x089c  WbioSrvc - ok
22:49:58.0345 0x089c  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:49:58.0364 0x089c  wcncsvc - ok
22:49:58.0370 0x089c  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:49:58.0401 0x089c  WcsPlugInService - ok
22:49:58.0417 0x089c  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:49:58.0448 0x089c  Wd - ok
22:49:58.0495 0x089c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:49:58.0542 0x089c  Wdf01000 - ok
22:49:58.0542 0x089c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:49:58.0588 0x089c  WdiServiceHost - ok
22:49:58.0604 0x089c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:49:58.0604 0x089c  WdiSystemHost - ok
22:49:58.0639 0x089c  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
22:49:58.0666 0x089c  WebClient - ok
22:49:58.0680 0x089c  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:49:58.0703 0x089c  Wecsvc - ok
22:49:58.0713 0x089c  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:49:58.0734 0x089c  wercplsupport - ok
22:49:58.0755 0x089c  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
22:49:58.0785 0x089c  WerSvc - ok
22:49:58.0802 0x089c  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:49:58.0822 0x089c  WfpLwf - ok
22:49:58.0832 0x089c  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:49:58.0841 0x089c  WIMMount - ok
22:49:58.0888 0x089c  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:49:58.0942 0x089c  WinDefend - ok
22:49:58.0951 0x089c  WinHttpAutoProxySvc - ok
22:49:58.0992 0x089c  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:49:59.0014 0x089c  Winmgmt - ok
22:49:59.0053 0x089c  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
22:49:59.0116 0x089c  WinRM - ok
22:49:59.0147 0x089c  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:49:59.0178 0x089c  WinUsb - ok
22:49:59.0209 0x089c  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:49:59.0256 0x089c  Wlansvc - ok
22:49:59.0350 0x089c  [ 5E7C103F8475C4289847D15E129C20F7, C6325D3557545FA1DA26B0B1EA9A1C95AED1FA84A93BE29A771DAD9ECB00768B ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:49:59.0443 0x089c  wlidsvc - ok
22:49:59.0459 0x089c  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:49:59.0475 0x089c  WmiAcpi - ok
22:49:59.0490 0x089c  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:49:59.0521 0x089c  wmiApSrv - ok
22:49:59.0584 0x089c  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:49:59.0677 0x089c  WMPNetworkSvc - ok
22:49:59.0677 0x089c  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:49:59.0709 0x089c  WPCSvc - ok
22:49:59.0724 0x089c  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:49:59.0755 0x089c  WPDBusEnum - ok
22:49:59.0771 0x089c  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:49:59.0802 0x089c  ws2ifsl - ok
22:49:59.0818 0x089c  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
22:49:59.0833 0x089c  wscsvc - ok
22:49:59.0865 0x089c  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
22:49:59.0927 0x089c  WSDPrintDevice - ok
22:49:59.0927 0x089c  [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
22:49:59.0989 0x089c  WSDScan - ok
22:49:59.0989 0x089c  WSearch - ok
22:50:00.0114 0x089c  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
22:50:00.0177 0x089c  wuauserv - ok
22:50:00.0305 0x089c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:50:00.0335 0x089c  WudfPf - ok
22:50:00.0368 0x089c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:50:00.0381 0x089c  WUDFRd - ok
22:50:00.0404 0x089c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:50:00.0420 0x089c  wudfsvc - ok
22:50:00.0451 0x089c  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:50:00.0513 0x089c  WwanSvc - ok
22:50:00.0560 0x089c  ================ Scan global ===============================
22:50:00.0576 0x089c  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
22:50:00.0608 0x089c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
22:50:00.0630 0x089c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
22:50:00.0650 0x089c  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
22:50:00.0677 0x089c  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
22:50:00.0689 0x089c  [ Global ] - ok
22:50:00.0689 0x089c  ================ Scan MBR ==================================
22:50:00.0716 0x089c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:50:02.0612 0x089c  \Device\Harddisk1\DR1 - ok
22:50:02.0615 0x089c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:50:02.0759 0x089c  \Device\Harddisk0\DR0 - ok
22:50:02.0759 0x089c  ================ Scan VBR ==================================
22:50:02.0792 0x089c  [ 188D6957EC81A341853F88FA5518979A ] \Device\Harddisk1\DR1\Partition1
22:50:02.0849 0x089c  \Device\Harddisk1\DR1\Partition1 - ok
22:50:02.0869 0x089c  [ FDEFC22DD7FCB55EB0ED3B4B665FDC69 ] \Device\Harddisk1\DR1\Partition2
22:50:02.0904 0x089c  \Device\Harddisk1\DR1\Partition2 - ok
22:50:02.0918 0x089c  [ 2E560BE485C17374C3C89070D9228B96 ] \Device\Harddisk1\DR1\Partition3
22:50:02.0935 0x089c  \Device\Harddisk1\DR1\Partition3 - ok
22:50:02.0963 0x089c  [ A9CA59B2B0FBD688C43807F6A91C43A9 ] \Device\Harddisk1\DR1\Partition4
22:50:02.0966 0x089c  \Device\Harddisk1\DR1\Partition4 - ok
22:50:02.0968 0x089c  [ 7718557DC729165215EC2B2690F22679 ] \Device\Harddisk0\DR0\Partition1
22:50:02.0969 0x089c  \Device\Harddisk0\DR0\Partition1 - ok
22:50:02.0971 0x089c  [ 0C2C9B8AACF2BCEB659C8ECB8DE64EC9 ] \Device\Harddisk0\DR0\Partition2
22:50:02.0972 0x089c  \Device\Harddisk0\DR0\Partition2 - ok
22:50:02.0972 0x089c  ================ Scan generic autorun ======================
22:50:03.0115 0x089c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:50:03.0140 0x089c  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
22:50:03.0140 0x089c  Detect skipped due to KSN trusted
22:50:03.0140 0x089c  SwitchBoard - ok
22:50:03.0233 0x089c  [ C1A86A6D6847DEFF009EAE85BA0C1F20, 7DC2A823FA281117B335B74876469C788A5C81534251179BE86F3FB35F1B6D67 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
22:50:03.0265 0x089c  avgnt - ok
22:50:03.0314 0x089c  [ D52A9F078EA114D3465FC1CD9E900DF1, 841F6055435278A93230C3F5E33E6C530D6FDF5A331EC31E992A35DD084A7C64 ] C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
22:50:03.0314 0x089c  Avira SystrayStartTrigger - ok
22:50:03.0377 0x089c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
22:50:03.0470 0x089c  Sidebar - ok
22:50:03.0486 0x089c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
22:50:03.0502 0x089c  mctadmin - ok
22:50:03.0533 0x089c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
22:50:03.0564 0x089c  Sidebar - ok
22:50:03.0580 0x089c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
22:50:03.0580 0x089c  mctadmin - ok
22:50:04.0235 0x089c  [ 7619D9ABB017DEBB29D0793A9C2B64A8, 744555E842A71FA6157D1A1DD90ED67F13D6AED4259C23DA0540955FCEF71347 ] C:\Program Files\DAEMON Tools Lite\DTLite.exe
22:50:04.0344 0x089c  DAEMON Tools Lite - ok
22:50:04.0703 0x089c  [ 0BE64FAB577BFA54443C680343AEC85F, E734355E9D195A60C41CA17073F5F5E2FFED0314A00DE78F1208C15ACFE611CA ] C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\chrome.exe
22:50:04.0734 0x089c  GoogleChromeAutoLaunch_F39032C19F5C81D8B6437859BCCB58BB - ok
22:50:04.0750 0x089c  Ctnglh - ok
22:50:04.0843 0x089c  [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe
22:50:04.0843 0x089c  Dropbox Update - ok
22:50:04.0906 0x089c  [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
22:50:04.0968 0x089c  SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
22:50:07.0324 0x089c  Detect skipped due to KSN trusted
22:50:07.0324 0x089c  SpybotPostWindows10UpgradeReInstall - ok
22:50:07.0370 0x089c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
22:50:07.0402 0x089c  Sidebar - ok
22:50:07.0417 0x089c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
22:50:07.0433 0x089c  mctadmin - ok
22:50:07.0433 0x089c  Waiting for KSN requests completion. In queue: 108
22:50:08.0447 0x089c  Waiting for KSN requests completion. In queue: 108
22:50:09.0461 0x089c  Waiting for KSN requests completion. In queue: 108
22:50:10.0584 0x089c  AV detected via SS2: Avira Antivirus, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated )
22:50:10.0615 0x089c  Win FW state via NFP2: enabled ( trusted )
22:50:13.0408 0x089c  ============================================================
22:50:13.0408 0x089c  Scan finished
22:50:13.0408 0x089c  ============================================================
22:50:13.0408 0x0a24  Detected object count: 0
22:50:13.0408 0x0a24  Actual detected object count: 0
         

Ich bekomme übrigens auch ständig einen rundll32 Fehler.

Geändert von Ramsi Hartma (30.10.2015 um 23:04 Uhr)

Alt 31.10.2015, 17:29   #8
schrauber
/// the machine
/// TB-Ausbilder
 

RSA 2048 Virus mit Verschlüsselungen - Standard

RSA 2048 Virus mit Verschlüsselungen



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.10.2015, 18:29   #9
Ramsi Hartma
 
RSA 2048 Virus mit Verschlüsselungen - Standard

RSA 2048 Virus mit Verschlüsselungen



Ich kann es nicht starten, dass Programm öffnet 1 Sekunde, und schließt dann wieder.
Avira + Malewarbytes ist beendet.

Wenn ich auf Kompatiblitätsproblme in Win 7 gehe steht, dass Programm ist für Win XP SP2 ausgelegt darum inkompatibel.
Falsche Version?

Habe es jetzt wo anders geladen, es funktioniert jetzt...

So, jedes mal wenn es durchläuft, bnricht es ab und sagt : Du kannst Combofix nicht in .... umbenennen, nutze alphabetische Zeichen. Ich nenne es aber gar nicht um, wenn ich es umbenenne, dann funktioniert es trotzdem nicht.

Geändert von Ramsi Hartma (31.10.2015 um 18:44 Uhr)

Alt 01.11.2015, 07:25   #10
schrauber
/// the machine
/// TB-Ausbilder
 

RSA 2048 Virus mit Verschlüsselungen - Standard

RSA 2048 Virus mit Verschlüsselungen



Versuchs mal im Safe Mode.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.11.2015, 19:23   #11
Ramsi Hartma
 
RSA 2048 Virus mit Verschlüsselungen - Standard

RSA 2048 Virus mit Verschlüsselungen



Obwohl alle Avira Prozesse beendet waren, hat es mir trotzdem immer den Hinweis gegeben, dass es noch aktiv ist. Habe es dann trotzdem ausgeführt.

Code:
ATTFilter
ComboFix 15-10-28.01 - Onpoint 01.11.2015  19:13:25.1.4 - x86 NETWORK
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3327.2840 [GMT 1:00]
ausgeführt von:: c:\users\Onpoint\Desktop\ComboFix.exe
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Propellerhead Software\ReCycle
c:\programdata\Propellerhead Software\ReCycle\howto_recover_file_mrjno.html
c:\programdata\Propellerhead Software\ReCycle\howto_recover_file_mrjno.txt
c:\programdata\Propellerhead Software\ReCycle\howto_recover_file_nwswx.html
c:\programdata\Propellerhead Software\ReCycle\howto_recover_file_nwswx.txt
c:\users\Onpoint\AppData\Local\lollipop
c:\users\Onpoint\AppData\Local\lollipop\howto_recover_file_mrjno.html
c:\users\Onpoint\AppData\Local\lollipop\howto_recover_file_mrjno.txt
c:\users\Onpoint\AppData\Local\lollipop\howto_recover_file_nwswx.html
c:\users\Onpoint\AppData\Local\lollipop\howto_recover_file_nwswx.txt
c:\users\Onpoint\AppData\Local\Microsoft\Windows\Temporary Internet Files\howto_recover_file_mrjno.html
c:\users\Onpoint\AppData\Local\Microsoft\Windows\Temporary Internet Files\howto_recover_file_mrjno.txt
c:\users\Onpoint\AppData\Roaming\Common\LuaRT
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\alien.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\alien\core.dll
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\alien\howto_recover_file_mrjno.html
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\alien\howto_recover_file_mrjno.txt
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\alien\struct.dll
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\base.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\debug_ext.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\debug_init.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\getopt.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\howto_recover_file_mrjno.html
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\howto_recover_file_mrjno.txt
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\io_ext.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\decode.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\decode\array.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\decode\calls.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\decode\howto_recover_file_mrjno.html
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\decode\howto_recover_file_mrjno.txt
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\decode\number.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\decode\object.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\decode\others.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\decode\strings.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\decode\util.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\encode.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\encode\array.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\encode\calls.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\encode\howto_recover_file_mrjno.html
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\encode\howto_recover_file_mrjno.txt
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\encode\number.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\encode\object.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\encode\others.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\encode\output.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\encode\output_utility.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\encode\strings.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\howto_recover_file_mrjno.html
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\howto_recover_file_mrjno.txt
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\json\util.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\lfs.dll
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\list.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\lpeg.dll
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\ltn12.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\lua.exe
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\lua5.1.dll
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\lua51.dll
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\luacom.dll
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\luasql\howto_recover_file_mrjno.html
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\luasql\howto_recover_file_mrjno.txt
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\luasql\sqlite3.dll
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\math_ext.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT\howto_recover_file_mrjno.html
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT\howto_recover_file_mrjno.txt
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT\msvcm80.dll
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT\msvcp80.dll
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT\msvcr80.dll
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\mime.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\mime\core.dll
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\mime\howto_recover_file_mrjno.html
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\mime\howto_recover_file_mrjno.txt
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\modules.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\package_ext.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\set.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\socket.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\socket\core.dll
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\socket\howto_recover_file_mrjno.html
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\socket\howto_recover_file_mrjno.txt
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\socket\http.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\socket\url.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\std.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\strbuf.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\string_ext.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\table_ext.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\tree.lua
c:\users\Onpoint\AppData\Roaming\Common\LuaRT\wlua.exe
c:\users\Onpoint\AppData\Roaming\DLLDEV327.dll
c:\users\Onpoint\AppData\Roaming\Microsoft\Windows\lwE9H2ZWNTb4KlAE.dat
c:\users\Onpoint\AppData\Roaming\Microsoft\Windows\Recent\howto_recover_file_mrjno.html
c:\users\Onpoint\AppData\Roaming\Microsoft\Windows\Recent\howto_recover_file_mrjno.txt
c:\users\Onpoint\AppData\Roaming\Propellerhead Software\ReCycle
c:\users\Onpoint\AppData\Roaming\Propellerhead Software\ReCycle\howto_recover_file_mrjno.html
c:\users\Onpoint\AppData\Roaming\Propellerhead Software\ReCycle\howto_recover_file_mrjno.txt
c:\users\Onpoint\AppData\Roaming\Propellerhead Software\ReCycle\ReCycle Preferences File.prf
c:\users\Onpoint\Favorites\howto_recover_file_mrjno.html
c:\users\Public\Favorites\howto_recover_file_mrjno.html
c:\users\Public\Favorites\howto_recover_file_nwswx.html
c:\users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\howto_recover_file_mrjno.html
c:\users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\howto_recover_file_mrjno.txt
c:\users\UpdatusUser\Favorites\howto_recover_file_mrjno.html
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-10-01 bis 2015-11-01  ))))))))))))))))))))))))))))))
.
.
2015-10-30 23:12 . 2015-10-30 23:12	--------	d-----w-	c:\windows\CheckSur
2015-10-30 22:51 . 2015-10-31 17:25	--------	d-----w-	c:\windows\system32\catroot2
2015-10-30 21:20 . 2015-10-30 21:44	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-10-29 19:19 . 2015-10-29 19:21	--------	d-----w-	C:\FRST
2015-10-27 23:04 . 2015-10-28 20:19	--------	d-----w-	c:\programdata\SecTaskMan
2015-10-27 22:25 . 2015-10-27 22:25	--------	d-----w-	c:\program files\ESET
2015-10-27 21:37 . 2015-10-27 21:37	--------	d-----w-	C:\Program Files (x86)
2015-10-27 21:24 . 2015-10-31 18:17	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-27 21:24 . 2015-10-30 21:19	94936	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-10-27 21:24 . 2015-10-05 08:50	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-10-27 21:24 . 2015-10-05 08:50	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-10-27 20:56 . 2015-10-27 20:56	--------	d-----w-	c:\program files\Common Files\AV
2015-10-27 20:51 . 2015-10-27 22:05	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2015-10-27 17:21 . 2015-10-30 21:14	--------	d--h--w-	c:\programdata\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-10-25 20:19 . 2015-10-27 20:34	--------	d-----w-	c:\users\Onpoint\AppData\Local\JDownloader 2.0
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-24 13:22 . 2013-03-02 10:06	780488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-10-24 13:22 . 2013-03-02 10:06	142536	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-24 16:53 . 2014-05-04 12:16	55912	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-09-24 16:53 . 2014-05-04 12:16	108448	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-10-14 02:44 . 2013-10-14 02:44	2174976	----a-w-	c:\program files\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-12-03 10:14	752448	----a-w-	c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:33	1720976	----a-w-	c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:33	1720976	----a-w-	c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:33	1720976	----a-w-	c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34	194824	----a-w-	c:\users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34	194824	----a-w-	c:\users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-10-12 23:34	194824	----a-w-	c:\users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"GoogleChromeAutoLaunch_F39032C19F5C81D8B6437859BCCB58BB"="c:\users\Onpoint\AppData\Local\Google\Chrome\Application\chrome.exe" [2015-10-20 811848]
"Dropbox Update"="c:\users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-21 134512]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-09-24 782520]
"Avira SystrayStartTrigger"="c:\program files\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2015-09-10 66320]
.
c:\users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Onpoint\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 36711472]
.
c:\users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autostart - Verknüpfung\
target.lnk - c:\users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011-6-17] [Folder]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Onpoint\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"AmazonMP3DownloaderHelper"=c:\users\Onpoint\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
"Intermediate"="c:\users\Onpoint\AppData\Roaming\Intermediate\Intermediate.exe"
"SCheck"="c:\users\Onpoint\AppData\Roaming\SCheck\SCheck.exe" check 
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"PDFPrint"=g:\tools\System\PDF24\pdf24.exe
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2015-05-05 37896]
R2 AntiVirMailService;Avira Email-Schutz;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2015-09-24 932912]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2015-09-24 461672]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2015-10-14 1147720]
R2 Avira.ServiceHost;Avira Service Host;c:\program files\Avira\Launcher\Avira.ServiceHost.exe [2015-09-10 240872]
R2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2015-09-24 55912]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2013-04-14 142432]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2015-07-31 2909472]
R2 MBAMScheduler;MBAMScheduler;g:\tools\System\ Malwarebytes Anti-Malware \mbamscheduler.exe [2015-03-17 1871160]
R2 MBAMService;MBAMService;g:\tools\System\ Malwarebytes Anti-Malware \mbamservice.exe [2015-03-17 1080120]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-05 4176896]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [2014-07-21 1781048]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2009-10-02 127488]
R3 eapihdrv;eapihdrv;c:\users\Onpoint\AppData\Local\Temp\ehdrv.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2009-10-02 124416]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2015-10-30 94936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-10-31 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [2013-11-12 12320]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP2\RpcAgentSrv.exe [2009-08-10 93848]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S3 RTL8192cu;Surf Wireless Micro USB Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-07-06 648808]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - PXHELP20
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2015-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-02 13:22]
.
2015-08-29 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000Core.job
- c:\users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21 10:58]
.
2015-10-31 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000UA.job
- c:\users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21 10:58]
.
2015-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000Core.job
- c:\users\Onpoint\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-17 20:23]
.
2015-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000UA.job
- c:\users\Onpoint\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-17 20:23]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://safesearch.avira.com/#web/result?source=art&q=
uDefault_Search_URL = https://safesearch.avira.com/#web/result?source=art&q=
mStart Page = https://safesearch.avira.com/#web/result?source=art&q=
uSearchAssistant = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Onpoint\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Onpoint\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: {{c0e8ae32-0758-4c8d-ab71-23b361fe8964} - c:\users\Onpoint\AppData\Local\Temp\ie_script.htm
TCP: DhcpNameServer = 217.68.161.141 217.68.161.171 8.8.8.8
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-Ctnglh - c:\users\Onpoint\AppData\Roaming\DLLDEV327.dll
AddRemove-{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9} - c:\programdata\{A4FF347C-7353-4B5D-B479-1933EFF12E9A}\Guitar Rig 5 Setup PC.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{B9F6456A-E0C8-4BD3-A6E8-AFA8859EC4C4}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.exe
AddRemove-{2930FB47-6452-4476-BF16-D77F748646DB} - c:\programdata\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\Guitar Rig Mobile IO Setup PC.exe
AddRemove-{371B17C3-9624-4583-A497-DF980313D851} - c:\programdata\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}\Absynth 5 Setup PC.exe
AddRemove-{43E7798A-248E-4A3D-9969-FEA63543A462} - c:\programdata\{699830EE-64F0-4782-AEDE-0FCCC40946BA}\Kontakt 4 Setup PC.exe
AddRemove-{47AFED4E-1B50-497E-92BF-3D9314D68EED} - c:\programdata\{F4FF7251-2B0F-48B9-A31D-1930EB197336}\Komplete Elements Setup PC.exe
AddRemove-{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9} - c:\programdata\{13A9B825-42CB-4973-913D-2194B5A4CF94}\Massive Setup PC.exe
AddRemove-{7930FB47-6452-4476-BF16-D77F748646DB} - c:\programdata\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\Guitar Rig Session IO Setup PC.exe
AddRemove-{8C04CE01-F7B8-4961-884B-6CE7EFFADCD4} - c:\programdata\{5D4AD7AA-51B3-4EF1-8DBC-4D6CBFF4668D}\Reaktor Spark R2 Setup PC.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{62CAB22A-9020-41D6-A410-EAB112E32063}\Traktor 2 Setup PC.exe
AddRemove-{B2552FA6-86E3-410D-84AD-265C2242D410} - c:\programdata\{E051D9C8-9503-489B-8E90-21CEB1DF11C1}\FM8 Setup PC.exe
AddRemove-{B962AD08-335F-46f7-A182-257D37672E5C} - c:\programdata\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\Rig Kontrol 3 Setup PC.exe
AddRemove-{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E} - c:\programdata\{6268CC84-62BB-4890-B980-FC891FC3470E}\Guitar Rig 4 Setup PC.exe
AddRemove-{D94FCA8D-A8B6-4F03-B0AE-416BFB7AF06A} - c:\programdata\{08BCEE1B-8DEC-401F-989A-111EE3AF2366}\Reaktor Elements Selection Setup PC.exe
AddRemove-{E206701F-713C-4799-B01C-AF24C17C826E} - c:\programdata\{ECCA2E41-2653-4A28-BB8F-62B24E1A584D}\Kontakt Elements Selection R2 Setup PC.exe
AddRemove-{E236DA46-2EDD-4097-8CF4-444B4FC9E226} - c:\programdata\{F7BFF4EE-E380-444D-BF91-DE4716D46130}\Abbey Road 60s Drums Vintage Setup PC.exe
AddRemove-{E9EA5F38-6299-45A1-9D23-F21729A19357} - c:\programdata\{9A73EE13-A1FF-4899-BA10-5DF1DE4A86CA}\Reaktor 5 Setup PC.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.032"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ani"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.arw"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bay"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1458833429-1062236089-2201144009-1000)
"Progid"="ACDSee Pro 2.0.bmp"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bw"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cr2"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.crw"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cs1"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cur"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dcr"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dcx"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1458833429-1062236089-2201144009-1000)
"Progid"="ACDSee Pro 2.0.dib"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.djv"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.djvu"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dng"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.emf"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.eps"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.erf"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.fff"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.fpx"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.gif"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.hdr"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.icl"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.icn"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1458833429-1062236089-2201144009-1000)
"Progid"="ACDSee Pro 2.0.ico"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.iff"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ilbm"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.int"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.inta"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.iw4"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.j2c"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.j2k"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1458833429-1062236089-2201144009-1000)
"Progid"="ACDSee Pro 2.0.jfif"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jif"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jp2"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpc"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1458833429-1062236089-2201144009-1000)
"Progid"="ACDSee Pro 2.0.jpe"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1458833429-1062236089-2201144009-1000)
"Progid"="ACDSee Pro 2.0.jpeg"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1458833429-1062236089-2201144009-1000)
"Progid"="ACDSee Pro 2.0.jpg"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpk"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpx"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.lbm"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mef"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mos"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mrw"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.nef"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.orf"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pbm"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pcd"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pct"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pcx"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pef"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pgm"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pic"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pict"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pix"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1458833429-1062236089-2201144009-1000)
"Progid"="ACDSee Pro 2.0.png"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ppm"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.psd"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.psp"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pspimage"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.raf"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ras"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.raw"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rgb"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rgba"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rle"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rsb"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sgi"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sr2"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.srf"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.tga"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.thm"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1458833429-1062236089-2201144009-1000)
"Progid"="ACDSee Pro 2.0.tif"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1458833429-1062236089-2201144009-1000)
"Progid"="ACDSee Pro 2.0.tiff"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ttc"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (S-1-5-21-1458833429-1062236089-2201144009-1000)
@Denied: (2) (LocalSystem)
"Progid"="ttffile"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.v20po"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.v20pp"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.v20ppf"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wbm"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wbmp"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wmf"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xbm"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xif"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xmp"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xpm"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-1458833429-1062236089-2201144009-1000)
"ThreadingModel"="Apartment"
@="c:\\ProgramData\\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\\neth.dll"
.
[HKEY_USERS\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\Drive\ShellEx\FolderExtensions\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-1458833429-1062236089-2201144009-1000)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-11-01  19:19:37
ComboFix-quarantined-files.txt  2015-11-01 18:19
.
Vor Suchlauf: 8.887.422.976 Bytes frei
Nach Suchlauf: 8.819.662.848 Bytes frei
.
- - End Of File - - DEC4BF99C210348484D66BD18E6A4CBA
A36C5E4F47E84449FF07ED3517B43A31
         

Geändert von Ramsi Hartma (01.11.2015 um 20:09 Uhr)

Alt 02.11.2015, 20:23   #12
schrauber
/// the machine
/// TB-Ausbilder
 

RSA 2048 Virus mit Verschlüsselungen - Standard

RSA 2048 Virus mit Verschlüsselungen



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.11.2015, 21:40   #13
Ramsi Hartma
 
RSA 2048 Virus mit Verschlüsselungen - Standard

RSA 2048 Virus mit Verschlüsselungen



Eine kuriose Sache geschieht trotz allem noch. Nach jedem Neustart, öffnet der PC automatisch folgenden Pfad:

C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autostart - Verknüpfung

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 02.11.2015
Suchlaufzeit: 21:04:42
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.02.0.1024
Malware-Datenbank: v2015.11.02.05
Rootkit-Datenbank: v2015.10.28.01
Lizenz: Premium-Version
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Onpoint

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 370192
Abgelaufene Zeit: 15 Min., 26 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Tiefer Rootkit-Suchlauf: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v5.016 - Bericht erstellt am 02/11/2015 um 21:26:03
# Aktualisiert am 01/11/2015 von Xplode
# Datenbank : 2015-11-01.2 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x86)
# Benutzername : Onpoint - ONPOINT-PC
# Gestartet von : C:\Users\Onpoint\Desktop\AdwCleaner_5.016.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
[-] Ordner Gelöscht : C:\ProgramData\Babylon
[-] Ordner Gelöscht : C:\ProgramData\SecTaskMan
[-] Ordner Gelöscht : C:\Users\Onpoint\AppData\Local\PackageAware
[-] Ordner Gelöscht : C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\simple_new_tab
[-] Ordner Gelöscht : C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl
[-] Ordner Gelöscht : C:\Users\Onpoint\AppData\LocalLow\Delta
[-] Ordner Gelöscht : C:\Users\Onpoint\AppData\Roaming\Babylon
[-] Ordner Gelöscht : C:\Users\Onpoint\AppData\Roaming\DataMgr
[-] Ordner Gelöscht : C:\Users\Onpoint\AppData\Roaming\dvdvideosoftiehelpers
[-] Ordner Gelöscht : C:\Users\Onpoint\AppData\Roaming\GrabPro
[-] Ordner Gelöscht : C:\Users\Onpoint\AppData\Roaming\Intermediate
[-] Ordner Gelöscht : C:\Users\Onpoint\AppData\Roaming\SCheck
[-] Ordner Gelöscht : C:\Users\Onpoint\AppData\Roaming\Sixth
[-] Ordner Gelöscht : C:\Users\Onpoint\AppData\Roaming\Snz
[-] Ordner Gelöscht : C:\Users\Onpoint\AppData\Roaming\SSync
[-] Ordner Gelöscht : C:\Users\Onpoint\AppData\Roaming\ProgSense

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aiennapmieppnpfhhogglccgepbdajan_0.localstorage
[-] Datei Gelöscht : C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aiennapmieppnpfhhogglccgepbdajan_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\npnkeeiehehhefofiekoflfedgehcdhl
[-] Datei Gelöscht : C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmgkeimkiojpjcoiiipekfjaopchhjga_0.localstorage
[-] Datei Gelöscht : C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.movshare.net_0.localstorage
[-] Datei Gelöscht : C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.movshare.net_0.localstorage-journal

***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Geplante Tasks ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
[-] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
[-] Schlüssel Gelöscht : HKCU\Software\BI
[-] Schlüssel Gelöscht : HKCU\Software\httogroup
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Protector
[-] Schlüssel Gelöscht : HKCU\Software\StartSearch
[-] Schlüssel Gelöscht : HKCU\Software\Video Player
[-] Schlüssel Gelöscht : HKCU\Software\foxydeal
[-] Schlüssel Gelöscht : HKCU\Software\ProgSense
[-] Schlüssel Gelöscht : HKCU\Software\Snoozer
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Iminent
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\SweetIM
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Daten Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Daten Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten Wiederhergestellt : HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten Wiederhergestellt : HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Daten Wiederhergestellt : HKU\S-1-5-21-1458833429-1062236089-2201144009-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten Wiederhergestellt : HKU\S-1-5-21-1458833429-1062236089-2201144009-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Daten Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Schlüssel Nicht Gelöscht : HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Daten Wiederhergestellt : HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Schlüssel Gelöscht : HKU\S-1-5-21-1458833429-1062236089-2201144009-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Daten Wiederhergestellt : HKU\S-1-5-21-1458833429-1062236089-2201144009-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Internetbrowser ] *****

[-] [C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : feed.helperbar.com
[-] [C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : search.snap.do
[-] [C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : feed.snap.do
[-] [C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : delta-search.com
[-] [C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : combofix.de.softonic.com
[-] [C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : gbmdkmlcnbapgegninelmjbfibaghdmk
[-] [C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : jpmbfleldcgkldadpdinhjjopdfpjfjp
[-] [C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : nchpfiddbhbdnagofhkjlaiaejmkdcla
[-] [C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : npnkeeiehehhefofiekoflfedgehcdhl

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10230 Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Ultimate x86
Ran by Onpoint on 02.11.2015 at 21:35:28,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\System32\tasks\FileAdvisorCheck
Successfully deleted: [Task] C:\Windows\System32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F39032C19F5C81D8B6437859BCCB58BB
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Disk Space Explorer Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files

Successfully deleted: [File] C:\Users\Public\Desktop\tuneup utilities 2014.lnk



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tuneup utilities 2014
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Onpoint\AppData\Roaming\productdata



~~~ Chrome


[C:\Users\Onpoint\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Onpoint\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Onpoint\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Onpoint\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.11.2015 at 21:37:05,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:29-10-2015
durchgeführt von Onpoint (Administrator) auf ONPOINT-PC (02-11-2015 21:38:08)
Gestartet von C:\Users\Onpoint\Desktop
Geladene Profile: Onpoint (Verfügbare Profile: Onpoint & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [782520 2015-10-05] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\Run: [Dropbox Update] => C:\Users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-13] (Dropbox, Inc.)
Startup: C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autostart - Verknüpfung [2015-10-28] ()
Startup: C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-10-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171 8.8.8.8
Tcpip\..\Interfaces\{56DAC62F-F8D2-4E68-A0A7-73D49DEAB4B4}: [DhcpNameServer] 217.68.161.141 217.68.161.171 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000 -> {CE054885-F5D9-455F-8C2E-F037D8B1AA95} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-04] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Onpoint\AppData\Roaming\Mozilla\Firefox\Profiles\Sm2qOauC.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-24] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-05-15] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-05-15] (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1458833429-1062236089-2201144009-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-1458833429-1062236089-2201144009-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-1458833429-1062236089-2201144009-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Onpoint\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\Onpoint\AppData\Roaming\Mozilla\Firefox\Profiles\Sm2qOauC.default\Extensions\abs@avira.com [2015-10-27] [ist nicht signiert]

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR Plugin: (Native Client) - C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\46.0.2490.80\pdf.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Google Update) - C:\Users\Onpoint\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => Keine Datei
CHR Profile: C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Mixcloud Harvester Downloader) - C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\afaibpbhjbconbdfokmbkgdgidflbola [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Google-Suche) - C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast Online Security) - C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-27]
CHR Extension: (Google Mail) - C:\Users\Onpoint\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [932912 2015-10-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [461672 2015-10-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [461672 2015-10-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1147720 2015-10-05] (Avira Operations GmbH & Co. KG)
S2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2013-04-14] (SEIKO EPSON CORPORATION)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit)
S2 MBAMScheduler; G:\Tools\System\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; G:\Tools\System\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4176896 2011-12-05] (Native Instruments GmbH) [Datei ist nicht signiert]
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2\RpcAgentSrv.exe [93848 2009-08-10] (SiSoftware) [Datei ist nicht signiert]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-21] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-10-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-10-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-10-05] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [55912 2015-10-05] (Avira Operations GmbH & Co. KG)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [127488 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.) [Datei ist nicht signiert]
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [124416 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.) [Datei ist nicht signiert]
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2015-10-30] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-11-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [648808 2011-07-06] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2012-12-05] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-10-05] (Avira Operations GmbH & Co. KG)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-11-12] (TuneUp Software)
U3 a68dxk4y; C:\Windows\system32\Drivers\a68dxk4y.sys [0 ] (Advanced Micro Devices) <==== ACHTUNG (Null Byte Datei/Ordner)
S3 catchme; \??\C:\Users\Onpoint\AppData\Local\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\Users\Onpoint\AppData\Local\Temp\ehdrv.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-02 21:38 - 2015-11-02 21:38 - 00015395 _____ C:\Users\Onpoint\Desktop\FRST.txt
2015-11-02 21:37 - 2015-11-02 21:37 - 00002685 _____ C:\Users\Onpoint\Desktop\JRT.txt
2015-11-02 21:33 - 2015-11-02 21:33 - 00010310 _____ C:\Users\Onpoint\Desktop\AdwCleaner[C1].txt
2015-11-02 21:23 - 2015-11-02 21:26 - 00000000 ____D C:\AdwCleaner
2015-11-02 21:22 - 2015-11-02 21:22 - 00001240 _____ C:\Users\Onpoint\Desktop\mbam.txt
2015-11-02 21:08 - 2015-11-02 21:08 - 01798976 _____ (Malwarebytes) C:\Users\Onpoint\Desktop\JRT.exe
2015-11-02 21:07 - 2015-11-02 21:05 - 01708032 _____ C:\Users\Onpoint\Desktop\AdwCleaner_5.016.exe
2015-11-01 20:08 - 2015-11-01 20:08 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Avira
2015-11-01 20:07 - 2015-11-01 20:07 - 00001941 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-11-01 20:07 - 2015-11-01 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-01 20:06 - 2015-11-01 20:06 - 00000000 ____D C:\Program Files\Avira
2015-11-01 20:06 - 2015-10-05 15:51 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-11-01 20:06 - 2015-10-05 15:51 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-11-01 20:06 - 2015-10-05 15:51 - 00055912 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-11-01 20:06 - 2015-10-05 15:51 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-11-01 20:06 - 2015-10-05 15:51 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
2015-11-01 19:27 - 2015-11-02 10:51 - 00324082 _____ C:\Windows\PFRO.log
2015-11-01 19:19 - 2015-11-01 19:19 - 00042806 _____ C:\ComboFix.txt
2015-11-01 19:11 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-01 19:11 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-01 19:11 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-01 19:11 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-01 19:11 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-01 19:11 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-01 19:11 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-01 19:11 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-31 18:42 - 2015-11-01 19:19 - 00000000 ____D C:\Windows\erdnt
2015-10-31 18:42 - 2015-11-01 19:19 - 00000000 ____D C:\Qoobox
2015-10-31 18:23 - 2015-11-02 21:31 - 00000504 _____ C:\Windows\setupact.log
2015-10-31 18:23 - 2015-10-31 18:23 - 03820320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-31 18:23 - 2015-10-31 18:23 - 00000000 _____ C:\Windows\setuperr.log
2015-10-31 18:22 - 2015-10-31 18:22 - 00003560 ____N C:\bootsqm.dat
2015-10-31 00:12 - 2015-10-31 00:12 - 00000000 ____D C:\Windows\CheckSur
2015-10-30 23:24 - 2015-10-30 23:24 - 00122424 _____ C:\Users\Onpoint\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-30 22:20 - 2015-10-30 22:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-29 20:19 - 2015-11-02 21:38 - 00000000 ____D C:\FRST
2015-10-28 21:27 - 2015-10-29 20:19 - 01701888 _____ (Farbar) C:\Users\Onpoint\Desktop\FRST.exe
2015-10-27 23:52 - 2015-10-27 23:52 - 00000855 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-10-27 23:52 - 2015-10-27 23:52 - 00000854 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2015-10-27 23:52 - 2015-10-27 23:52 - 00000854 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-10-27 23:25 - 2015-10-27 23:25 - 00000000 ____D C:\Program Files\ESET
2015-10-27 22:37 - 2015-10-27 22:37 - 00000000 ____D C:\Program Files (x86)
2015-10-27 22:24 - 2015-11-02 21:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-27 22:24 - 2015-10-30 22:19 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-27 22:24 - 2015-10-27 22:37 - 00000819 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-10-27 22:24 - 2015-10-27 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-10-27 22:24 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-27 22:24 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-27 21:56 - 2015-10-27 21:56 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-27 21:51 - 2015-10-27 23:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-27 21:33 - 2015-10-27 21:33 - 00006152 _____ C:\Users\Onpoint\AppData\Roaming\howto_recover_file_nwswx.html
2015-10-27 21:33 - 2015-10-27 21:33 - 00006152 _____ C:\Users\Onpoint\AppData\Local\howto_recover_file_nwswx.html
2015-10-27 21:33 - 2015-10-27 21:33 - 00002259 _____ C:\Users\Onpoint\AppData\Roaming\howto_recover_file_nwswx.txt
2015-10-27 21:33 - 2015-10-27 21:33 - 00002259 _____ C:\Users\Onpoint\AppData\Local\howto_recover_file_nwswx.txt
2015-10-27 21:31 - 2015-10-27 21:31 - 00006152 _____ C:\Users\Public\Documents\howto_recover_file_nwswx.html
2015-10-27 21:31 - 2015-10-27 21:31 - 00002259 _____ C:\Users\Public\Documents\howto_recover_file_nwswx.txt
2015-10-27 21:30 - 2015-10-27 21:33 - 00006152 _____ C:\ProgramData\howto_recover_file_nwswx.html
2015-10-27 21:30 - 2015-10-27 21:33 - 00002259 _____ C:\ProgramData\howto_recover_file_nwswx.txt
2015-10-27 21:29 - 2015-10-27 21:29 - 00000254 _____ C:\Users\Onpoint\Documents\recover_file_gagipblns.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\Downloads\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\Documents\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\Desktop\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\AppData\Roaming\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\AppData\LocalLow\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\AppData\Local\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\UpdatusUser\AppData\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\Public\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\Public\Downloads\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\Onpoint\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\Onpoint\Downloads\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00006152 _____ C:\Users\Onpoint\Documents\howto_recover_file_mrjno.html
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\Downloads\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\Documents\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\Desktop\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\AppData\Roaming\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\AppData\LocalLow\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\AppData\Local\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\UpdatusUser\AppData\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\Public\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\Public\Downloads\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\Onpoint\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\Onpoint\Downloads\howto_recover_file_mrjno.txt
2015-10-27 21:06 - 2015-10-27 21:06 - 00002259 _____ C:\Users\Onpoint\Documents\howto_recover_file_mrjno.txt
2015-10-27 21:04 - 2015-10-27 21:04 - 00006152 _____ C:\Users\Onpoint\AppData\howto_recover_file_mrjno.html
2015-10-27 21:04 - 2015-10-27 21:04 - 00002259 _____ C:\Users\Onpoint\AppData\howto_recover_file_mrjno.txt
2015-10-27 21:03 - 2015-10-27 21:03 - 00006152 _____ C:\Users\Onpoint\AppData\LocalLow\howto_recover_file_mrjno.html
2015-10-27 21:03 - 2015-10-27 21:03 - 00002259 _____ C:\Users\Onpoint\AppData\LocalLow\howto_recover_file_mrjno.txt
2015-10-27 20:57 - 2015-10-27 21:06 - 00006152 _____ C:\Users\Onpoint\AppData\Local\howto_recover_file_mrjno.html
2015-10-27 20:57 - 2015-10-27 21:06 - 00002259 _____ C:\Users\Onpoint\AppData\Local\howto_recover_file_mrjno.txt
2015-10-27 20:57 - 2015-10-27 21:04 - 00006152 _____ C:\Users\Onpoint\AppData\Roaming\howto_recover_file_mrjno.html
2015-10-27 20:57 - 2015-10-27 21:04 - 00002259 _____ C:\Users\Onpoint\AppData\Roaming\howto_recover_file_mrjno.txt
2015-10-27 20:56 - 2015-10-27 21:06 - 00006152 _____ C:\Users\Public\Documents\howto_recover_file_mrjno.html
2015-10-27 20:56 - 2015-10-27 21:06 - 00002259 _____ C:\Users\Public\Documents\howto_recover_file_mrjno.txt
2015-10-27 20:55 - 2015-10-27 20:57 - 00006152 _____ C:\ProgramData\howto_recover_file_mrjno.html
2015-10-27 20:55 - 2015-10-27 20:57 - 00002259 _____ C:\ProgramData\howto_recover_file_mrjno.txt
2015-10-27 20:54 - 2015-10-27 20:54 - 00000254 _____ C:\Users\Onpoint\Documents\recover_file_egsyiqrap.txt
2015-10-27 18:21 - 2015-10-30 22:14 - 00000000 ___HD C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-10-27 18:21 - 2015-10-27 18:21 - 00000254 _____ C:\Users\Onpoint\Documents\recover_file_sooikjdow.txt
2015-10-25 21:21 - 2015-10-30 23:22 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-10-25 21:21 - 2015-10-27 22:59 - 00002109 _____ C:\Users\Onpoint\Desktop\JDownloader 2.lnk
2015-10-25 21:19 - 2015-10-27 21:34 - 00000000 ____D C:\Users\Onpoint\AppData\Local\JDownloader 2.0
2015-10-24 12:52 - 2015-10-30 23:22 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-15 16:13 - 2015-10-27 21:04 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Mozilla

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-02 21:35 - 2009-07-14 05:34 - 00029440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-02 21:35 - 2009-07-14 05:34 - 00029440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-02 21:34 - 2011-06-17 14:07 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000UA.job
2015-11-02 21:34 - 2011-06-17 13:22 - 01847713 _____ C:\Windows\WindowsUpdate.log
2015-11-02 21:31 - 2011-06-17 13:49 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-02 21:31 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-02 21:21 - 2013-03-02 11:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-02 21:12 - 2012-01-05 17:24 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Adobe
2015-11-02 21:09 - 2015-06-21 11:58 - 00001232 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000UA.job
2015-11-02 14:32 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-11-01 20:06 - 2014-05-04 13:16 - 00000000 ____D C:\ProgramData\Avira
2015-11-01 20:04 - 2014-08-22 08:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-01 19:19 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2015-11-01 19:18 - 2013-07-23 10:00 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Common
2015-11-01 19:18 - 2011-06-17 14:32 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Propellerhead Software
2015-11-01 19:18 - 2011-06-17 14:32 - 00000000 ____D C:\ProgramData\Propellerhead Software
2015-11-01 19:18 - 2009-07-14 03:04 - 00000243 _____ C:\Windows\system.ini
2015-11-01 19:16 - 2013-12-15 17:40 - 00000000 ____D C:\ProgramData\TEMP
2015-10-30 23:22 - 2013-11-06 12:38 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-10-30 23:22 - 2013-08-11 20:10 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free IP Switcher
2015-10-30 23:22 - 2013-07-11 16:44 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GForce
2015-10-30 23:22 - 2012-05-29 21:47 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-10-30 23:22 - 2011-08-07 19:09 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftMaker Office
2015-10-30 23:22 - 2011-06-17 14:08 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-30 23:22 - 2011-06-17 13:42 - 00000000 ___RD C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-30 23:21 - 2011-06-17 13:42 - 00000000 ___RD C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-30 23:12 - 2011-07-20 11:27 - 00000000 ____D C:\Windows\Minidump
2015-10-30 23:12 - 2011-06-17 14:19 - 00000000 ____D C:\Windows\Panther
2015-10-30 22:17 - 2014-04-22 11:54 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Dropbox
2015-10-29 21:28 - 2014-12-29 12:50 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\HpUpdate
2015-10-29 21:28 - 2013-10-23 11:40 - 00000000 __HDC C:\ProgramData\{F4FF7251-2B0F-48B9-A31D-1930EB197336}
2015-10-29 21:28 - 2013-10-23 11:40 - 00000000 __HDC C:\ProgramData\{ECCA2E41-2653-4A28-BB8F-62B24E1A584D}
2015-10-29 21:28 - 2013-10-23 11:35 - 00000000 __HDC C:\ProgramData\{F7BFF4EE-E380-444D-BF91-DE4716D46130}
2015-10-29 21:28 - 2013-10-23 11:34 - 00000000 __HDC C:\ProgramData\{08BCEE1B-8DEC-401F-989A-111EE3AF2366}
2015-10-29 21:28 - 2013-10-23 11:33 - 00000000 __HDC C:\ProgramData\{9A73EE13-A1FF-4899-BA10-5DF1DE4A86CA}
2015-10-29 21:28 - 2013-10-23 11:33 - 00000000 __HDC C:\ProgramData\{699830EE-64F0-4782-AEDE-0FCCC40946BA}
2015-10-29 21:28 - 2013-10-23 11:33 - 00000000 __HDC C:\ProgramData\{5D4AD7AA-51B3-4EF1-8DBC-4D6CBFF4668D}
2015-10-29 21:28 - 2013-10-23 11:30 - 00000000 __HDC C:\ProgramData\{6268CC84-62BB-4890-B980-FC891FC3470E}
2015-10-29 21:28 - 2013-07-21 16:56 - 00000000 __HDC C:\ProgramData\{62CAB22A-9020-41D6-A410-EAB112E32063}
2015-10-29 21:28 - 2013-07-11 17:47 - 00000000 __HDC C:\ProgramData\{E051D9C8-9503-489B-8E90-21CEB1DF11C1}
2015-10-29 21:28 - 2013-07-11 16:59 - 00000000 __HDC C:\ProgramData\{A4FF347C-7353-4B5D-B479-1933EFF12E9A}
2015-10-29 21:28 - 2013-07-11 16:58 - 00000000 __HDC C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}
2015-10-29 21:28 - 2013-07-11 16:56 - 00000000 __HDC C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}
2015-10-29 21:28 - 2013-07-11 16:53 - 00000000 __HDC C:\ProgramData\{B9F6456A-E0C8-4BD3-A6E8-AFA8859EC4C4}
2015-10-29 21:28 - 2013-07-11 16:53 - 00000000 __HDC C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2015-10-29 21:28 - 2013-07-11 16:53 - 00000000 __HDC C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
2015-10-29 21:28 - 2013-04-02 19:25 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Downloaded Installations
2015-10-29 21:28 - 2012-02-10 14:11 - 00000000 __HDC C:\ProgramData\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
2015-10-29 21:28 - 2012-02-06 16:47 - 00000000 __HDC C:\ProgramData\{13A9B825-42CB-4973-913D-2194B5A4CF94}
2015-10-29 21:28 - 2011-06-17 14:12 - 00000000 __SHD C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2015-10-28 21:13 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2015-10-28 01:50 - 2014-01-15 20:30 - 00007602 _____ C:\Users\Onpoint\AppData\Local\Resmon.ResmonCfg
2015-10-28 00:30 - 2014-02-09 12:34 - 00000000 ____D C:\avast! sandbox
2015-10-27 23:41 - 2011-06-17 14:08 - 00002380 _____ C:\Users\Onpoint\Desktop\Google Chrome.lnk
2015-10-27 23:04 - 2015-09-24 18:10 - 00120832 ___SH C:\Users\Onpoint\Desktop\Thumbs.db
2015-10-27 23:01 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\LiveKernelReports
2015-10-27 22:59 - 2015-06-21 15:44 - 00000765 _____ C:\Users\Onpoint\Desktop\Start Tor Browser.lnk
2015-10-27 22:59 - 2015-04-25 16:04 - 00000701 _____ C:\Users\Onpoint\Desktop\XnView.lnk
2015-10-27 22:59 - 2014-04-22 12:03 - 00001021 _____ C:\Users\Onpoint\Desktop\Dropbox.lnk
2015-10-27 22:59 - 2013-09-07 12:44 - 00000877 _____ C:\Users\Onpoint\Desktop\Free M4a to MP3 Converter.lnk
2015-10-27 22:59 - 2013-07-11 16:44 - 00001362 _____ C:\Users\Onpoint\Desktop\impOSCar2.lnk
2015-10-27 22:59 - 2013-05-11 16:11 - 00001482 _____ C:\Users\Onpoint\Desktop\Adobe Audition CS6.lnk
2015-10-27 22:59 - 2012-11-25 15:01 - 00001367 _____ C:\Users\Onpoint\Desktop\Free YouTube to MP3 Converter.lnk
2015-10-27 22:59 - 2012-02-10 14:20 - 00000821 _____ C:\Users\Onpoint\Desktop\Live 8.2.2.lnk
2015-10-27 22:59 - 2011-08-11 12:25 - 00000994 _____ C:\Users\Onpoint\Desktop\Reason 4 - Verknüpfung.lnk
2015-10-27 22:59 - 2011-06-17 15:09 - 00012415 _____ C:\Users\Onpoint\Desktop\ReCycle.lnk
2015-10-27 22:59 - 2011-06-17 14:37 - 00000932 _____ C:\Users\Onpoint\Desktop\Steam.lnk
2015-10-27 22:59 - 2011-06-17 14:14 - 00000683 _____ C:\Users\Onpoint\Desktop\WinRAR.lnk
2015-10-27 22:59 - 2011-06-17 13:58 - 00001338 _____ C:\Users\Onpoint\Desktop\SiSoftware Sandra Lite 2011.SP2.lnk
2015-10-27 22:59 - 2011-06-17 13:57 - 00000355 _____ C:\Users\Onpoint\Desktop\Computer.lnk
2015-10-27 21:40 - 2011-06-17 13:42 - 00000000 ____D C:\Users\Onpoint
2015-10-27 21:34 - 2014-12-29 12:48 - 00000000 ____D C:\Users\Onpoint\AppData\Local\HP
2015-10-27 21:34 - 2011-06-17 14:07 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Google
2015-10-27 21:33 - 2015-06-21 11:58 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Dropbox
2015-10-27 21:33 - 2015-02-24 18:09 - 00000000 ____D C:\ProgramData\Xilisoft
2015-10-27 21:33 - 2015-02-19 13:06 - 00000000 ____D C:\Users\Onpoint\AppData\Local\elfopatch
2015-10-27 21:33 - 2014-12-29 12:51 - 00000000 ____D C:\ProgramData\Visan
2015-10-27 21:33 - 2014-05-04 14:22 - 00000000 ____D C:\ProgramData\Syncrosoft
2015-10-27 21:33 - 2013-09-07 12:44 - 00000000 ____D C:\Users\Onpoint\AppData\Local\avgchrome
2015-10-27 21:33 - 2013-05-29 18:02 - 00000000 ____D C:\ProgramData\xhip
2015-10-27 21:33 - 2013-04-02 19:30 - 00000000 ____D C:\Users\Onpoint\AppData\Local\ACD Systems
2015-10-27 21:33 - 2013-01-15 15:35 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-10-27 21:33 - 2012-05-29 22:40 - 00000000 ____D C:\ProgramData\Vodafone
2015-10-27 21:33 - 2012-01-05 17:56 - 00000000 ____D C:\ProgramData\Sun
2015-10-27 21:33 - 2011-06-17 14:41 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Activision
2015-10-27 21:33 - 2011-06-17 14:12 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-10-27 21:32 - 2014-12-29 12:51 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-10-27 21:32 - 2014-12-29 12:50 - 00000000 ____D C:\ProgramData\HP
2015-10-27 21:32 - 2014-05-04 12:28 - 00000000 ____D C:\ProgramData\Oracle
2015-10-27 21:32 - 2013-12-03 11:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-27 21:32 - 2013-12-03 11:14 - 00000000 ____D C:\ProgramData\IObit
2015-10-27 21:32 - 2013-07-11 16:53 - 00000000 ____D C:\ProgramData\Native Instruments
2015-10-27 21:32 - 2011-06-17 13:49 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-27 21:31 - 2015-06-21 11:58 - 00000000 ____D C:\ProgramData\Dropbox
2015-10-27 21:31 - 2014-05-04 14:22 - 00000000 ____D C:\ProgramData\eLicenser
2015-10-27 21:31 - 2014-05-04 14:21 - 00000000 ____D C:\ProgramData\Arturia
2015-10-27 21:31 - 2013-09-19 10:45 - 00000000 ____D C:\ProgramData\elsterformular
2015-10-27 21:31 - 2013-04-14 09:03 - 00000000 ____D C:\ProgramData\EPSON
2015-10-27 21:31 - 2012-12-05 12:40 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-10-27 21:31 - 2012-05-08 18:30 - 00000000 ____D C:\ProgramData\FLEXnet
2015-10-27 21:31 - 2011-09-06 10:26 - 00000000 ____D C:\ProgramData\AVAST Software
2015-10-27 21:31 - 2011-06-17 14:21 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2015-10-27 21:30 - 2012-01-05 17:04 - 00000000 ____D C:\ProgramData\Adobe
2015-10-27 21:29 - 2013-04-02 19:29 - 00000000 ____D C:\ProgramData\ACD Systems
2015-10-27 21:29 - 2012-01-07 23:07 - 00000000 ____D C:\ProgramData\Ableton
2015-10-27 21:29 - 2011-06-23 10:08 - 00000000 ____D C:\Temp
2015-10-27 21:06 - 2014-12-09 12:01 - 00000000 ____D C:\Users\Onpoint\Documents\Ableton
2015-10-27 21:06 - 2014-12-05 23:25 - 00000000 ____D C:\Users\Onpoint\Library
2015-10-27 21:06 - 2014-12-05 21:49 - 00000000 ____D C:\Users\Onpoint\Documents\Usenet.nl
2015-10-27 21:06 - 2014-11-28 16:57 - 24084910 _____ C:\Users\Onpoint\Documents\Unbenannt 1 Präsentation.ppt.ccc
2015-10-27 21:06 - 2014-11-28 16:57 - 00985886 _____ C:\Users\Onpoint\Documents\Unbenannt 3 Präsentation.odp.ccc
2015-10-27 21:06 - 2014-11-27 18:44 - 00823118 _____ C:\Users\Onpoint\Documents\Unbenannt 2 Präsentation.odp.ccc
2015-10-27 21:06 - 2014-11-27 18:43 - 00823118 _____ C:\Users\Onpoint\Documents\Unbenannt 1 Präsentation.odp.ccc
2015-10-27 21:06 - 2014-11-27 14:40 - 00000000 ____D C:\Users\Onpoint\Downloads\Microsoft-Office-2013
2015-10-27 21:06 - 2013-11-06 12:38 - 00000000 ____D C:\Users\Onpoint\Documents\Amazon MP3
2015-10-27 21:06 - 2013-10-23 11:38 - 00000000 ____D C:\Users\Public\Documents\Kontakt Elements Selection R2 Library
2015-10-27 21:06 - 2013-10-23 11:35 - 00000000 ____D C:\Users\Public\Documents\Abbey Road 60s Drums Vintage Library
2015-10-27 21:06 - 2013-10-23 11:34 - 00000000 ____D C:\Users\Public\Documents\Reaktor Elements Selection
2015-10-27 21:06 - 2013-10-23 11:33 - 00000000 ____D C:\Users\Public\Documents\Reaktor Spark R2
2015-10-27 21:06 - 2013-09-14 08:51 - 00267118 _____ C:\Users\Onpoint\Documents\Unbenannt 1 handout.odt.ccc
2015-10-27 21:06 - 2013-06-15 15:25 - 00000000 ____D C:\Users\Onpoint\Documents\Adobe
2015-10-27 21:06 - 2013-05-11 16:11 - 00000000 ____D C:\Users\Public\Documents\Adobe
2015-10-27 21:06 - 2013-04-19 18:52 - 00000000 ____D C:\Users\Onpoint\Desktop\WhatsApp Images
2015-10-27 21:06 - 2013-01-15 18:07 - 00000000 ____D C:\Users\Onpoint\Documents\Adobe Scripts
2015-10-27 21:06 - 2012-01-31 20:37 - 00000000 ____D C:\Users\Onpoint\Documents\Native Instruments
2015-10-27 21:06 - 2011-07-07 12:11 - 00000000 ____D C:\Users\Onpoint\Documents\DVDVideoSoft
2015-10-27 21:06 - 2011-06-17 13:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-27 21:06 - 2011-06-17 13:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-27 21:06 - 2009-07-14 09:56 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-10-27 21:06 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-27 21:05 - 2014-11-30 16:27 - 314102190 _____ C:\Users\Onpoint\Desktop\Unbenannt 1 Präsentation [Wiederhergestellt].ppt.ccc
2015-10-27 21:04 - 2015-06-21 20:53 - 00000478 _____ C:\Users\Onpoint\Desktop\Neues Textdokument.txt.ccc
2015-10-27 21:04 - 2015-04-25 16:04 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\XnView
2015-10-27 21:04 - 2015-02-24 18:11 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Xilisoft
2015-10-27 21:04 - 2014-12-07 22:38 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\XMedia Recode
2015-10-27 21:04 - 2014-12-05 21:49 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Usenet.nl
2015-10-27 21:04 - 2014-06-26 13:15 - 00000000 ____D C:\Users\Onpoint\Desktop\Schulter MRT
2015-10-27 21:04 - 2014-03-08 10:39 - 00114014 _____ C:\Users\Onpoint\Desktop\BasaleStimulation.pdf.ccc
2015-10-27 21:04 - 2014-01-27 11:30 - 00000000 ____D C:\Users\Onpoint\Desktop\LEave me vocals
2015-10-27 21:04 - 2013-07-29 20:07 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\uTorrent
2015-10-27 21:04 - 2013-07-23 10:36 - 00000000 ____D C:\Users\Onpoint\Desktop\Samples
2015-10-27 21:04 - 2013-07-14 19:52 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\WinRAR
2015-10-27 21:04 - 2013-01-15 15:35 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\NVIDIA
2015-10-27 21:04 - 2012-08-01 12:29 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Orbit
2015-10-27 21:04 - 2012-07-13 20:18 - 03583646 _____ C:\Users\Onpoint\Desktop\SDC10375.JPG.ccc
2015-10-27 21:04 - 2012-05-08 18:30 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Vodafone
2015-10-27 21:04 - 2012-02-10 13:31 - 11010478 _____ C:\Users\Onpoint\AppData\Roaming\Sandra.mdb.ccc
2015-10-27 21:04 - 2012-01-05 17:58 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\OpenOffice.org
2015-10-27 21:04 - 2011-07-20 12:31 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\vlc
2015-10-27 21:04 - 2011-06-21 10:58 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Steinberg
2015-10-27 21:04 - 2011-06-17 14:13 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\TuneUp Software
2015-10-27 21:04 - 2011-06-17 14:00 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Option
2015-10-27 21:03 - 2015-05-03 16:07 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Steam
2015-10-27 21:03 - 2014-12-17 19:49 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\com.adobe.amp
2015-10-27 21:03 - 2014-11-27 15:21 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Microsoft Help
2015-10-27 21:03 - 2014-11-27 14:40 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Temp2102f2aadb7275ce4011279dbd4bc1a6
2015-10-27 21:03 - 2014-08-05 11:01 - 00000000 ____D C:\Users\Onpoint\AppData\Local\TuneUp Software
2015-10-27 21:03 - 2014-01-08 18:33 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2015-10-27 21:03 - 2014-01-08 18:33 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\chc
2015-10-27 21:03 - 2013-12-03 11:21 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Malwarebytes
2015-10-27 21:03 - 2013-12-03 11:14 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\IObit
2015-10-27 21:03 - 2013-11-06 12:38 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Amazon
2015-10-27 21:03 - 2013-09-19 10:46 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\elsterformular
2015-10-27 21:03 - 2013-09-08 12:44 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\FileAdvisor
2015-10-27 21:03 - 2013-08-11 20:10 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Eusing
2015-10-27 21:03 - 2013-07-23 09:51 - 00000000 ____D C:\Users\Onpoint\AppData\Local\PDF24
2015-10-27 21:03 - 2013-07-11 17:04 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\GForce
2015-10-27 21:03 - 2013-05-03 15:33 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2015-10-27 21:03 - 2013-04-02 19:30 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\ACD Systems
2015-10-27 21:03 - 2012-12-05 12:47 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\DAEMON Tools Lite
2015-10-27 21:03 - 2012-10-24 18:03 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Microsoft Games
2015-10-27 21:03 - 2012-08-23 09:51 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Windows Live
2015-10-27 21:03 - 2012-05-08 18:30 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Bytemobile
2015-10-27 21:03 - 2012-05-08 18:30 - 00000000 ____D C:\Users\Onpoint\AppData\Local\{86DD38A2-C8BD-404A-A1BD-907F6B69C913}
2015-10-27 21:03 - 2012-01-31 20:37 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Native Instruments
2015-10-27 21:03 - 2012-01-07 23:07 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Ableton
2015-10-27 21:03 - 2012-01-05 17:56 - 00000000 ____D C:\Users\Onpoint\AppData\LocalLow\Sun
2015-10-27 21:03 - 2012-01-05 17:42 - 00000000 ____D C:\Users\Onpoint\AppData\LocalLow\Temp
2015-10-27 21:03 - 2012-01-05 17:24 - 00000000 ____D C:\Users\Onpoint\AppData\LocalLow\Adobe
2015-10-27 21:03 - 2011-07-07 12:12 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\DVDVideoSoft
2015-10-27 21:03 - 2011-06-18 15:35 - 00000000 ____D C:\Users\Onpoint\AppData\Local\Xara
2015-10-27 21:03 - 2011-06-17 14:21 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\DAEMON Tools Pro
2015-10-27 21:03 - 2011-06-17 14:09 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Macromedia
2015-10-27 21:03 - 2011-06-17 14:09 - 00000000 ____D C:\Users\Onpoint\AppData\Roaming\Adobe
2015-10-27 21:03 - 2011-06-17 13:42 - 00000000 ____D C:\Users\Onpoint\AppData\Local\VirtualStore
2015-10-27 20:57 - 2011-06-17 13:44 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-24 14:22 - 2013-03-02 11:06 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-24 14:22 - 2013-03-02 11:06 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-13 12:44 - 2013-09-07 12:44 - 00000000 ____D C:\Program Files\File Type Advisor

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-10-14 03:44 - 2013-10-14 03:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2015-10-27 20:57 - 2015-10-27 21:04 - 0006152 _____ () C:\Users\Onpoint\AppData\Roaming\howto_recover_file_mrjno.html
2015-10-27 20:57 - 2015-10-27 21:04 - 0002259 _____ () C:\Users\Onpoint\AppData\Roaming\howto_recover_file_mrjno.txt
2015-10-27 21:33 - 2015-10-27 21:33 - 0006152 _____ () C:\Users\Onpoint\AppData\Roaming\howto_recover_file_nwswx.html
2015-10-27 21:33 - 2015-10-27 21:33 - 0002259 _____ () C:\Users\Onpoint\AppData\Roaming\howto_recover_file_nwswx.txt
2012-02-10 13:31 - 2015-10-27 21:04 - 11010478 _____ () C:\Users\Onpoint\AppData\Roaming\Sandra.mdb.ccc
2014-06-19 12:11 - 2014-06-19 12:11 - 0000024 _____ () C:\Users\Onpoint\AppData\Roaming\temp.ini
2013-05-09 19:48 - 2015-01-07 17:28 - 0014848 _____ () C:\Users\Onpoint\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-27 20:57 - 2015-10-27 21:06 - 0006152 _____ () C:\Users\Onpoint\AppData\Local\howto_recover_file_mrjno.html
2015-10-27 20:57 - 2015-10-27 21:06 - 0002259 _____ () C:\Users\Onpoint\AppData\Local\howto_recover_file_mrjno.txt
2015-10-27 21:33 - 2015-10-27 21:33 - 0006152 _____ () C:\Users\Onpoint\AppData\Local\howto_recover_file_nwswx.html
2015-10-27 21:33 - 2015-10-27 21:33 - 0002259 _____ () C:\Users\Onpoint\AppData\Local\howto_recover_file_nwswx.txt
2014-01-15 20:30 - 2015-10-28 01:50 - 0007602 _____ () C:\Users\Onpoint\AppData\Local\Resmon.ResmonCfg
2014-12-29 12:49 - 2014-12-29 12:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-10-27 20:55 - 2015-10-27 20:57 - 0006152 _____ () C:\ProgramData\howto_recover_file_mrjno.html
2015-10-27 20:55 - 2015-10-27 20:57 - 0002259 _____ () C:\ProgramData\howto_recover_file_mrjno.txt
2015-10-27 21:30 - 2015-10-27 21:33 - 0006152 _____ () C:\ProgramData\howto_recover_file_nwswx.html
2015-10-27 21:30 - 2015-10-27 21:33 - 0002259 _____ () C:\ProgramData\howto_recover_file_nwswx.txt

Einige Dateien in TEMP:
====================
C:\Users\Onpoint\AppData\Local\temp\avgnt.exe
C:\Users\Onpoint\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-24 14:25

==================== Ende vom FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:29-10-2015
durchgeführt von Onpoint (2015-11-02 21:38:37)
Gestartet von C:\Users\Onpoint\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2011-06-17 12:42:20)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1458833429-1062236089-2201144009-500 - Administrator - Disabled)
Gast (S-1-5-21-1458833429-1062236089-2201144009-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1458833429-1062236089-2201144009-1003 - Limited - Enabled)
Onpoint (S-1-5-21-1458833429-1062236089-2201144009-1000 - Administrator - Enabled) => C:\Users\Onpoint
UpdatusUser (S-1-5-21-1458833429-1062236089-2201144009-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\uTorrent) (Version: 3.3.1.29963 - BitTorrent Inc.)
ACDSee Pro 2 (HKLM\...\{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}) (Version: 2.0.219 - ACD Systems International)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Audition CS6 (HKLM\...\{30FD541D-3C9D-41C4-B240-A994EE4E0231}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Alesis io|2 ASIO Driver (HKLM\...\{311EEFFE-8354-42D8-B2A0-A0666689F69F}) (Version: 1.0.0 - Alesis)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ATI Catalyst Install Manager (HKLM\...\{5155EC96-7397-FCC0-154C-F4814DA6B86C}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
bl (Version: 1.0.0 - Your Company Name) Hidden
Call of Duty: Black Ops (HKLM\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
Cool Edit Pro 2.0 (HKLM\...\Cool Edit Pro 2.0) (Version:  - )
CS-80V2 2.0 (HKLM\...\CS-80V2_is1) (Version:  - Arturia)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Dropbox (HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Druckerdeinstallation für EPSON SX430 Series (HKLM\...\EPSON SX430 Series) (Version:  - SEIKO EPSON Corporation)
eLicenser Control (HKLM\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.0.16151 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
File Type Advisor 1.0 (HKLM\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free IP Switcher (HKLM\...\Free IP Switcher) (Version: hxxp://www.eusing.com/ipswitch/free_ip_switcher.htm - Eusing Software)
Free M4a to MP3 Converter 8.0 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
Google Chrome (HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{8A7CB3D4-0C49-4A19-8504-CF250CE1F5E8}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.0.4.922 - IObit)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Live 8.2.2 (HKLM\...\Live 8.2.2) (Version:  - )
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
MKV Player 2.1.17 (HKLM\...\MKV Player_is1) (Version:  - )
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 301.42 - NVIDIA Corporation)
NVIDIA Grafiktreiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.42 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.8.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
ph (Version: 1.0.0 - Your Company Name) Hidden
Picture Collage Maker Free 2.1.2 (HKLM\...\{DEB7295A-D00E-4D45-846C-2947E8C3F080}_is1) (Version:  - PearlMountain Soft)
Samplitude 11 (HKLM\...\{AE0009FD-8F50-4565-835D-4432BD18D792}) (Version: 11.0.1.0 - MAGIX AG)
Security Task Manager 2.1d (HKLM\...\Security Task Manager) (Version: 2.1d - Neuber Software)
SiSoftware Sandra Lite 2011.SP2 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1) (Version: 17.50.2011.6 - SiSoftware)
Steinberg Cubase LE (HKLM\...\Steinberg Cubase LE) (Version:  - )
SynthMaster 2.5 VST/VSTi version 2.5.3.109 (HKLM\...\{724D6BD0-88D0-4354-A124-6EE4D36E9EF2}_is1) (Version: 2.5.3.109 - KV331 Audio)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.342 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.342 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.342 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4600.4 - TuneUp Software) Hidden
Video DVD Maker v3.30.0.75 (HKLM\...\{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}) (Version:  - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
XMedia Recode Version 3.2.0.2 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.0.2 - XMedia Recode)
XnView 2.32 (HKLM\...\XnView_is1) (Version: 2.32 - Gougelet Pierre-e)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Onpoint\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Onpoint\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\Onpoint\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\neth.dll => Keine Datei <==== ACHTUNG
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Onpoint\AppData\Local\Google\Chrome\Application\46.0.2490.80\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Onpoint\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Onpoint\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Onpoint\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Onpoint\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Onpoint\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Onpoint\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Wiederherstellungspunkte =========================

02-11-2015 21:35:28 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:04 - 2015-11-01 19:18 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0128651B-F837-47F3-BAB4-E41CDF188EBA} - System32\Tasks\AdobeAAMUpdater-1.0-Onpoint-PC-Onpoint => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {0F97DE12-2EDD-4A98-BA51-8EB6ADF9222D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {1440E683-96E8-48B4-9A6B-55381CEBC2F3} - System32\Tasks\Google Updater and Installer => C:\Users\Onpoint\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {16E25601-B1E3-498E-BE94-6B9B35E580B8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000UA => C:\Users\Onpoint\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {4CB71AF6-FAE4-4E43-9519-F1176668990E} - System32\Tasks\FileAdvisorUpdate => C:\Program Files\File Type Advisor\fileadvisor.exe [2013-07-12] (File Type Advisor)
Task: {6116501C-AB06-46D8-9F38-9617BB0F81C6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000Core => C:\Users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {63E8C95C-714D-4FEA-9A65-9CC7A73DDF86} - System32\Tasks\{F2706A66-E45C-42BE-9532-A51AD05124CA} => C:\Users\Onpoint\Desktop\ComboFix.exe
Task: {6476984C-9C2A-4005-8446-5D319B1C4307} - System32\Tasks\{91C85DE8-0E65-4190-9768-087CFADC56B4} => C:\Users\Onpoint\Desktop\ComboFix.exe
Task: {68E17EFD-2665-4F9B-90C6-975638732BE4} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {755F1BB6-CA93-45EE-A576-E2ED2F93D6AA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7FC90254-8F4B-4033-8697-6B179A25D014} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000UA => C:\Users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {809E92E1-8CE8-4A27-9816-CC96D30F79FD} - System32\Tasks\{02591D7E-F28C-4528-88E0-1B0BE7C5D4BF} => pcalua.exe -a C:\Users\Onpoint\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\installationsverwaltung.exe -d C:\Users\Onpoint\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\ -c --picaDir="G:\Traumfabrik Music GbR\ Steuer"
Task: {949FD36A-15B9-48D6-B4B6-340FCC0AEA54} - System32\Tasks\{E5A8CACB-86BB-4443-A999-2C515EC79803} => C:\Users\Onpoint\Desktop\ComboFix.exe
Task: {BE508C33-21BC-4460-B99B-EC5AE1D0EE9C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated)
Task: {C21CE928-3F09-465C-B408-EBDFD6557474} - System32\Tasks\AutoPico Daily Restart => G:\Tools\System\Microsoft Office\KMSpico\AutoPico.exe
Task: {C9DAD041-723A-43D0-A991-A1CAD4C58677} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000Core => C:\Users\Onpoint\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {CB086D9E-FCB3-4EAA-BBA7-67A89DF9569F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D8E6B67C-BF06-47F6-B0D4-ADC28F538D6F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-24] (Adobe Systems Incorporated)
Task: {E4255437-F12F-4592-84EF-5364BA52D682} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000Core.job => C:\Users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000UA.job => C:\Users\Onpoint\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000Core.job => C:\Users\Onpoint\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1458833429-1062236089-2201144009-1000UA.job => C:\Users\Onpoint\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-04-25 16:04 - 2015-02-19 09:25 - 01736704 _____ () G:\Tools\Video&Musik\XnView\ShellEx\XnViewShellExt.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Software\Classes\exefile:  <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1458833429-1062236089-2201144009-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 217.68.161.141 - 217.68.161.171
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{90FF1ADC-1DA0-4447-B994-28115A45CCF3}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2\RpcAgentSrv.exe
FirewallRules: [{C6C6FA91-3E7C-4AA3-8F3B-BC488A01EE6E}] => (Allow) E:\Games\Steam\Steam.exe
FirewallRules: [{09B2E8BB-497D-4B18-84E7-1303C8F7B475}] => (Allow) E:\Games\Steam\Steam.exe
FirewallRules: [{238DD0F1-FC3D-4E50-885A-C138FA582162}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{27B3CBA0-8D2A-40BF-A55F-366CC640E341}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{DBDA333E-0B50-4E1B-9FB3-46CB47B4F9F4}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [{FF3AD8EB-C753-411A-84F9-4451F93D60AB}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [{EB28F755-46E0-430E-8863-4B375E7BBFBB}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [{59C7CF8C-3A0B-434F-8F98-598346B0B440}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [{E0558C44-7573-4EFF-B377-C77B4BDDCC57}] => (Allow) E:\Games\Steam\steamapps\common\call of duty black ops\BlackOps.exe
FirewallRules: [{7C07985D-8772-4CA5-B9A2-6BC2FEF6D377}] => (Allow) E:\Games\Steam\steamapps\common\call of duty black ops\BlackOps.exe
FirewallRules: [{B5AA5041-0515-4494-B4B2-E0EAD2156C00}] => (Allow) E:\Games\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe
FirewallRules: [{0EB52DD9-95B9-4A6E-852B-43AE6162B93F}] => (Allow) E:\Games\Steam\steamapps\common\call of duty black ops\BlackOpsMP.exe
FirewallRules: [{F85D9DF2-B21D-4B63-A18D-FB237DE66838}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{F062AB5A-AC61-4CC9-B76E-D811844EC5FC}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{1126A7B6-C240-4127-B114-BA6BB9887391}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C570CDB0-9B62-46BA-9461-8C1A50ABED4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9E5ECF47-E88D-483D-B792-84AB7FA0C63B}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [{C4A6190B-FBA0-4969-99EB-40DE343AC530}] => (Allow) E:\Games\Steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [TCP Query User{C22DEA18-5C76-452A-8241-5BCB74DB0AF0}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{B2D1BFC2-F546-46A2-9ADA-DE87A8B5A1E3}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{2A3D400A-B151-4BD6-98FE-7EB5DD12D3B4}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{365504BB-97D0-4928-801C-87C69E5290CD}] => (Allow) LPort=2869
FirewallRules: [{23D5B980-5EDD-4B16-9279-181AF73261BE}] => (Allow) LPort=1900
FirewallRules: [{66BF9D27-A9FB-427B-B1FD-6E21DDC040A7}] => (Allow) C:\Users\Onpoint\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AD7225B9-8F1A-41C9-821D-6EEF96729662}] => (Allow) C:\Users\Onpoint\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3D5B4B76-FAF3-48FE-9DA6-E2FBF8F51D59}] => (Allow) C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7D41D652-223F-4F68-B232-0F66719F2ED4}] => (Allow) C:\Users\Onpoint\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{E127261D-1F16-4FD3-83C7-55AC16E4EA45}C:\users\onpoint\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\onpoint\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{27991C2A-9490-4A68-8860-7B373E0885C0}C:\users\onpoint\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\onpoint\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{046983D9-627E-4A49-9A3D-7F128D87ABFE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{17156758-7564-45EF-825E-C7FFB59CC61D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{279E4CD6-AD47-4FFE-990D-91BA667B177D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9EDA0EFA-333E-4EE6-B8C5-5500CFCCA849}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{ED2BF081-8A33-4E95-9388-82F678FD3DA0}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4314C534-AF20-4C83-B3D1-A8EDE1471057}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{509D2C62-DA02-43E5-A2FC-D445A720F498}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B8A24840-3BB2-4512-950C-6BD8BC9E5D38}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3BDF81ED-3028-41FC-A0DA-9A44B799234E}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{AD63A512-28F5-48EE-B6DF-B1D2E0134B6A}] => (Allow) LPort=5357
FirewallRules: [{F2EA8829-C9A3-46CB-B921-4CD1AFF50BCD}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{4F412CCB-E988-4E4D-9D45-AE4E13CBF420}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{2157830F-CE1C-4A47-8428-F0F0C6C7FC45}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [{5E9D7D61-9270-40AF-A123-3B80B105FFF1}] => (Allow) E:\Games\Steam\Steam.exe
FirewallRules: [{E0D3BE81-C342-4034-8F09-79197220C4F5}] => (Allow) E:\Games\Steam\Steam.exe
FirewallRules: [{6111A8A0-9839-4EFE-AD95-CE0CABABB7F9}] => (Allow) E:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{58DFFAEC-1E7B-4069-BF4B-604CCAE8CD61}] => (Allow) E:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{C83D590A-661D-4662-B483-A2DCBF1D1D8F}] => (Allow) G:\Games\SteamLibrary\steamapps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{DC606EA5-A7D9-452B-A290-29C808175E64}] => (Allow) G:\Games\SteamLibrary\steamapps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [TCP Query User{D3543D74-DC40-4A9B-B3D9-A875806D5CE9}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{90F79F5F-0CBE-4BC6-A19F-D5805AC705C6}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{B49F95ED-E351-4C9F-BC7B-ABA2AC9C4ABF}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4967FECB-2853-485C-A655-B32C14CC1DBB}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9E6CCF13-219F-4D61-B4A1-76F48AD0C302}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8A54C6B2-136C-4A10-9EF9-4D3241BAE4F9}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A7744C23-6663-44FE-8999-D05F01EBA8F7}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{774D578B-1E21-49BE-8362-6E8EAB15DADD}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D728FB61-6BC9-40E2-BBE3-448E197C45AE}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2A39EACF-2566-42A6-B1FA-7D3C45DC4E61}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0F1E9690-94B8-4D0C-9DBA-784BCC213D22}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{93B5280B-3748-4EED-96E1-C22D3048A9B1}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{845BA505-F8B6-46D4-B289-97ED82D06AC7}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E16E71B6-E46F-47C5-9868-62EB6D67D0F7}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0CCDA807-DA90-4228-B941-CBAF87639877}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B102AB5A-F4E1-4B53-9080-22A20C40AE2B}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CEAF1557-9EA7-49D5-B58A-9F4D82FF5810}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E6DEB691-4C19-4A1A-B723-A00D5A5F067A}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4F3249C6-DDB6-4710-858D-73B6AE39D540}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CFED0DA5-F5BD-4008-8820-331086729625}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A456DE7A-CB10-4EAE-8D41-A9A0380700E7}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{45CF864E-470D-4F34-B3EF-CBBEA02401E0}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C9C58728-F55E-4925-84AB-98F21813C7D4}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D57F3F62-8B79-43CE-9B76-84834A0B0369}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DADB47D8-6651-402D-827A-F53B7255090C}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BD691F88-89D8-45FE-BDFE-A449112CF27A}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{48D6633A-66BF-4B24-9EC7-1C6A542C75A1}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{5AAEB739-EFA2-4C75-8526-C1B5809961D3}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{6FD700A4-7D22-4EE9-93A0-860D370FE1A1}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Fast-Ethernet-Netzwerkkarte für Realtek RTL8139/810x-Familie
Description: Fast-Ethernet-Netzwerkkarte für Realtek RTL8139/810x-Familie
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8023xp
Problem: : This device cannot find enough free resources that it can use. If you want to use this device, you will need to disable one of the other devices on this system. (Code12)
Resolution: Two devices have been assigned the same input/output (I/O) ports, the same interrupt, or the same Direct Memory Access channel (either by the BIOS, the operating system, or a combination of the two). This error message can also appear if the BIOS did not allocate enough resources to the device (for example, if a universal serial bus (USB) controller does not get an interrupt from the BIOS because of a corrupt Multiprocessor System (MPS) table).
You can use Device Manager to determine where the conflict is and disable the conflicting device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/02/2015 09:12:03 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225

Error: (11/01/2015 07:37:17 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225

Error: (11/01/2015 07:11:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x8007043c).

Error: (11/01/2015 07:11:42 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
.


Vorgang:
   VSS-Server wird instanziiert

Error: (11/01/2015 07:11:42 PM) (Source: VSS) (EventID: 18) (User: )
Description: Fehler bei Volumenschattenkopie-Dienst: Der COM-Server mit CLSID "{e579ab5f-1cc4-44b4-bed9-de0991ff0623}" und dem Namen "IVssCoordinatorEx2" kann nicht bei der Ausführung im abgesicherten Modus gestartet werden.
Der Volumenschattenkopie-Dienst kann nicht gestartet werden, während der abgesicherte Modus ausgeführt wird. [0x8007043c, Der Dienst kann nicht im abgesicherten Modus gestartet werden.
]


Vorgang:
   VSS-Server wird instanziiert

Error: (10/31/2015 06:34:11 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225

Error: (10/31/2015 12:16:09 AM) (Source: MsiInstaller) (EventID: 10005) (User: Onpoint-PC)
Description: Produkt: Microsoft Fix it 50573 -- Dieses Microsoft-Fix it ist nicht für Ihr Betriebssystem oder Ihre Version der Anwendung vorgesehen.

Error: (10/30/2015 10:25:08 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225

Error: (10/30/2015 10:19:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbar.exe, Version: 1.9.3.1001, Zeitstempel: 0x55ca7a8b
Name des fehlerhaften Moduls: COMCTL32.dll, Version: 5.82.7601.17514, Zeitstempel: 0x4ce7b82c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000e599
ID des fehlerhaften Prozesses: 0x16ac
Startzeit der fehlerhaften Anwendung: 0xmbar.exe0
Pfad der fehlerhaften Anwendung: mbar.exe1
Pfad des fehlerhaften Moduls: mbar.exe2
Berichtskennung: mbar.exe3

Error: (10/29/2015 08:21:31 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225


Systemfehler:
=============
Error: (11/02/2015 09:35:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/02/2015 09:35:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/02/2015 09:35:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/02/2015 09:35:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/02/2015 09:35:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NIHardwareService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/02/2015 09:35:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/02/2015 09:35:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/02/2015 09:35:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "EPSON V3 Service4(04)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/02/2015 09:35:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/02/2015 09:35:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 965 Processor
Prozentuale Nutzung des RAM: 34%
Installierter physikalischer RAM: 3327.24 MB
Verfügbarer physikalischer RAM: 2170.85 MB
Summe virtueller Speicher: 9325.53 MB
Verfügbarer virtueller Speicher: 7888.01 MB

==================== Laufwerke ================================

Drive b: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive c: (Windows) (Fixed) (Total:39.43 GB) (Free:8.14 GB) NTFS
Drive d: (Downloads) (Fixed) (Total:12.69 GB) (Free:10.43 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (Games&Tools) (Fixed) (Total:61.83 GB) (Free:3.51 GB) NTFS
Drive f: (Musik&Filme) (Fixed) (Total:195.31 GB) (Free:20.61 GB) NTFS
Drive g: (Games&Tools) (Fixed) (Total:361.33 GB) (Free:214.15 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: D0A4D0A4)
Partition 1: (Active) - (Size=12.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=61.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 8B58F025)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=361.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=39.4 GB) - (Type=07 NTFS)

==================== Ende vom Addition.txt ============================
         

Geändert von Ramsi Hartma (02.11.2015 um 21:45 Uhr)

Alt 03.11.2015, 21:06   #14
schrauber
/// the machine
/// TB-Ausbilder
 

RSA 2048 Virus mit Verschlüsselungen - Standard

RSA 2048 Virus mit Verschlüsselungen



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autostart - Verknüpfung [2015-10-28] ()
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\neth.dll => Keine Datei <==== ACHTUNG
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.11.2015, 13:28   #15
Ramsi Hartma
 
RSA 2048 Virus mit Verschlüsselungen - Standard

RSA 2048 Virus mit Verschlüsselungen



Also, das FRST Log ist unten.
ESET hat mir unfassbare 19.000 Infizierungen angezeigt.
Das Problem ist, mein C:/Programme Ordner ist nicht offen. Sprich, er ist nicht zum Zugriff bereit ( Es ist ein Schloss davor ). Wenn ich Ihn freigeben will, bekomme ich den Hinweis, dass der Vorgang nicht möglich ist. Direkter Dateisuche im ESET Ordner ist demnach auch nicht möglich. So komme ich nicht an das Logfile ran.
Das Autostart Fenster öffnet sich trotzdem noch. Wie komme ich noch an das Logfile ran?

EDIT: gesuchte Datei befindet sich unter ProgrammFiles im ESET Ordner -> Muss ich aufspalten da sehr sehr lang.
Kommt im nächsten post

Ich muss das Logfile in mindestens 8 oder 9 Posts aufspalten, gibt es eine andere Variante dazu?

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x86) Version:07-11-2015
durchgeführt von Onpoint (2015-11-08 10:52:29) Run:1
Gestartet von C:\Users\Onpoint\Desktop
Geladene Profile: Onpoint (Verfügbare Profile: Onpoint & UpdatusUser)
Start-Modus: Normal

==============================================

fixlist Inhalt:
*****************
Startup: C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autostart - Verknüpfung [2015-10-28] ()
CustomCLSID: HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\neth.dll => Keine Datei <==== ACHTUNG
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
Emptytemp:
*****************

C:\Users\Onpoint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autostart - Verknüpfung => erfolgreich verschoben
"HKU\S-1-5-21-1458833429-1062236089-2201144009-1000_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}" => Schlüssel erfolgreich entfernt
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4} => erfolgreich verschoben
EmptyTemp: => 569.9 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende vom Fixlog 10:53:20 ====
         

Geändert von Ramsi Hartma (08.11.2015 um 13:43 Uhr)

Antwort

Themen zu RSA 2048 Virus mit Verschlüsselungen
aktiv, amd, auslastung, avira, beenden, beim starten, bitcoin, cpu, dateien, explorer, festgestellt, gen, guten, internet, langsam, manager, meldung, prozesse, ram, rsa 2048, schnell, secure, starten, task manager, virus, windows, windows prozesse



Ähnliche Themen: RSA 2048 Virus mit Verschlüsselungen


  1. RSA-2048, Dateien verschlüsselt, Win7
    Log-Analyse und Auswertung - 16.10.2015 (7)
  2. Dateien mit RSA 2048 Verschlüsselung
    Plagegeister aller Art und deren Bekämpfung - 18.08.2015 (3)
  3. Erpresservirus RSA-2048 Virus, Recovery_file
    Plagegeister aller Art und deren Bekämpfung - 22.06.2015 (14)
  4. Erpresservirus RSA-2048 Virus, Endung .exx
    Plagegeister aller Art und deren Bekämpfung - 27.05.2015 (5)
  5. Win XP: RSA-2048 Verschlüsselungstrojaner mit Endung exx
    Plagegeister aller Art und deren Bekämpfung - 22.05.2015 (7)
  6. Erpresservirus, Help_Restore_Files.txt - RSA-2048 key - torproject.org,
    Plagegeister aller Art und deren Bekämpfung - 09.05.2015 (14)
  7. Trojaner RSA 2048-Bit Gibt es Hoffung ?
    Plagegeister aller Art und deren Bekämpfung - 04.05.2015 (3)
  8. Bitcrypt II RSA-2048
    Plagegeister aller Art und deren Bekämpfung - 26.09.2014 (9)
  9. Verschlüsselungen Trojaner ukasch 100
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (1)
  10. Trojaner: 2048 bit pgp-rsa
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (28)
  11. 2048 bit PGP - RSA Trojaner verschlüsselung
    Plagegeister aller Art und deren Bekämpfung - 01.05.2012 (11)
  12. Windows Verschlüsselungs Trojaner 2048 Bit PGP-RSA
    Log-Analyse und Auswertung - 01.05.2012 (5)
  13. Verschluesselungstrojaner 2048 Bit PGP-RSA
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (7)
  14. Verschluesselungstrojaner 2048 Bit PGP-RSA
    Plagegeister aller Art und deren Bekämpfung - 25.04.2012 (1)
  15. Xorala / Valla.2048 VIRUS
    Plagegeister aller Art und deren Bekämpfung - 12.11.2004 (1)
  16. w32.valla.2048
    Plagegeister aller Art und deren Bekämpfung - 10.09.2003 (4)
  17. W32.Valla.2048 aka w32.xorala aka w32.Rox.A
    Plagegeister aller Art und deren Bekämpfung - 11.08.2003 (3)

Zum Thema RSA 2048 Virus mit Verschlüsselungen - Einen schönen guten Abend die Herren und Damen. Ich bin das erste mal bei euch unterwegs und habe direkt ein eher unschönes Anliegen. Gestern, beim starten des PC´s bekam ich - RSA 2048 Virus mit Verschlüsselungen...
Archiv
Du betrachtest: RSA 2048 Virus mit Verschlüsselungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.