Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Aus Email Anhang von DHL TR/Emotet.A.92 installiert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.05.2015, 11:03   #1
Floh312
 
Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Standard

Aus Email Anhang von DHL TR/Emotet.A.92 installiert



Ich habe versehentlich den Anhang (eine .zip Datei) aus der Email geöffnet (voll dumm. ich weiß) Als mir klar wurde, dass die DHL Mail gefälscht war habe ich einen System Scan mit Antivir laufen lassen und Antivir hat in dem Emailanhang den oben genannten Trojaner gefunden und ihn in Quarantäne verschoben. Das ist erst wenige Tage her und ich kann bisher nicht erkennen, dass der Trojaner aktiv geworden ist, aber das heißt ja nichts. Es handelt sich um ein Windows 7 32bit System.

Ich hab mit FRST einen Scan ausgeführt. Der FRST.txt Logfile ist:
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-05-2015
Ran by Volker Henkels (administrator) on DESKTOP on 03-05-2015 10:42:12
Running from C:\Users\Volker Henkels\Documents\Downloads
Loaded Profiles: Volker Henkels (Available profiles: Volker Henkels & Uta)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\srvany.exe
() C:\Windows\KMService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccsvchst.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FNet Co., Ltd.) C:\Program Files\XFastUsb\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Creative Technology Ltd) C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Windows\LOGI_MWX.EXE
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Jumping Bytes) C:\Program Files\PureSync\PureSyncTray.exe
() C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
() C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
(Dropbox, Inc.) C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Macrovision Europe Ltd.) C:\Users\Volker Henkels\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\ace_update.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\diagtrackrunner.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Temp\C67CE35B-983E-483D-98BA-2CFC59C1C79B\DismHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XFastUsb] => C:\Program Files\XFastUsb\XFastUsb.exe [4942336 2011-10-22] (FNet Co., Ltd.)
HKLM\...\Run: [CTSyncService] => C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Logitech Utility] => C:\Windows\Logi_MwX.Exe [19968 2003-12-17] (Logitech Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2010-10-26] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [312320 2007-06-26] (shbox.de)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11734240 2012-12-13] (Realtek Semiconductor)
HKLM\...\Run: [ZyngaGamesAgent] => C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)
HKLM\...\Run: [STCAgent] => C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-01-21] (Splashtop Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2622296 2008-04-21] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [911168 2008-04-21] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [136472 2008-04-21] (Acronis)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-05-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [ISUSPM] => -scheduler
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [PureSync] => C:\Program Files\PureSync\PureSyncTray.exe [915120 2014-08-25] (Jumping Bytes)
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [AceStream] => C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe [23984 2014-12-07] ()
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [AceWebException] => C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] ()
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk [2014-01-02]
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)
Startup: C:\Users\Uta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-06-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Volker Henkels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-03-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
BootExecute: autocheck autochk /k:C * 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2498879569-601166142-2179082399-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2498879569-601166142-2179082399-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
SearchScopes: HKU\S-1-5-21-2498879569-601166142-2179082399-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2014-12-03] (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll [2013-05-31] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\IPS\IPSBHO.DLL [2013-04-09] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-11] (Oracle Corporation)
BHO: Media Player -> {86c47305-d478-4eba-baf4-1e6c48b01195} -> C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha460\ie\MediaPlayerV1alpha460.dll No File
BHO: Video Player -> {8f2263fe-d363-40e0-9538-52bd78d36ed8} -> C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ie\VideoPlayerV3beta821.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-11] (Oracle Corporation)
BHO: Media Watch -> {e5978446-df5c-4ffe-b126-cc9f04d8bcbb} -> C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ie\MediaWatchV1home3705.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll [2013-05-31] (Symantec Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-05-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2498879569-601166142-2179082399-1000: @acestream.net/acestreamplugin,version=3.0.2 -> C:\Users\Volker Henkels\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-07] (Innovative Digital Technologies)
FF Extension: AS Magic Player - C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\Extensions\magicplayer@acestream.org [2015-03-01]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2015-01-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-15]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn [2013-09-02]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn [2013-05-07]
FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta821.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha460.net] - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha460\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home3705.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ff
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-01-15]

Chrome: 
=======
CHR Profile: C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-12]
CHR Extension: (Google Drive) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-12]
CHR Extension: (YouTube) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-12]
CHR Extension: (Google Search) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-12]
CHR Extension: (BetaFish Adblocker) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-27]
CHR Extension: (Bookmark Manager) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (No Name) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-10-25]
CHR Extension: (Google Wallet) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-12]
CHR Extension: (Gmail) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-12]
CHR HKLM\...\Chrome\Extension: [ggkcbejnocbilhflhkfinpglppngccom] - C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ch\MediaWatchV1home3705.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jkfdofagjlgcljcjibmembhbjnpbalip] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ch\VideoPlayerV3beta821.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\Exts\Chrome.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [431384 2008-04-21] (Acronis)
R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-05-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-05-01] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-10-22] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-10-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-10-22] (Creative Labs) [File not signed]
R2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498952 2008-04-21] ()
R2 WCUService_STC_IE; C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [497480 2011-03-22] (Splashtop Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci32; C:\Windows\System32\DRIVERS\asahci32.sys [32352 2011-03-23] (Asmedia Technology)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [95720 2010-12-29] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [293352 2010-12-29] (ASMedia Technology Inc)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [13832 2010-06-11] (Windows (R) Win 7 DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-04-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-04-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-14] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2012-03-03] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-04-28] (Avira Operations GmbH & Co. KG)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R2 DLPortIO; C:\Windows\system32\DRIVERS\DLPortIO.SYS [3584 1999-01-10] () [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-27] (Symantec Corporation)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29248 2011-10-22] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2011-10-22] (FNet Co., Ltd.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130830.001\IDSvix86.sys [392792 2013-08-21] (Symantec Corporation)
S3 L8042pr2; C:\Windows\System32\DRIVERS\L8042pr2.Sys [51729 2003-12-17] (Logitech, Inc.)
S3 Ltn_hyd7700pc; C:\Windows\System32\Drivers\Ltn_hyd7700pc.sys [374144 2007-05-18] (Liteon)
S3 Ltn_rc; C:\Windows\System32\Drivers\Ltn_rc.sys [11520 2006-12-27] (Liteon)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130901.019\NAVENG.SYS [93272 2013-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130901.019\NAVEX15.SYS [1612376 2013-08-29] (Symantec Corporation)
S3 npf; C:\Windows\System32\drivers\npf.sys [34064 2009-02-08] (CACE Technologies)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2011-11-30] (Sonic Solutions) [File not signed]
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2010-11-16] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2010-11-16] (RapidSolution Software AG)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [629760 2010-08-10] (Realtek Semiconductor Corporation )
R2 ScopeItPort; C:\SCOPE-IT\ScopeIt.sys [5231 2012-03-28] () [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2010-11-16] (RapidSolution Software AG)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2013-05-07] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2013-05-07] (Acronis)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 10:41 - 2015-05-03 10:42 - 00000000 ____D () C:\FRST
2015-04-28 19:50 - 2015-04-28 19:51 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\{C3DB041C-1E63-4A95-ABED-B741677EE872}
2015-04-28 15:47 - 2015-04-28 15:47 - 00001138 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-28 15:41 - 2015-04-28 15:41 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\{AE544530-74CF-41C2-9CE6-4BA80E6B3A40}
2015-04-28 15:40 - 2015-05-01 18:00 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\Avira
2015-04-28 15:39 - 2015-05-01 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-28 15:39 - 2015-05-01 17:59 - 00000000 ____D () C:\ProgramData\Avira
2015-04-28 15:39 - 2015-04-28 15:46 - 00000000 ____D () C:\Program Files\Avira
2015-04-28 15:39 - 2015-04-28 15:41 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-28 15:39 - 2015-04-28 15:41 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-28 15:39 - 2015-04-28 15:41 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-28 15:39 - 2014-02-14 11:00 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-28 15:39 - 2014-02-14 11:00 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-04-27 11:26 - 2015-04-27 11:26 - 00000000 ____D () C:\Users\Uta\AppData\Local\{BFD7934C-2205-4CAC-9226-B1B1F6DF58FD}
2015-04-26 08:06 - 2015-04-26 08:07 - 00000000 ____D () C:\Users\Uta\AppData\Local\{E9D9B646-E08B-41F7-BC93-585011053EBC}
2015-04-20 14:02 - 2015-04-20 14:02 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\{BB557B0C-47D7-4BFC-B874-C5E70A9B36CB}
2015-04-19 18:19 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-19 18:19 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-18 20:57 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-18 20:57 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-18 20:57 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-18 20:57 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-18 20:57 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-18 20:57 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-18 20:57 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-18 20:57 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-18 20:57 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-18 20:57 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-18 20:57 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-18 20:57 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-18 20:57 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-18 20:57 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-18 20:57 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-18 20:57 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-18 20:57 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-18 20:57 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-18 20:57 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-18 20:57 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-18 20:57 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-18 20:57 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-18 20:57 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-18 20:57 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-18 20:57 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-18 20:57 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-18 20:57 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-18 20:57 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-18 20:57 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-18 20:57 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-18 20:57 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-18 20:57 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-18 20:57 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-18 20:57 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-18 20:57 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-18 20:57 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-18 20:57 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-18 20:57 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-18 20:57 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-18 20:57 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-18 20:57 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-18 20:57 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-18 20:57 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-18 20:57 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-18 20:57 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-18 20:57 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-18 20:56 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-18 20:56 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-18 20:56 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-13 10:56 - 2015-04-13 10:57 - 00000000 ____D () C:\Users\Uta\AppData\Local\{0FE4FDFF-C807-4FB4-B922-0E48C4512D86}
2015-04-04 16:01 - 2015-04-04 16:01 - 00000000 ___SD () C:\Windows\system32\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 10:30 - 2014-03-16 10:25 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\Dropbox
2015-05-03 10:30 - 2011-10-19 14:36 - 01740154 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 10:29 - 2014-02-12 19:10 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-03 10:29 - 2012-10-05 12:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 13:49 - 2014-02-12 19:10 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 10:49 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 10:49 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 10:37 - 2014-03-16 10:29 - 00000000 ___RD () C:\Users\Volker Henkels\Dropbox
2015-05-02 10:35 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 10:34 - 2013-05-07 16:27 - 00073261 _____ () C:\Windows\setupact.log
2015-05-01 21:04 - 2014-03-22 14:42 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\KeePass
2015-05-01 20:05 - 2014-07-20 13:13 - 00017182 _____ () C:\Users\Volker Henkels\Passwort Datenbank.kdbx
2015-05-01 20:05 - 2011-10-19 14:38 - 00000000 ____D () C:\Users\Volker Henkels
2015-05-01 18:50 - 2014-02-12 19:13 - 00002166 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-01 18:36 - 2011-11-28 15:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-01 17:52 - 2013-05-07 21:05 - 00189186 _____ () C:\Windows\PFRO.log
2015-04-28 19:54 - 2011-10-20 11:00 - 00001861 _____ () C:\Windows\Alltag.ini
2015-04-28 19:45 - 2014-09-08 17:10 - 00000000 ____D () C:\Program Files\Free Easy CD DVD Burner
2015-04-28 16:34 - 2011-10-20 11:01 - 00000086 _____ () C:\Windows\Kontext.ini
2015-04-28 15:47 - 2015-02-03 14:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-28 15:35 - 2013-06-09 19:04 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\CrashDumps
2015-04-27 14:52 - 2014-06-22 13:05 - 00000000 ____D () C:\Users\Uta\AppData\Roaming\Dropbox
2015-04-25 11:08 - 2014-03-16 10:28 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-23 12:13 - 2011-10-20 10:27 - 00000000 ____D () C:\Users\Volker Henkels\Documents\Steuerfälle
2015-04-22 16:13 - 2011-12-19 11:34 - 00000000 ____D () C:\Users\Volker Henkels\Documents\Stabliste
2015-04-21 13:04 - 2014-08-15 13:25 - 00002220 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2015-04-20 13:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-19 18:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-19 18:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-19 18:09 - 2014-12-12 12:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-19 18:09 - 2014-05-08 20:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-19 18:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-19 03:22 - 2011-10-19 15:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-19 03:20 - 2011-10-19 14:37 - 01602556 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 03:16 - 2009-07-14 04:04 - 00000478 _____ () C:\Windows\win.ini
2015-04-18 22:22 - 2012-03-31 17:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-18 22:22 - 2011-10-25 09:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-08 13:23 - 2014-11-05 18:57 - 00002220 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-04-07 10:07 - 2011-10-20 10:17 - 00000000 ____D () C:\Users\Volker Henkels\Documents\Arbeitsamt

==================== Files in the root of some directories =======

2011-12-02 14:30 - 2015-01-28 00:08 - 0000649 _____ () C:\Users\Volker Henkels\AppData\Roaming\burnaware.ini
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Volker Henkels\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Volker Henkels\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Volker Henkels\AppData\Local\CDRip.dll
2013-05-13 14:41 - 2015-02-03 14:04 - 0006144 _____ () C:\Users\Volker Henkels\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-19 18:23 - 2011-10-19 18:23 - 0000749 _____ () C:\Users\Volker Henkels\AppData\Local\error.log
2007-08-13 18:46 - 2007-08-13 18:46 - 0155136 _____ () C:\Users\Volker Henkels\AppData\Local\lame_enc.dll
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Volker Henkels\AppData\Local\No23 Recorder.exe
2005-08-23 23:34 - 2005-08-23 23:34 - 0029184 _____ () C:\Users\Volker Henkels\AppData\Local\no23xwrapper.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0015872 _____ () C:\Users\Volker Henkels\AppData\Local\ogg.dll
2011-10-19 18:23 - 2011-10-19 18:23 - 0001955 _____ () C:\Users\Volker Henkels\AppData\Local\process.log
2013-01-30 20:11 - 2013-01-30 20:11 - 0001506 _____ () C:\Users\Volker Henkels\AppData\Local\RecConfig.xml
2012-03-08 20:24 - 2012-03-08 20:24 - 0000017 _____ () C:\Users\Volker Henkels\AppData\Local\resmon.resmoncfg
2006-10-26 02:06 - 2006-10-26 02:06 - 0143872 _____ () C:\Users\Volker Henkels\AppData\Local\vorbis.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0064000 _____ () C:\Users\Volker Henkels\AppData\Local\vorbisenc.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0019456 _____ () C:\Users\Volker Henkels\AppData\Local\vorbisfile.dll

Files to move or delete:
====================
C:\Users\Volker Henkels\adw24cleaner.exe


Some content of TEMP:
====================
C:\Users\Uta\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphpp_8f.dll
C:\Users\Uta\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Volker Henkels\AppData\Local\Temp\avgnt.exe
C:\Users\Volker Henkels\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbq30gl.dll
C:\Users\Volker Henkels\AppData\Local\Temp\ose00000.exe
C:\Users\Volker Henkels\AppData\Local\Temp\Uni000.exe
C:\Users\Volker Henkels\AppData\Local\Temp\Updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 13:28

==================== End Of Log ============================
         
--- --- ---

--- --- ---
Der ADDITION.txt Logfile ist:FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-05-2015
Ran by Volker Henkels at 2015-05-03 10:43:39
Running from C:\Users\Volker Henkels\Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2498879569-601166142-2179082399-500 - Administrator - Disabled)
Gast (S-1-5-21-2498879569-601166142-2179082399-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2498879569-601166142-2179082399-1005 - Limited - Enabled)
Uta (S-1-5-21-2498879569-601166142-2179082399-1003 - Limited - Enabled) => C:\Users\Uta
Volker Henkels (S-1-5-21-2498879569-601166142-2179082399-1000 - Administrator - Enabled) => C:\Users\Volker Henkels

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security CBE (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security CBE (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security CBE (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Ace Stream Media 3.0.2 (HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\AceStream) (Version: 3.0.2 - Ace Stream Media) <==== ATTENTION!
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acronis*True*Image*Home (HKLM\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8105 - Acronis)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Alltags-Adressen (HKLM\...\Adressen_is1) (Version: - Heiko Prueß / Alltags-Programme)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.7.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.2.2.000 - Asmedia Technology)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)
ASRock eXtreme Tuner v0.1.56 (HKLM\...\ASRock eXtreme Tuner_is1) (Version: - )
ASRock InstantBoot v1.26 (HKLM\...\ASRock InstantBoot_is1) (Version: - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-7460DN (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
BurnAware Free 5.3 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware Technologies)
calibre (HKLM\...\{C354D7E2-C1F3-45AB-A547-BF500F2E0814}) (Version: 1.45.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivxToDVD 0.5.2b (HKLM\...\VSO DivxToDVD_is1) (Version: 0.5.2b - VSO-Software SARL)
Dropbox (HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
fotokasten comfort 5.3 (HKLM\...\fotokasten comfort_is1) (Version: - )
Free Easy Burner V 5.1 (HKLM\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
FreePDF XP (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
GIMP 2.6.12 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
iExplorer 2.2.1.3 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant, LLC)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
JPEG-EXIF_autorotate (HKLM\...\JPEG-EXIF_autorotate) (Version: - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.25 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)
K-Lite Codec Pack 5.2.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 5.2.0 - )
Leawo Video Converter 2012 Version 4.1.0.0 (HKLM\...\{E0A8AB05-5217-4D9E-AE90-2BA8B9FB8496}_is1) (Version: 4.1.0.0 - Leawo Software)
Logitech MouseWare 9.79.1 (HKLM\...\{5809E7CF-4DCF-11D4-9875-00105ACE7734}) (Version: - )
MAGIX Foto Designer 7 (HKLM\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\MX.{0860A3E3-E2BA-485C-8D98-1144A494D167}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 (32-Bit-Version) (HKLM\...\MX.{7571AD6B-E8C3-462E-92B4-020A2CF69B90}) (Version: 14.0.1.21 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 (32-Bit-Version) (Version: 14.0.1.21 - MAGIX Software GmbH) Hidden
Media Player (HKLM\...\MediaPlayerV1alpha460) (Version: 1.1 - Media Player) <==== ATTENTION
Mediaport (HKLM\...\Mediaport) (Version: - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Encarta Enzyklopädie 2000 (HKLM\...\Encarta Encyclopedia 2000 D) (Version: - )
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NetObjects Fusion 10.0 (HKLM\...\{6BCC67CF-BABD-4456-B95C-E6431C8FBC18}) (Version: 10.0 German - )
NetObjects Fusion 10.0 (HKLM\...\{EB280D0C-E8F7-4EA6-907B-4CD72122E904}) (Version: 10.0 German - )
No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
Norton Internet Security CBE (HKLM\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Overlook Fing (HKLM\...\Overlook Fing 1.4) (Version: 1.4 - Overlook)
PaperPort 8.0 SE (HKLM\...\{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}) (Version: 1.0.0.0000 - ScanSoft, Inc.)
Passbild-Generator v4.0a (HKLM\...\Passbild-Generator_is1) (Version: - Passbild-Generator)
PC Inspector smart recovery (HKLM\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
PixiePack Codec Pack (HKLM\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
PureSync (Version: 3.8.1 - Jumping Bytes) Hidden
PureSync 3.8.1 (HKLM\...\PureSync) (Version: 3.8.1 - Jumping Bytes)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Schachtrainer (HKLM\...\Schachtrainer_is1) (Version: - Tivola Development GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version: - )
Sound Blaster X-Fi MB (HKLM\...\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}) (Version: 1.0 - Creative Technology Limited)
Splashtop Connect IE (HKLM\...\{F9F5EF72-18CF-4DCF-A721-EC86B94DAC46}) (Version: 1.1.12.1 - Splashtop Inc.)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.13.97 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.32.155 - Akademische Arbeitsgemeinschaft)
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version: - )
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunebite (HKLM\...\{DDED1469-A08D-4043-9661-7FF914BD8F99}) (Version: 7.2.13700.0 - RapidSolution Software AG)
Video DVD Maker v3.30.0.75 (HKLM\...\{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}) (Version: - )
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VR-NetWorld (HKLM\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version: - )
WaveAgent (HKLM\...\InstallShield_{053C7D32-3566-452B-9A37-D42B4F4C5379}) (Version: 1.20 - Sound Devices LLC)
WaveAgent (Version: 1.20 - Sound Devices LLC) Hidden
WBFS Manager 4.0 (HKLM\...\{825E9A84-1E03-4526-9F8E-45015C938A7C}) (Version: 4.0 - WBFS)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
winpcap-overlook 4.02 (HKLM\...\winpcap-overlook) (Version: - )
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
XFastUsb (HKLM\...\XFastUsb) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\VOLKER~1\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{9000834c-c6c7-43ac-b8ee-dc9668f39a81}\localserver32 -> C:\Users\VOLKER~1\AppData\Local\Temp\{91814ec0-b5f0-11d2-80b9-00104b1f6cea}\IDriver.NonElevated.exe (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FCA4127-6BEC-4515-A7ED-28FA9EC00057} - System32\Tasks\{794DB57D-7EB9-4BA0-A3C7-7EBE3D028F00} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {131B0445-BC6F-4F53-89A5-ECE9C0788863} - System32\Tasks\{6180D768-68E5-4B2C-BC04-3DADEB1A14CF} => E:\Setup.EXE
Task: {18511FD6-6A77-4351-B0D0-9C2C8AC88BD0} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe
Task: {289D24C2-79EB-41D2-86B3-5F6EA8D4353E} - System32\Tasks\{91AC768C-5270-4F3C-BCDE-8F60AB0134B4} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {34BA2C71-F71B-46CF-B102-0BAF3B01F302} - System32\Tasks\{EFA2BC6B-098A-4F69-B8EF-EF7449585CEF} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {42E35F47-810C-49A7-A66F-76431EE90E5C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18] (Adobe Systems Incorporated)
Task: {4415D302-A36C-4D4A-94AF-0941DE55A4B0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {4A8EBBBF-76D7-44D7-B968-BB19D9DF4DA5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4DE13AC1-7A5E-48F4-95EF-DC8D12BF3434} - System32\Tasks\{5AEADBF5-2266-4CB2-902F-EAC4ECA10BA0} => E:\Setup.EXE
Task: {51786A54-D505-400B-914B-EE751D94E89F} - System32\Tasks\{D7B08E1E-9FF0-4729-AC7B-3C277597F92C} => C:\Users\Volker Henkels\Documents\Downloads\Torpark\Torpark.exe
Task: {51907D83-A567-478B-B71A-2FCB53F8797D} - System32\Tasks\{EABA05C3-2F74-4BB5-99F7-072C20501280} => pcalua.exe -a E:\paperport\PP12Installer.exe -d E:\paperport
Task: {63023C49-3575-4105-85A5-A7DFBE1FC3DC} - System32\Tasks\{18C65823-8B94-4B01-9F15-CE2A1DDA68F7} => pcalua.exe -a "C:\Program Files\Microsoft Encarta\Encarta Enzyklopädie 2000\unee2000.exe" -c /uninstall
Task: {6687E89E-0EA9-4C7B-80B3-7588D16BCAEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {74FB5C52-6DA4-4ADB-916D-4597ED057F61} - System32\Tasks\{5B67CB8B-964C-4C8E-8D41-04ECF755E104} => pcalua.exe -a "C:\Users\Volker Henkels\Downloads\jxpiinstall.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {81640940-9D5D-4FA7-9B36-331EC2DC8C92} - System32\Tasks\{C5EF75EB-2831-46AD-A4DC-01370676B696} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {822638D8-6F93-490D-93D7-4D4C3DE1972E} - System32\Tasks\{DAFCD1C1-7C64-4B97-A21C-7405D7E6AE6C} => C:\Program Files\Emme\Kleiner Eisbär 2\UNWISE.EXE
Task: {8A541488-06D3-429D-A2A0-B003FCF2B597} - System32\Tasks\{8132B927-E965-487E-98DD-29905D7B89D2} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {90CDF918-1746-4F25-A79C-A9F6CCEFC876} - System32\Tasks\{ADBEB609-D22B-4CD5-99E4-F7412357DC7C} => pcalua.exe -a C:\PROGRA~1\TECHNI~1\MEDIAP~1\UNWISE.EXE -c C:\PROGRA~1\TECHNI~1\MEDIAP~1\INSTALL.LOG
Task: {9421D7AE-F5E5-4AED-9BA2-F3561670E9C3} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9B2DCD82-E459-41CE-B203-40E75D93BB5F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {A5AA510D-F9CA-48B6-A886-E83FFC87583D} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {B3420DD3-EEBA-4A85-A10F-3E13A2DC79DD} - System32\Tasks\{BD137A0E-0F87-485C-A8F9-C89BC4224A9F} => pcalua.exe -a "C:\Program Files\IncrediMail\Bin\ImSetup.exe" -c /uninstallProduct /addon:incredimail
Task: {B49F145D-3B72-4BC7-A6FA-E8818EB845C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {BFA0BDF5-B1B2-4176-8E0F-DF5002D6C903} - System32\Tasks\{CAEC5C14-DA68-494B-9656-F43CB49E0684} => C:\Users\Volker Henkels\Documents\Downloads\Torpark\Torpark.exe
Task: {C2E434F7-9077-4EAC-A430-0368EC4A3407} - System32\Tasks\{EDF60F3E-89B0-4DE1-BF0C-85462ABD839D} => msiexec.exe /package "E:\Setup\Löwenzahn 5.msi"
Task: {C61680E4-97EE-40A4-A841-A88EA1691CB7} - System32\Tasks\{8E92A3C3-8295-42C5-8836-72DD9552015B} => pcalua.exe -a "C:\Users\Volker Henkels\Documents\Downloads\VRNetWorldSW_51012.exe" -d "C:\Users\Volker Henkels\Documents\Downloads"
Task: {C81CDF8E-6421-4F24-84BD-E468FC949571} - System32\Tasks\{77D564C7-808F-4AB7-A975-D95CE6069C90} => pcalua.exe -a "C:\Users\Volker Henkels\Download\Maus\mw9791deu.exe" -d "C:\Users\Volker Henkels\Download\Maus"
Task: {DAECB3EA-C5FA-4B4F-A00C-C6925395EB1D} - System32\Tasks\{981E4BC2-CA6D-4C07-834A-C23786137ED9} => C:\Users\Volker Henkels\Documents\Downloads\torpark-2.4.1-ff3.exe
Task: {DBDF02DB-5EF7-4BA4-B2EE-567E629571E8} - System32\Tasks\{14A5D1A3-3B6D-40FD-B989-C55CBD9CC488} => C:\Users\Volker Henkels\Documents\Downloads\torpark-2.4.1-ff3.exe
Task: {E4297023-2DAB-4DD9-BD10-534216F1718B} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {E8B4FED2-D186-4C9F-BE0E-07BDB3E8FA65} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {F8B6E8F8-4D0E-41F9-88A6-5968D7843E96} - System32\Tasks\{2CCE7FD9-AB71-4537-B279-25FE075D821F} => pcalua.exe -a E:\EE\SETUP.EXE -d E:\EE
Task: {FBBD6DDF-74A3-4123-A987-14C93C0FD596} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FE781653-1136-40F3-848A-71AB4B3A5F07} - System32\Tasks\{BEB0EF88-0D0B-4128-B0A5-C8FF2E0C65C2} => pcalua.exe -a "C:\Users\Volker Henkels\Documents\Downloads\pci_de_smartrecovery45.exe" -d "C:\Program Files\Mozilla Firefox"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-12-02 11:33 - 2001-10-28 18:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-10-20 10:56 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2006-09-14 08:56 - 2006-09-14 08:56 - 00102400 _____ () C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-04 09:29 - 2003-04-18 19:06 - 00008192 _____ () C:\Windows\system32\srvany.exe
2014-06-04 09:29 - 2010-04-10 09:03 - 00077824 _____ () C:\Windows\KMService.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-11-13 15:10 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2008-04-21 23:27 - 2008-04-21 23:27 - 00498952 _____ () C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-05-02 10:36 - 2015-05-02 10:36 - 00697884 _____ () C:\Users\Volker Henkels\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.1065\~df394b.tmp
2015-05-02 10:36 - 2015-05-02 10:36 - 00592896 _____ () C:\Users\Volker Henkels\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.1065\~de6248.tmp
2011-10-22 12:04 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2011-10-22 12:04 - 2009-04-20 11:55 - 00148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2008-04-21 22:43 - 2008-04-21 22:43 - 01336600 _____ () C:\Program Files\Acronis\TrueImageHome\fox.dll
2014-10-13 11:44 - 2014-12-07 13:33 - 00023984 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
2014-10-13 11:44 - 2015-03-30 09:42 - 00268800 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2013-11-27 17:50 - 2013-11-27 17:50 - 00018944 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2015-01-19 17:42 - 2015-02-17 15:59 - 02386432 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd
2014-10-13 11:42 - 2015-03-30 09:42 - 02029056 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00106496 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\select.pyd
2014-01-23 13:37 - 2014-01-23 13:37 - 00036352 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2013-12-21 15:20 - 2013-12-21 15:20 - 00053248 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2013-12-21 15:20 - 2013-12-21 15:20 - 00040448 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2011-02-13 17:02 - 2011-02-13 17:02 - 00031232 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2014-10-13 11:57 - 2015-03-30 09:42 - 03035648 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-07 18:36 - 2012-02-07 18:36 - 00111616 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-07 18:36 - 2012-02-07 18:36 - 00024064 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2010-10-11 00:23 - 2010-10-11 00:23 - 00723968 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-29 18:20 - 2013-01-29 18:20 - 00082944 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-07-15 21:37 - 2011-07-15 21:37 - 00981504 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00746496 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00670720 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00966144 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00674816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00688128 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2013-12-21 15:02 - 2013-12-21 15:02 - 00061952 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2013-01-29 18:20 - 2013-01-29 18:20 - 00066048 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2015-03-01 11:17 - 2015-02-28 04:23 - 00022824 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
2015-03-01 11:17 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_socket.pyd
2015-03-01 11:17 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_ssl.pyd
2015-03-01 11:17 - 2014-01-23 14:37 - 00036352 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_psutil_mswindows.pyd
2015-03-01 11:17 - 2012-02-07 19:37 - 00098816 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\win32api.pyd
2015-03-01 11:17 - 2012-02-07 19:35 - 00110080 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\pywintypes27.dll
2015-03-01 11:17 - 2012-02-07 19:38 - 00358912 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\pythoncom27.dll
2015-03-01 11:17 - 2012-02-07 19:42 - 00266240 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\win32com.shell.shell.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_hashlib.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00106496 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_ctypes.pyd
2015-03-01 11:17 - 2010-10-11 00:23 - 00723968 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\apsw.pyd
2015-03-01 11:17 - 2011-01-19 00:56 - 00334336 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\select.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\pyexpat.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00688128 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\unicodedata.pyd
2015-05-02 10:36 - 2015-05-02 10:36 - 00043008 _____ () c:\Users\Volker Henkels\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbq30gl.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-01 18:37 - 2014-10-01 18:37 - 00022824 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\ace_update.exe
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-15 21:37 - 2011-07-15 21:37 - 00981504 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00746496 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00670720 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00966144 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00674816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-07 18:36 - 2012-02-07 18:36 - 00111616 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-07 18:36 - 2012-02-07 18:36 - 00024064 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
2015-05-01 18:50 - 2015-04-28 04:07 - 01252680 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-05-01 18:50 - 2015-04-28 04:07 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2498879569-601166142-2179082399-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Volker Henkels\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: IndexSearch => C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
MSCONFIG\startupreg: PaperPort PTD => C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
MSCONFIG\startupreg: PP8 SE Reminder => "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{B37FBAC1-8C0F-4168-91B8-F39952115DBE}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2F692203-1DB0-4D3B-B001-F4197354EA7D}] => (Allow) LPort=2869
FirewallRules: [{C3AA16F4-F657-431B-840D-67338D188046}] => (Allow) LPort=1900
FirewallRules: [{D6FC6651-0E7C-44B5-9591-AB5328E138B1}] => (Allow) C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{2677B019-5FAF-4218-94FD-5AD974B99E7D}] => (Allow) C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{A1790FAE-BF64-4E6B-95D2-2B1F6B3D9ECE}] => (Allow) LPort=54925
FirewallRules: [{54F3DB20-4D53-4A49-B3EF-F2524D3D7D59}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{5A5C99AC-8FB6-4D87-824E-0193BE27042A}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{9854BE86-E71A-41AF-8E33-4CBA3552D207}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{26F9458A-FB63-4507-89BD-9A17235A5279}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{F0C0E574-8614-4289-8F83-987C96BD5D34}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{ABEE847B-4764-4802-94EF-4A20880DFE7F}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{5974B080-77EC-461C-9A28-D71C28373024}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CC034879-5FB8-4C61-A8CC-C2A1529C5A59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8D86D336-FBED-447F-B1C0-26032749444B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{447F0785-5634-4EFC-85F1-484B39FA1710}] => (Allow) C:\Program Files\Microsoft Office\Office14\outlook.exe
FirewallRules: [{8E97D5B6-2B3A-43B3-B8F8-E036D0B48DDC}] => (Allow) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{6422E443-A10A-4BE2-A818-356978AB0DAA}] => (Allow) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{19A36E4D-E61A-413A-A3F8-2BAEF6CD642B}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E6FDE045-88E8-4474-ACB9-5CCCA8D0D3B3}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6F5E31D1-BFCD-4E87-8887-8C4A33E3E314}] => (Allow) C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BDD3FCEE-C823-4A50-88E2-3FBA7BCB1EF4}] => (Allow) C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7675CFF5-2E9E-4EFA-BA6C-06C0F863A867}C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1ECDA62E-ABD3-45BD-BA05-6511837BCCB0}C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{D3A78000-8D4A-412F-8B0D-126975DFC77E}C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F19E5006-6BC2-4255-9223-5E3A88D26C02}C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{F3C2C1AA-99B4-4142-BF01-D0EEA4F36B6A}C:\program files\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [UDP Query User{DA7C87AA-40D6-4370-A2BD-743F9A22C0C3}C:\program files\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [{2E511D02-9252-473B-AF20-85B473A191C5}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{0B4FAA86-1D43-4FB3-8897-4A883287B2A5}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{C476E187-F630-4614-A471-B6053D14D323}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9E09D535-E1C7-44B9-8451-134E55CDEE3C}C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{8BBF613D-AAC1-4074-B1EB-65742D4AC391}C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{1A445D69-5C90-4D1B-9D88-870FFB289B15}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{20813C83-76AB-4994-994D-FEFCC96F5B83}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CEE3DBEA-465C-4E83-9C96-F4283D174415}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: BHDrvx86
Description: BHDrvx86
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BHDrvx86
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Norton Internet Security CBE Settings Manager
Description: Norton Internet Security CBE Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ccSet_NIS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2015 10:50:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80080005, Starten des Servers fehlgeschlagen
.


Vorgang:
VSS-Server wird instanziiert

Error: (05/03/2015 10:50:21 AM) (Source: VSS) (EventID: 11) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden.
Höchst wahrscheinlich ist die CPU stark ausgelastet. [0x80080005, Starten des Servers fehlgeschlagen
]


Vorgang:
VSS-Server wird instanziiert

Error: (05/03/2015 10:29:18 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/05/03 10:29:18.783]: [00002772]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.27]

Error: (05/03/2015 10:29:09 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/05/03 10:29:09.718]: [00002772]: GetDeviceIpAddress: GetAddressByName [BRN001BA97A22D7] Error

Error: (05/02/2015 02:22:24 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101).

Error: (05/02/2015 02:22:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x81000101).

Error: (05/02/2015 00:58:44 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/05/02 12:58:44.294]: [00002772]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.27]

Error: (04/28/2015 06:53:23 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101).

Error: (04/28/2015 06:53:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x81000101).

Error: (04/28/2015 05:31:26 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/04/28 17:31:26.236]: [00002080]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.27]


System errors:
=============
Error: (05/03/2015 10:44:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (05/02/2015 10:41:06 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (05/02/2015 10:36:31 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/02/2015 10:35:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
BHDrvx86
ccSet_NIS
SymIRON

Error: (05/02/2015 10:35:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (05/01/2015 08:55:13 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/01/2015 08:54:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
BHDrvx86
ccSet_NIS
SymIRON

Error: (05/01/2015 06:36:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (05/01/2015 06:34:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/01/2015 06:33:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
BHDrvx86
ccSet_NIS
SymIRON


Microsoft Office Sessions:
=========================
Error: (05/03/2015 10:50:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80080005, Starten des Servers fehlgeschlagen


Vorgang:
VSS-Server wird instanziiert

Error: (05/03/2015 10:50:21 AM) (Source: VSS) (EventID: 11) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80080005, Starten des Servers fehlgeschlagen


Vorgang:
VSS-Server wird instanziiert

Error: (05/03/2015 10:29:18 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/05/03 10:29:18.783]: [00002772]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.27]

Error: (05/03/2015 10:29:09 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/05/03 10:29:09.718]: [00002772]: GetDeviceIpAddress: GetAddressByName [BRN001BA97A22D7] Error

Error: (05/02/2015 02:22:24 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x81000101

Error: (05/02/2015 02:22:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x81000101

Error: (05/02/2015 00:58:44 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/05/02 12:58:44.294]: [00002772]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.27]

Error: (04/28/2015 06:53:23 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x81000101

Error: (04/28/2015 06:53:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x81000101

Error: (04/28/2015 05:31:26 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/04/28 17:31:26.236]: [00002080]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.178.27]


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 65%
Total physical RAM: 3050.68 MB
Available physical RAM: 1049.46 MB
Total Pagefile: 6097.59 MB
Available Pagefile: 3153.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.87 GB) (Free:94.76 GB) NTFS
Drive d: () (Fixed) (Total:172.79 GB) (Free:22.25 GB) NTFS
Drive g: () (Removable) (Total:1.84 GB) (Free:0.98 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F961277B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=172.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
--- --- ---
Dies ist das erste Mal, dass ich mit einem ernsthaften Virusverdacht konfrontiert bin. Bin entsprechend unerfahren und für jede Hilfe dankbar.

Nachdem ich die Anleitung für Neulinge gelesen habe, reiche ich denDefogger Log nach:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:07 on 03/05/2015 (Volker Henkels)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Der GMER Scan ist nicht durchgelaufen. Nach einer Weile bekam ich die Fehlermeldung "kein Datenträger in Laufwerk\Device\Harddisk4\DR4. Egal ob wiederholen, weiter oder abbrechen - der Scan ließ sich nicht fortsetzen. Das bis dahin erstellte Logfile lautet:

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-03 11:34:52
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST500DM002-1BC142 rev.JC4B 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\VOLKER~1\AppData\Local\Temp\fxldapoc.sys


---- System - GMER 2.1 ----

SSDT 86F3F598 ZwAlpcConnectPort
SSDT 90FDB27E ZwCreateSection
SSDT 90FDB256 ZwCreateSymbolicLinkObject
SSDT 90FDB25B ZwLoadDriver
SSDT 90FDB251 ZwOpenSection
SSDT 90FDB288 ZwRequestWaitReplyPort
SSDT 90FDB283 ZwSetContextThread
SSDT 90FDB28D ZwSetSecurityObject
SSDT 90FDB260 ZwSetSystemInformation
SSDT 90FDB292 ZwSystemDebugControl
SSDT 90FDB21F ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text ntoskrnl.exe!ZwRequestWaitReplyPort + 14B9 83441A15 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 83461C62 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 13C7 8346910C 4 Bytes [98, F5, F3, 86]
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 83469204 4 Bytes [7E, B2, FD, 90] {JLE 0xffffffb4; STD ; NOP }
.text ntoskrnl.exe!KeRemoveQueueEx + 14C7 8346920C 4 Bytes [56, B2, FD, 90] {PUSH ESI; MOV DL, 0xfd; NOP }
.text ntoskrnl.exe!KeRemoveQueueEx + 15DB 83469320 4 Bytes [5B, B2, FD, 90] {POP EBX; MOV DL, 0xfd; NOP }
.text ntoskrnl.exe!KeRemoveQueueEx + 1677 834693BC 4 Bytes [51, B2, FD, 90] {PUSH ECX; MOV DL, 0xfd; NOP }
.text ...

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 tdrpman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 tdrpman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 tdrpman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 timntr.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@927182FC 3325

Geändert von Floh312 (03.05.2015 um 11:50 Uhr) Grund: Ergänzung nach Erste Hilfe Lektüre

Alt 03.05.2015, 11:18   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Standard

Aus Email Anhang von DHL TR/Emotet.A.92 installiert



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 03.05.2015, 11:55   #3
Floh312
 
Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Standard

Das ging schnell..



Hallo,

jetzt sehe ich deine schnelle Antwort. erstmal Danke. Hab die ergänzenden Logs wieder nur reinkopiert. Sorry. Werde mich bessern. Jetzt erstmal befolge ich deine Ratschläge. Bis später.
__________________

Alt 03.05.2015, 17:51   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Standard

Aus Email Anhang von DHL TR/Emotet.A.92 installiert



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.05.2015, 11:37   #5
Floh312
 
Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Standard

Aus Email Anhang von DHL TR/Emotet.A.92 installiert



In Kürze: mbar hat ein Problem gefunden. Nach Neustart fand mbar kein Problem mehr. TDSSKiller hat ebenfalls ein Problem gefunden. Ich hab geskippt. Hier die Logfiles:

mbar1:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.03.02
  rootkit: v2015.04.21.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17728
Volker Henkels :: DESKTOP [administrator]

03.05.2015 12:00:48
mbar-log-2015-05-03 (12-00-48).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 432569
Time elapsed: 35 minute(s), 36 second(s)

Memory Processes Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 544 -> Delete on reboot. [dc62f49b6d1ded494c11eeb928da48b8]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot. [dc62f49b6d1ded494c11eeb928da48b8]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
mbar2:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.03.02
  rootkit: v2015.04.21.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17728
Volker Henkels :: DESKTOP [administrator]

03.05.2015 13:13:45
mbar-log-2015-05-03 (13-13-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 430973
Time elapsed: 33 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Alt 04.05.2015, 11:47   #6
Floh312
 
Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Standard

TDS Log



Der Logfile als Anhang. Vielen Dank und viele Grüße
Angehängte Dateien
Dateityp: rar TDSSKiller.3.0.0.44_04.05.2015_11.21.52_log.rar (51,1 KB, 20x aufgerufen)

Alt 05.05.2015, 08:27   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Standard

Aus Email Anhang von DHL TR/Emotet.A.92 installiert



Wie oben schon geschrieben:

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.05.2015, 08:36   #8
Floh312
 
Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Standard

Aus Email Anhang von DHL TR/Emotet.A.92 installiert



Hallo,

der TDS Log war zu groß. Ich kann ihn höchstens aufteilen. Ist dir das lieber?

VG
Floh

OK. Steht ja da. Dann also Teil 1:
Code:
ATTFilter
11:21:52.0137 0x06c8  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:22:00.0748 0x06c8  ============================================================
11:22:00.0748 0x06c8  Current date / time: 2015/05/04 11:22:00.0748
11:22:00.0748 0x06c8  SystemInfo:
11:22:00.0748 0x06c8  
11:22:00.0748 0x06c8  OS Version: 6.1.7601 ServicePack: 1.0
11:22:00.0748 0x06c8  Product type: Workstation
11:22:00.0748 0x06c8  ComputerName: DESKTOP
11:22:00.0748 0x06c8  UserName: Volker Henkels
11:22:00.0748 0x06c8  Windows directory: C:\Windows
11:22:00.0748 0x06c8  System windows directory: C:\Windows
11:22:00.0748 0x06c8  Processor architecture: Intel x86
11:22:00.0748 0x06c8  Number of processors: 4
11:22:00.0748 0x06c8  Page size: 0x1000
11:22:00.0748 0x06c8  Boot type: Normal boot
11:22:00.0748 0x06c8  ============================================================
11:22:02.0386 0x06c8  KLMD registered as C:\Windows\system32\drivers\31906142.sys
11:22:02.0698 0x06c8  System UUID: {6C4DC9DB-FC3B-7E11-CB53-728E5C27593B}
11:22:03.0088 0x06c8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:22:03.0088 0x06c8  Drive \Device\Harddisk1\DR1 - Size: 0x75E00000 ( 1.84 Gb ), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:22:03.0104 0x06c8  ============================================================
11:22:03.0104 0x06c8  \Device\Harddisk0\DR0:
11:22:03.0104 0x06c8  MBR partitions:
11:22:03.0104 0x06c8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:22:03.0104 0x06c8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x249BE000
11:22:03.0104 0x06c8  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x15995000
11:22:03.0104 0x06c8  \Device\Harddisk1\DR1:
11:22:03.0104 0x06c8  MBR partitions:
11:22:03.0104 0x06c8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3AE039
11:22:03.0104 0x06c8  ============================================================
11:22:03.0119 0x06c8  C: <-> \Device\Harddisk0\DR0\Partition2
11:22:03.0151 0x06c8  D: <-> \Device\Harddisk0\DR0\Partition3
11:22:03.0151 0x06c8  ============================================================
11:22:03.0151 0x06c8  Initialize success
11:22:03.0151 0x06c8  ============================================================
11:22:50.0629 0x1010  ============================================================
11:22:50.0629 0x1010  Scan started
11:22:50.0629 0x1010  Mode: Manual; SigCheck; TDLFS; 
11:22:50.0629 0x1010  ============================================================
11:22:50.0629 0x1010  KSN ping started
11:22:53.0063 0x1010  KSN ping finished: true
11:22:56.0604 0x1010  ================ Scan system memory ========================
11:22:56.0604 0x1010  System memory - ok
11:22:56.0604 0x1010  ================ Scan services =============================
11:22:56.0729 0x1010  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:22:56.0871 0x1010  1394ohci - ok
11:22:56.0996 0x1010  [ 7EEB488346FBFA3731276C3EE8A8FD9E, 97D2E49C2E615E38E8176F1C1551BF452CC6A00787FF90845EFF27A4E6E20B1F ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
11:22:57.0012 0x1010  AAV UpdateService - ok
11:22:57.0074 0x1010  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:22:57.0090 0x1010  ACPI - ok
11:22:57.0105 0x1010  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:22:57.0168 0x1010  AcpiPmi - ok
11:22:57.0230 0x1010  [ 849201BFB643FC6EEA0B5531B22AAA57, 91DF509467483ECA8590F44E416F24BC2C08FAF4CA0C92FE554D9B18AFF7CD37 ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
11:22:57.0261 0x1010  AcrSch2Svc - ok
11:22:57.0386 0x1010  [ 177FF6608B48638D4066726F3A3F8444, D0D7B7EAEFDF30210CE4D31E9C7AB349CEB862A452D5925E698B60204AAE8A49 ] AdobeActiveFileMonitor5.0 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
11:22:57.0402 0x1010  AdobeActiveFileMonitor5.0 - detected UnsignedFile.Multi.Generic ( 1 )
11:22:59.0866 0x1010  Detect skipped due to KSN trusted
11:22:59.0866 0x1010  AdobeActiveFileMonitor5.0 - ok
11:22:59.0976 0x1010  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:22:59.0991 0x1010  AdobeARMservice - ok
11:23:00.0085 0x1010  [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:23:00.0116 0x1010  AdobeFlashPlayerUpdateSvc - ok
11:23:00.0178 0x1010  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:23:00.0194 0x1010  adp94xx - ok
11:23:00.0210 0x1010  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:23:00.0225 0x1010  adpahci - ok
11:23:00.0241 0x1010  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:23:00.0256 0x1010  adpu320 - ok
11:23:00.0272 0x1010  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:23:00.0319 0x1010  AeLookupSvc - ok
11:23:00.0381 0x1010  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
11:23:00.0412 0x1010  AFD - ok
11:23:00.0459 0x1010  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
11:23:00.0475 0x1010  agp440 - ok
11:23:00.0506 0x1010  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
11:23:00.0522 0x1010  aic78xx - ok
11:23:00.0553 0x1010  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
11:23:00.0600 0x1010  ALG - ok
11:23:00.0631 0x1010  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:23:00.0646 0x1010  aliide - ok
11:23:00.0662 0x1010  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:23:00.0678 0x1010  amdagp - ok
11:23:00.0678 0x1010  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:23:00.0693 0x1010  amdide - ok
11:23:00.0724 0x1010  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:23:00.0787 0x1010  AmdK8 - ok
11:23:00.0802 0x1010  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:23:00.0865 0x1010  AmdPPM - ok
11:23:00.0896 0x1010  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:23:00.0912 0x1010  amdsata - ok
11:23:00.0927 0x1010  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:23:00.0943 0x1010  amdsbs - ok
11:23:00.0958 0x1010  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:23:00.0958 0x1010  amdxata - ok
11:23:01.0161 0x1010  [ 62A6B0A393591878A1E00224EA698AD7, 691B6E248D0682477543455B67E85C768A4A53A92139E153320ED4E4CED1E010 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
11:23:01.0224 0x1010  AntiVirMailService - ok
11:23:01.0317 0x1010  [ F36D18EF1E66F92094AD89D17BEF007C, A5C793B340311CB7A301B77316E1976E3CD7CA9470CE5F1062CB003BCD4C155C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:23:01.0333 0x1010  AntiVirSchedulerService - ok
11:23:01.0380 0x1010  [ F36D18EF1E66F92094AD89D17BEF007C, A5C793B340311CB7A301B77316E1976E3CD7CA9470CE5F1062CB003BCD4C155C ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:23:01.0395 0x1010  AntiVirService - ok
11:23:01.0442 0x1010  [ 5B7924A162A604B43FFBEE9384ABE77B, 1A1A836C145BAD330EDC778D4FD18CE737EB10E4B22AE8A39CDDBAAC36B0FF11 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
11:23:01.0473 0x1010  AntiVirWebService - ok
11:23:01.0520 0x1010  [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID           C:\Windows\system32\drivers\appid.sys
11:23:01.0598 0x1010  AppID - ok
11:23:01.0614 0x1010  [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:23:01.0645 0x1010  AppIDSvc - ok
11:23:01.0676 0x1010  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
11:23:01.0785 0x1010  Appinfo - ok
11:23:01.0832 0x1010  [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:23:01.0848 0x1010  Apple Mobile Device - ok
11:23:01.0879 0x1010  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
11:23:01.0941 0x1010  AppMgmt - ok
11:23:01.0972 0x1010  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:23:01.0988 0x1010  arc - ok
11:23:02.0004 0x1010  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:23:02.0019 0x1010  arcsas - ok
11:23:02.0066 0x1010  [ E39465F39AB5321FDEFB71F6DD81BF23, 47B2F8CAA7BB03A7CB01BA4DD7D338B399215B1B3C4EF4C9A53B7AFD0B5396F3 ] asahci32        C:\Windows\system32\DRIVERS\asahci32.sys
11:23:02.0128 0x1010  asahci32 - ok
11:23:02.0160 0x1010  [ C8B9BFE648F6CBFC96ADCDE84384B2DE, 6D0326B1C7FB1032057455AB2C4DF4D456F63F9DCD74AB32F3FBF1ABA6662103 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
11:23:02.0238 0x1010  asmthub3 - ok
11:23:02.0300 0x1010  [ F1332303135241B591BD02BCE65190B0, 141996C1E2D6B04098020DBC2189895C8A12E00CB306786D453D492A5B4105B9 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
11:23:02.0362 0x1010  asmtxhci - ok
11:23:02.0472 0x1010  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:23:02.0518 0x1010  aspnet_state - ok
11:23:02.0565 0x1010  [ 46658EE12F6924E832697581FDD0E659, FA850ECF832DEDF22DCA3E1777B8F65E5AAE9508BCBF77CAD4D28F3147B87D2B ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
11:23:02.0596 0x1010  AsrAppCharger - ok
11:23:02.0612 0x1010  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:23:02.0721 0x1010  AsyncMac - ok
11:23:02.0768 0x1010  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
11:23:02.0768 0x1010  atapi - ok
11:23:02.0830 0x1010  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:23:02.0893 0x1010  AudioEndpointBuilder - ok
11:23:02.0908 0x1010  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:23:02.0924 0x1010  Audiosrv - ok
11:23:02.0986 0x1010  [ AF5DA81B19AFA730F1E5246AD81D140A, 532951071F56896A3B5D47874C14D996C8620EA02F87D4BA21B083EC804FB166 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
11:23:03.0002 0x1010  avgntflt - ok
11:23:03.0018 0x1010  [ A5674637BCA212D9FE136ADFA04C9857, 95F3632EBB041C539816D285EBE1F379D46A4187379C69D4683D9F4DECBDB80C ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
11:23:03.0033 0x1010  avipbb - ok
11:23:03.0127 0x1010  [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
11:23:03.0142 0x1010  Avira.OE.ServiceHost - ok
11:23:03.0158 0x1010  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
11:23:03.0174 0x1010  avkmgr - ok
11:23:03.0220 0x1010  [ 728C4A6C722535C16D1025F51AA31E22, F6A49A0B87E9A2D39C6CC0A80CBCA514822E3B423AAB7C831FF17A753F2F4975 ] avmaudio        C:\Windows\system32\DRIVERS\avmaudio.sys
11:23:03.0283 0x1010  avmaudio - ok
11:23:03.0314 0x1010  [ 3303FB85532093FC6723632B5947E8C4, F8301069A8EAD7303CAE5B7CAE3F119747E7B7B4402178018EB5254087238A42 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
11:23:03.0330 0x1010  avnetflt - ok
11:23:03.0392 0x1010  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:23:03.0454 0x1010  AxInstSV - ok
11:23:03.0501 0x1010  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
11:23:03.0548 0x1010  b06bdrv - ok
11:23:03.0564 0x1010  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
11:23:03.0626 0x1010  b57nd60x - ok
11:23:03.0657 0x1010  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
11:23:03.0704 0x1010  BDESVC - ok
11:23:03.0720 0x1010  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:23:03.0751 0x1010  Beep - ok
11:23:03.0829 0x1010  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
11:23:03.0860 0x1010  BFE - ok
11:23:04.0078 0x1010  [ 6C6AC7CA8A034C15C52B35189BAD58EE, 5BD1F5DEA19150535350D394A406E2FC69CFE28CB2E5AF2862E450469D90D7A4 ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys
11:23:04.0094 0x1010  BHDrvx86 - ok
11:23:04.0188 0x1010  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
11:23:04.0375 0x1010  BITS - ok
11:23:04.0390 0x1010  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:23:04.0422 0x1010  blbdrive - ok
11:23:04.0500 0x1010  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:23:04.0515 0x1010  Bonjour Service - ok
11:23:04.0562 0x1010  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:23:04.0593 0x1010  bowser - ok
11:23:04.0609 0x1010  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:23:04.0671 0x1010  BrFiltLo - ok
11:23:04.0687 0x1010  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:23:04.0718 0x1010  BrFiltUp - ok
11:23:04.0765 0x1010  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
11:23:04.0827 0x1010  Browser - ok
11:23:04.0874 0x1010  [ 9F80879913DC2712FD0C4D734E3F519B, AECEB7F5B24CA5334B9FE862D939046BAA7E18626505A7887B1DA060D28D87FC ] BrSerIb         C:\Windows\system32\DRIVERS\BrSerIb.sys
11:23:04.0921 0x1010  BrSerIb - ok
11:23:04.0952 0x1010  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\system32\Drivers\Brserid.sys
11:23:05.0014 0x1010  Brserid - ok
11:23:05.0014 0x1010  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:23:05.0046 0x1010  BrSerWdm - ok
11:23:05.0061 0x1010  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:23:05.0077 0x1010  BrUsbMdm - ok
11:23:05.0092 0x1010  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\Drivers\BrUsbSer.sys
11:23:05.0124 0x1010  BrUsbSer - ok
11:23:05.0170 0x1010  [ B67512DA42C0C90BF236D5485226C1C7, 1179B7B15753A63E26301766340C66D3D9E76E30901C92775AFC490BD948E909 ] BrUsbSIb        C:\Windows\system32\DRIVERS\BrUsbSIb.sys
11:23:05.0186 0x1010  BrUsbSIb - ok
11:23:05.0264 0x1010  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2, 1EB84F4DEE3034FAFBEA2A3F84EECE036E803872DA94D54E958E9F2F09519E88 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
11:23:05.0280 0x1010  BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
11:23:07.0731 0x1010  Detect skipped due to KSN trusted
11:23:07.0731 0x1010  BrYNSvc - ok
11:23:07.0746 0x1010  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:23:07.0778 0x1010  BTHMODEM - ok
11:23:07.0809 0x1010  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
11:23:07.0840 0x1010  bthserv - ok
11:23:07.0902 0x1010  [ 3BEE52611F22C9C0023A98A4425E084F, 974FD5D89C8E06DC0C7E7ADB73E060CFCCA4910E69691F2BC9585B0ED1DCEFC2 ] ccSet_NIS       C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys
11:23:07.0918 0x1010  ccSet_NIS - ok
11:23:07.0949 0x1010  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:23:07.0980 0x1010  cdfs - ok
11:23:08.0043 0x1010  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\drivers\cdrom.sys
11:23:08.0058 0x1010  cdrom - ok
11:23:08.0121 0x1010  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:23:08.0168 0x1010  CertPropSvc - ok
11:23:08.0183 0x1010  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:23:08.0199 0x1010  circlass - ok
11:23:08.0230 0x1010  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\Windows\system32\CLFS.sys
11:23:08.0261 0x1010  CLFS - ok
11:23:08.0324 0x1010  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:23:08.0339 0x1010  clr_optimization_v2.0.50727_32 - ok
11:23:08.0386 0x1010  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:23:08.0448 0x1010  clr_optimization_v4.0.30319_32 - ok
11:23:08.0480 0x1010  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:23:08.0511 0x1010  CmBatt - ok
11:23:08.0542 0x1010  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:23:08.0558 0x1010  cmdide - ok
11:23:08.0604 0x1010  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG             C:\Windows\system32\Drivers\cng.sys
11:23:08.0636 0x1010  CNG - ok
11:23:08.0667 0x1010  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:23:08.0667 0x1010  Compbatt - ok
11:23:08.0714 0x1010  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:23:08.0745 0x1010  CompositeBus - ok
11:23:08.0745 0x1010  COMSysApp - ok
11:23:08.0760 0x1010  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:23:08.0776 0x1010  crcdisk - ok
11:23:08.0870 0x1010  [ C8BD651E13895B93ED9EC5B4F1DF42BC, D86D6BF0BA3C09B49B3A52C86A7F3B3856A27F79EDD86A8FFA469D9A5F196E8D ] Creative ALchemy AL6 Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
11:23:08.0885 0x1010  Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
11:23:11.0350 0x1010  Detect skipped due to KSN trusted
11:23:11.0350 0x1010  Creative ALchemy AL6 Licensing Service - ok
11:23:11.0366 0x1010  [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
11:23:11.0381 0x1010  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
11:23:13.0830 0x1010  Detect skipped due to KSN trusted
11:23:13.0830 0x1010  Creative Audio Engine Licensing Service - ok
11:23:13.0877 0x1010  [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:23:13.0908 0x1010  CryptSvc - ok
11:23:13.0971 0x1010  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
11:23:14.0064 0x1010  CSC - ok
11:23:14.0096 0x1010  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
11:23:14.0111 0x1010  CscService - ok
11:23:14.0220 0x1010  [ 07BA6D17E66879018B30B6C3F976EBED, 1759CE25519358A47E1B1FA02A415DB5D3F6B511AD3820D0AE8A1533B5DC83CD ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
11:23:14.0252 0x1010  CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
11:23:16.0888 0x1010  Detect skipped due to KSN trusted
11:23:16.0888 0x1010  CTAudSvcService - ok
11:23:16.0966 0x1010  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:23:17.0028 0x1010  DcomLaunch - ok
11:23:17.0044 0x1010  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
11:23:17.0075 0x1010  defragsvc - ok
11:23:17.0122 0x1010  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:23:17.0153 0x1010  DfsC - ok
11:23:17.0200 0x1010  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:23:17.0262 0x1010  Dhcp - ok
11:23:17.0278 0x1010  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
11:23:17.0325 0x1010  discache - ok
11:23:17.0387 0x1010  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:23:17.0403 0x1010  Disk - ok
11:23:17.0465 0x1010  [ 1D95D36DB805787D54EB50E45ED4AF40, F5E4DCB0CAE8A16434BBB8D801D031EFAA0C182CE70B722A1C0EAB84211DCE88 ] DLPortIO        C:\Windows\system32\DRIVERS\DLPortIO.SYS
11:23:17.0481 0x1010  DLPortIO - detected UnsignedFile.Multi.Generic ( 1 )
11:23:19.0946 0x1010  Detect skipped due to KSN trusted
11:23:19.0946 0x1010  DLPortIO - ok
11:23:19.0992 0x1010  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:23:20.0039 0x1010  Dnscache - ok
11:23:20.0102 0x1010  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:23:20.0133 0x1010  dot3svc - ok
11:23:20.0195 0x1010  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
11:23:20.0226 0x1010  DPS - ok
11:23:20.0273 0x1010  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:23:20.0320 0x1010  drmkaud - ok
11:23:20.0382 0x1010  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:23:20.0414 0x1010  DXGKrnl - ok
11:23:20.0429 0x1010  [ 22EF8965101685ADD128F03A2B03CE16, 677F7B32C7A45C26F2F0DB67FFB526E9742E4B3A8BEAEA7B814CBCA2F56D6D5A ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
11:23:20.0460 0x1010  E1G60 - ok
11:23:20.0492 0x1010  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
11:23:20.0523 0x1010  EapHost - ok
11:23:20.0648 0x1010  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
11:23:20.0757 0x1010  ebdrv - ok
11:23:20.0866 0x1010  [ E1E3804F7C59EA3E14637C2A763F65E2, DE230937450EA73819B207BA513D7C2830EC981B77B3AD2FADF2A2A828BAF412 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:23:20.0882 0x1010  eeCtrl - ok
11:23:20.0913 0x1010  [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] EFS             C:\Windows\System32\lsass.exe
11:23:20.0960 0x1010  EFS - ok
11:23:21.0038 0x1010  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:23:21.0069 0x1010  ehRecvr - ok
11:23:21.0084 0x1010  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
11:23:21.0131 0x1010  ehSched - ok
11:23:21.0147 0x1010  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:23:21.0178 0x1010  elxstor - ok
11:23:21.0194 0x1010  [ 6D84DFC3B5C5052881BF50470D0C03D1, 5609B71BED7DC906EA163949980D98AEFE9E197EC9AA571B1A3CF960D95FC329 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:23:21.0209 0x1010  EraserUtilRebootDrv - ok
11:23:21.0240 0x1010  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:23:21.0256 0x1010  ErrDev - ok
11:23:21.0287 0x1010  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
11:23:21.0334 0x1010  EventSystem - ok
11:23:21.0365 0x1010  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
11:23:21.0396 0x1010  exfat - ok
11:23:21.0490 0x1010  Fabs - ok
11:23:21.0506 0x1010  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:23:21.0552 0x1010  fastfat - ok
11:23:21.0630 0x1010  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
11:23:21.0662 0x1010  Fax - ok
11:23:21.0677 0x1010  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:23:21.0708 0x1010  fdc - ok
11:23:21.0724 0x1010  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
11:23:21.0740 0x1010  fdPHost - ok
11:23:21.0755 0x1010  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:23:21.0786 0x1010  FDResPub - ok
11:23:21.0802 0x1010  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:23:21.0818 0x1010  FileInfo - ok
11:23:21.0818 0x1010  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:23:21.0864 0x1010  Filetrace - ok
11:23:21.0974 0x1010  [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
11:23:22.0098 0x1010  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
11:23:24.0548 0x1010  Detect skipped due to KSN trusted
11:23:24.0548 0x1010  FirebirdServerMAGIXInstance - ok
11:23:24.0563 0x1010  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:23:24.0610 0x1010  flpydisk - ok
11:23:24.0641 0x1010  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:23:24.0657 0x1010  FltMgr - ok
11:23:24.0719 0x1010  [ 09CAE05275585AC404D48213D7B08396, 57A26502136386FBF2012BAEB50A8FEA0FBFD845FC6C4291BDD64707002326EC ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS
11:23:24.0719 0x1010  FNETTBOH_305 - ok
11:23:24.0750 0x1010  [ 47BDA10316324CFA540F25AB7021F0D8, 6719FEEB3ADED6F199171D2B496A29A55169BD2C7111B66EEE91383FAEA4C893 ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
11:23:24.0766 0x1010  FNETURPX - ok
11:23:24.0844 0x1010  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
11:23:24.0953 0x1010  FontCache - ok
11:23:25.0016 0x1010  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:23:25.0031 0x1010  FontCache3.0.0.0 - ok
11:23:25.0062 0x1010  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:23:25.0078 0x1010  FsDepends - ok
11:23:25.0109 0x1010  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:23:25.0125 0x1010  Fs_Rec - ok
11:23:25.0172 0x1010  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:23:25.0187 0x1010  fvevol - ok
11:23:25.0203 0x1010  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:23:25.0218 0x1010  gagp30kx - ok
11:23:25.0250 0x1010  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:23:25.0265 0x1010  GEARAspiWDM - ok
11:23:25.0328 0x1010  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:23:25.0374 0x1010  gpsvc - ok
11:23:25.0484 0x1010  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:23:25.0499 0x1010  gupdate - ok
11:23:25.0499 0x1010  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:23:25.0593 0x1010  gupdatem - ok
11:23:25.0733 0x1010  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:23:25.0780 0x1010  hcw85cir - ok
11:23:25.0842 0x1010  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:23:25.0874 0x1010  HdAudAddService - ok
11:23:25.0889 0x1010  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:23:25.0920 0x1010  HDAudBus - ok
11:23:25.0952 0x1010  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:23:25.0967 0x1010  HidBatt - ok
11:23:25.0983 0x1010  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:23:25.0998 0x1010  HidBth - ok
11:23:26.0030 0x1010  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:23:26.0045 0x1010  HidIr - ok
11:23:26.0076 0x1010  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
11:23:26.0092 0x1010  hidserv - ok
11:23:26.0123 0x1010  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:23:26.0154 0x1010  HidUsb - ok
11:23:26.0201 0x1010  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:23:26.0232 0x1010  hkmsvc - ok
11:23:26.0264 0x1010  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:23:26.0310 0x1010  HomeGroupListener - ok
11:23:26.0326 0x1010  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:23:26.0342 0x1010  HomeGroupProvider - ok
11:23:26.0388 0x1010  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:23:26.0404 0x1010  HpSAMD - ok
11:23:26.0451 0x1010  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:23:26.0513 0x1010  HTTP - ok
11:23:26.0544 0x1010  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:23:26.0560 0x1010  hwpolicy - ok
11:23:26.0591 0x1010  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:23:26.0638 0x1010  i8042prt - ok
11:23:26.0669 0x1010  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:23:26.0700 0x1010  iaStorV - ok
11:23:26.0778 0x1010  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:23:26.0778 0x1010  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
11:23:29.0230 0x1010  Detect skipped due to KSN trusted
11:23:29.0230 0x1010  IDriverT - ok
11:23:29.0292 0x1010  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:23:29.0339 0x1010  idsvc - ok
11:23:29.0432 0x1010  [ 715941AC16A273F986733BA9A2536368, 5D5995D2FE47BB11057BCE1FDF852880551443068CD59635456CF10217570EBF ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130830.001\IDSvix86.sys
11:23:29.0464 0x1010  IDSVix86 - ok
11:23:29.0495 0x1010  IEEtwCollectorService - ok
11:23:29.0947 0x1010  [ 24CCEC128BEBB148E50C6093523AD686, FE9DBB25127ED3BAC9EB2789A63D17D5F22EDCC9414E2C89B333083646625736 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
11:23:30.0337 0x1010  igfx - ok
11:23:30.0446 0x1010  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:23:30.0478 0x1010  iirsp - ok
11:23:30.0680 0x1010  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:23:30.0743 0x1010  IKEEXT - ok
11:23:30.0883 0x1010  [ BFD7663C508B6D6B20D2C15255EA7096, 6A90E80AADE2033D5D102BA3BF5180D03D836B3FDD2F1D862519FBA5DE66A009 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:23:30.0992 0x1010  IntcAzAudAddService - ok
11:23:31.0039 0x1010  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:23:31.0055 0x1010  intelide - ok
11:23:31.0086 0x1010  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:23:31.0117 0x1010  intelppm - ok
11:23:31.0133 0x1010  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:23:31.0195 0x1010  IPBusEnum - ok
11:23:31.0211 0x1010  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:23:31.0242 0x1010  IpFilterDriver - ok
11:23:31.0304 0x1010  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:23:31.0351 0x1010  iphlpsvc - ok
11:23:31.0382 0x1010  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:23:31.0398 0x1010  IPMIDRV - ok
11:23:31.0429 0x1010  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:23:31.0445 0x1010  IPNAT - ok
11:23:31.0507 0x1010  [ 4D800977F7EB0C310AF04BF5B517985A, DD4EC347D4759AC401BD08739DE012E5F1903DF2EDEBEA17CCD3C19FF1F6005E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:23:31.0538 0x1010  iPod Service - ok
11:23:31.0554 0x1010  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:23:31.0585 0x1010  IRENUM - ok
11:23:31.0632 0x1010  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:23:31.0632 0x1010  isapnp - ok
11:23:31.0679 0x1010  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:23:31.0694 0x1010  iScsiPrt - ok
11:23:31.0710 0x1010  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:23:31.0726 0x1010  kbdclass - ok
11:23:31.0741 0x1010  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:23:31.0772 0x1010  kbdhid - ok
11:23:31.0788 0x1010  [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] KeyIso          C:\Windows\system32\lsass.exe
11:23:31.0788 0x1010  KeyIso - ok
11:23:31.0850 0x1010  [ 4635935FC972C582632BF45C26BFCB0E, ABD4AFD71B3C2BD3F741BBE3CEC52C4FA63AC78D353101D2E7DC4DE2725D1CA1 ] KMService       C:\Windows\system32\srvany.exe
11:23:31.0866 0x1010  KMService - detected UnsignedFile.Multi.Generic ( 1 )
11:23:34.0315 0x1010  Detect skipped due to KSN trusted
11:23:34.0315 0x1010  KMService - ok
11:23:34.0362 0x1010  [ 746F89CE0C6569C589E6AC4D3DA82D41, 6D41311CBA8BB7C9C09C1757D7947539B67FE3EFF6299502176C673809BAEAD8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:23:34.0393 0x1010  KSecDD - ok
11:23:34.0409 0x1010  [ D800E1EAF33630A1636BB21E8256AA92, D07542A242E0D52B494BE63A6A141207D0A59CF66ABEBA9CE33877594BF7BA5D ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:23:34.0424 0x1010  KSecPkg - ok
11:23:34.0456 0x1010  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:23:34.0502 0x1010  KtmRm - ok
11:23:34.0518 0x1010  [ 1A91EAAD2D73758140B3B7B6AD736573, 5D2B355B01E4A01BEE32E219960ED701AE419581ACC2E792E36E5C53F7ED88CA ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
11:23:34.0534 0x1010  L1C - ok
11:23:34.0580 0x1010  [ 0F8B7BF7097D1E8D78F2F52A2BEA03CD, 62E92E7D1C523E6C16DA42D7E4B86B2E02665B63387484867FFDE9AC4712075A ] L8042pr2        C:\Windows\system32\DRIVERS\L8042pr2.Sys
11:23:34.0612 0x1010  L8042pr2 - ok
11:23:34.0643 0x1010  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:23:34.0690 0x1010  LanmanServer - ok
11:23:34.0705 0x1010  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:23:34.0752 0x1010  LanmanWorkstation - ok
11:23:34.0768 0x1010  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:23:34.0799 0x1010  lltdio - ok
11:23:34.0814 0x1010  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:23:34.0846 0x1010  lltdsvc - ok
11:23:34.0861 0x1010  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:23:34.0892 0x1010  lmhosts - ok
11:23:34.0924 0x1010  [ AEF09673376A4D93C09E8341854F1BF4, A760244ABE5801AB4BEA91702F7926943DBEAC46311D50DAB8C635338585AFD5 ] LMouFlt2        C:\Windows\system32\DRIVERS\LMouFlt2.Sys
11:23:34.0939 0x1010  LMouFlt2 - ok
11:23:35.0048 0x1010  [ 98B16E756243BEA9410E32025B19C06F, C4F8663FF4C2F1123CC92D88004090AD06ED12FCD07706AE168333A33B269A53 ] LMS             C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:23:35.0064 0x1010  LMS - ok
11:23:35.0080 0x1010  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:23:35.0095 0x1010  LSI_FC - ok
11:23:35.0126 0x1010  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:23:35.0126 0x1010  LSI_SAS - ok
11:23:35.0142 0x1010  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:23:35.0158 0x1010  LSI_SAS2 - ok
11:23:35.0158 0x1010  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:23:35.0173 0x1010  LSI_SCSI - ok
11:23:35.0220 0x1010  [ C7827861DE5D67B214E3896D24F807AE, 2F04E972C94500DB079B94058C4E0DE205FEF368E3F8BBE1052C7AF01A127B6B ] Ltn_hyd7700pc   C:\Windows\system32\Drivers\Ltn_hyd7700pc.sys
11:23:35.0282 0x1010  Ltn_hyd7700pc - ok
11:23:35.0329 0x1010  [ 3651DE4E273C2CFF0573BB680701E742, 8186DA7BBAC38BFE77F5ACA36CFABF4FC9894E2BA410DB46D0B7980B53C2589D ] Ltn_rc          C:\Windows\system32\Drivers\Ltn_rc.sys
11:23:35.0376 0x1010  Ltn_rc - ok
11:23:35.0407 0x1010  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
11:23:35.0470 0x1010  luafv - ok
11:23:35.0501 0x1010  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:23:35.0532 0x1010  Mcx2Svc - ok
11:23:35.0548 0x1010  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:23:35.0563 0x1010  megasas - ok
11:23:35.0594 0x1010  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:23:35.0610 0x1010  MegaSR - ok
11:23:35.0657 0x1010  [ D86AC00883B9C98B570E7643AAF8E554, 4B4BDC01DC20F820A9D1E1B8E875B6445F9B920F0AB1E115ADD9651A368911C4 ] MEI             C:\Windows\system32\DRIVERS\HECI.sys
11:23:35.0719 0x1010  MEI - ok
11:23:35.0782 0x1010  Microsoft SharePoint Workspace Audit Service - ok
11:23:35.0813 0x1010  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
11:23:35.0844 0x1010  MMCSS - ok
11:23:35.0860 0x1010  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
11:23:35.0875 0x1010  Modem - ok
11:23:35.0891 0x1010  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:23:35.0922 0x1010  monitor - ok
11:23:35.0953 0x1010  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:23:35.0953 0x1010  mouclass - ok
11:23:35.0969 0x1010  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:23:36.0000 0x1010  mouhid - ok
11:23:36.0047 0x1010  [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:23:36.0062 0x1010  mountmgr - ok
11:23:36.0156 0x1010  [ 9E587AFE2AD4873C809F1E0C598AB435, 0B0ECFF265120BCBAC37CF9B53B18462725AB991D00B90DBEE8DD9375121DA4F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:23:36.0187 0x1010  MozillaMaintenance - ok
11:23:36.0218 0x1010  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:23:36.0234 0x1010  mpio - ok
11:23:36.0265 0x1010  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:23:36.0312 0x1010  mpsdrv - ok
11:23:36.0374 0x1010  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:23:36.0406 0x1010  MpsSvc - ok
11:23:36.0437 0x1010  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:23:36.0468 0x1010  MRxDAV - ok
11:23:36.0515 0x1010  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:23:36.0577 0x1010  mrxsmb - ok
11:23:36.0593 0x1010  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:23:36.0624 0x1010  mrxsmb10 - ok
11:23:36.0655 0x1010  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:23:36.0686 0x1010  mrxsmb20 - ok
11:23:36.0718 0x1010  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:23:36.0733 0x1010  msahci - ok
11:23:36.0780 0x1010  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:23:36.0796 0x1010  msdsm - ok
11:23:36.0811 0x1010  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
11:23:36.0827 0x1010  MSDTC - ok
11:23:36.0858 0x1010  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:23:36.0905 0x1010  Msfs - ok
11:23:36.0905 0x1010  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:23:36.0936 0x1010  mshidkmdf - ok
11:23:36.0983 0x1010  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:23:36.0998 0x1010  msisadrv - ok
11:23:37.0014 0x1010  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:23:37.0061 0x1010  MSiSCSI - ok
11:23:37.0061 0x1010  msiserver - ok
11:23:37.0076 0x1010  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:23:37.0108 0x1010  MSKSSRV - ok
11:23:37.0123 0x1010  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:23:37.0154 0x1010  MSPCLOCK - ok
11:23:37.0170 0x1010  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:23:37.0186 0x1010  MSPQM - ok
11:23:37.0217 0x1010  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:23:37.0217 0x1010  MsRPC - ok
11:23:37.0264 0x1010  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:23:37.0264 0x1010  mssmbios - ok
11:23:37.0279 0x1010  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:23:37.0295 0x1010  MSTEE - ok
11:23:37.0310 0x1010  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:23:37.0342 0x1010  MTConfig - ok
11:23:37.0357 0x1010  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:23:37.0373 0x1010  Mup - ok
11:23:37.0420 0x1010  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
11:23:37.0466 0x1010  napagent - ok
11:23:37.0498 0x1010  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:23:37.0513 0x1010  NativeWifiP - ok
11:23:37.0576 0x1010  [ 81E928EE3751FAF725C87CC17726C05D, 8AB84270DCB35F239B00FA4B9AC90E9520967B8188085D897F28E994CBF911FB ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130901.019\NAVENG.SYS
11:23:37.0591 0x1010  NAVENG - ok
11:23:37.0669 0x1010  [ E0C39FA6C76AE8ED53ABF043F35ECDFF, CD2F87D3CB64F3362508D1855B24F40F1C44CF4132E3626971CCF4E7C49E61D6 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130901.019\NAVEX15.SYS
11:23:37.0716 0x1010  NAVEX15 - ok
11:23:37.0778 0x1010  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:23:37.0810 0x1010  NDIS - ok
11:23:37.0825 0x1010  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:23:37.0841 0x1010  NdisCap - ok
11:23:37.0856 0x1010  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:23:37.0888 0x1010  NdisTapi - ok
11:23:37.0936 0x1010  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:23:37.0999 0x1010  Ndisuio - ok
11:23:38.0030 0x1010  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:23:38.0061 0x1010  NdisWan - ok
11:23:38.0108 0x1010  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:23:38.0139 0x1010  NDProxy - ok
11:23:38.0202 0x1010  [ 9213AA35BCA94EB79D366DA254E4BDF5, 5E1C71BEB6CFFF5A6F149E9FE6E169D087A6CBE63A504FEE8D42170284952F85 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl.sys
11:23:38.0233 0x1010  Netaapl - ok
11:23:38.0264 0x1010  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:23:38.0326 0x1010  NetBIOS - ok
11:23:38.0358 0x1010  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:23:38.0404 0x1010  NetBT - ok
11:23:38.0420 0x1010  [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] Netlogon        C:\Windows\system32\lsass.exe
11:23:38.0436 0x1010  Netlogon - ok
11:23:38.0451 0x1010  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
11:23:38.0482 0x1010  Netman - ok
11:23:38.0529 0x1010  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:23:38.0576 0x1010  NetMsmqActivator - ok
11:23:38.0607 0x1010  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:23:38.0623 0x1010  NetPipeActivator - ok
11:23:38.0638 0x1010  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
11:23:38.0685 0x1010  netprofm - ok
11:23:38.0716 0x1010  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:23:38.0716 0x1010  NetTcpActivator - ok
11:23:38.0732 0x1010  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:23:38.0732 0x1010  NetTcpPortSharing - ok
11:23:38.0763 0x1010  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:23:38.0779 0x1010  nfrd960 - ok
11:23:38.0888 0x1010  [ 1BF9D6476061B31CD7FC2BF848529A56, 95B585543240E823D7850ADEEEA7A4738EF9E18A4B07D921F145F6EF466F0271 ] NIS             C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
11:23:38.0904 0x1010  NIS - ok
         

Alt 05.05.2015, 08:37   #9
Floh312
 
Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Standard

TDS Killer Log Teil 1



Falscher Titel. Hier folgt TDSKiller Log Teil 2:

Code:
ATTFilter
11:23:38.0950 0x1010  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:23:39.0013 0x1010  NlaSvc - ok
11:23:39.0091 0x1010  [ 4F0DE685A96DC843CCC8A861B3FAC12D, C032DFDE32F74C1ED9111014873F1F36509BC3CFAFE4C99A0A1976495C6A7B82 ] nmwcdnsu        C:\Windows\system32\drivers\nmwcdnsu.sys
11:23:39.0153 0x1010  nmwcdnsu - ok
11:23:39.0169 0x1010  [ 578117C0C0CF10D99C8853E83C4BC63C, 79506B6DCE1DD6E716BC0F4A6594340D609A60D33E79F04F937139BF2002B2D4 ] nmwcdnsuc       C:\Windows\system32\drivers\nmwcdnsuc.sys
11:23:39.0184 0x1010  nmwcdnsuc - ok
11:23:39.0231 0x1010  [ 6623E51595C0076755C29C00846C4EB2, EB661942E3C552DD33B197A9A0BF6AB56CE5CB92BAC183A02B918F0CD3D80F97 ] npf             C:\Windows\system32\drivers\npf.sys
11:23:39.0247 0x1010  npf - ok
11:23:39.0262 0x1010  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:23:39.0294 0x1010  Npfs - ok
11:23:39.0325 0x1010  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
11:23:39.0372 0x1010  nsi - ok
11:23:39.0403 0x1010  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:23:39.0418 0x1010  nsiproxy - ok
11:23:39.0496 0x1010  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:23:39.0559 0x1010  Ntfs - ok
11:23:39.0559 0x1010  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
11:23:39.0606 0x1010  Null - ok
11:23:39.0652 0x1010  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:23:39.0668 0x1010  nvraid - ok
11:23:39.0684 0x1010  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:23:39.0699 0x1010  nvstor - ok
11:23:39.0699 0x1010  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:23:39.0715 0x1010  nv_agp - ok
11:23:39.0715 0x1010  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:23:39.0746 0x1010  ohci1394 - ok
11:23:39.0793 0x1010  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:23:39.0824 0x1010  ose - ok
11:23:40.0011 0x1010  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:23:40.0152 0x1010  osppsvc - ok
11:23:40.0183 0x1010  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:23:40.0198 0x1010  p2pimsvc - ok
11:23:40.0214 0x1010  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:23:40.0230 0x1010  p2psvc - ok
11:23:40.0261 0x1010  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:23:40.0292 0x1010  Parport - ok
11:23:40.0323 0x1010  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:23:40.0323 0x1010  partmgr - ok
11:23:40.0339 0x1010  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
11:23:40.0354 0x1010  Parvdm - ok
11:23:40.0386 0x1010  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:23:40.0448 0x1010  PcaSvc - ok
11:23:40.0495 0x1010  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
11:23:40.0510 0x1010  pci - ok
11:23:40.0557 0x1010  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
11:23:40.0573 0x1010  pciide - ok
11:23:40.0588 0x1010  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:23:40.0620 0x1010  pcmcia - ok
11:23:40.0635 0x1010  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:23:40.0635 0x1010  pcw - ok
11:23:40.0729 0x1010  [ C1C3BAF078BE5A14384A4BA2D730817D, 6E4D2F73A1CB250B3EE270CCE806A37EB2140E34EAF9F48C45CC12D2A451AA16 ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
11:23:40.0744 0x1010  PDFProFiltSrvPP - ok
11:23:40.0807 0x1010  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:23:40.0838 0x1010  PEAUTH - ok
11:23:40.0947 0x1010  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
11:23:41.0010 0x1010  PeerDistSvc - ok
11:23:41.0119 0x1010  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
11:23:41.0181 0x1010  pla - ok
11:23:41.0244 0x1010  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:23:41.0306 0x1010  PlugPlay - ok
11:23:41.0337 0x1010  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:23:41.0368 0x1010  PNRPAutoReg - ok
11:23:41.0384 0x1010  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:23:41.0400 0x1010  PNRPsvc - ok
11:23:41.0462 0x1010  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:23:41.0493 0x1010  PolicyAgent - ok
11:23:41.0509 0x1010  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
11:23:41.0556 0x1010  Power - ok
11:23:41.0587 0x1010  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:23:41.0602 0x1010  PptpMiniport - ok
11:23:41.0649 0x1010  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:23:41.0649 0x1010  Processor - ok
11:23:41.0696 0x1010  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:23:41.0743 0x1010  ProfSvc - ok
11:23:41.0774 0x1010  [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] ProtectedStorage C:\Windows\system32\lsass.exe
11:23:41.0821 0x1010  ProtectedStorage - ok
11:23:41.0852 0x1010  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:23:41.0899 0x1010  Psched - ok
11:23:41.0992 0x1010  [ 86724469CD077901706854974CD13C3E, 23C6B45928E43AC2893033DFC4265C2C87B3D185CB20553B9EAB818A46FB8C18 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
11:23:42.0008 0x1010  PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 )
11:23:44.0473 0x1010  Detect skipped due to KSN trusted
11:23:44.0473 0x1010  PxHelp20 - ok
11:23:44.0535 0x1010  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:23:44.0598 0x1010  ql2300 - ok
11:23:44.0613 0x1010  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:23:44.0613 0x1010  ql40xx - ok
11:23:44.0644 0x1010  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
11:23:44.0676 0x1010  QWAVE - ok
11:23:44.0691 0x1010  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:23:44.0707 0x1010  QWAVEdrv - ok
11:23:44.0707 0x1010  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:23:44.0738 0x1010  RasAcd - ok
11:23:44.0769 0x1010  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:23:44.0800 0x1010  RasAgileVpn - ok
11:23:44.0816 0x1010  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
11:23:44.0832 0x1010  RasAuto - ok
11:23:44.0847 0x1010  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:23:44.0878 0x1010  Rasl2tp - ok
11:23:44.0910 0x1010  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
11:23:44.0956 0x1010  RasMan - ok
11:23:44.0988 0x1010  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:23:45.0019 0x1010  RasPppoe - ok
11:23:45.0050 0x1010  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:23:45.0081 0x1010  RasSstp - ok
11:23:45.0097 0x1010  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:23:45.0175 0x1010  rdbss - ok
11:23:45.0222 0x1010  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:23:45.0253 0x1010  rdpbus - ok
11:23:45.0284 0x1010  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:23:45.0331 0x1010  RDPCDD - ok
11:23:45.0346 0x1010  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
11:23:45.0362 0x1010  RDPDR - ok
11:23:45.0409 0x1010  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:23:45.0440 0x1010  RDPENCDD - ok
11:23:45.0456 0x1010  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:23:45.0471 0x1010  RDPREFMP - ok
11:23:45.0534 0x1010  [ 83EE20D7160484C9172FDF0ACBDC8929, 520C0C685C43B2D39D5B6FA3DE61C2A91A3E0B40E912BABD38AF20972C91A895 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:23:45.0565 0x1010  RdpVideoMiniport - ok
11:23:45.0612 0x1010  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:23:45.0690 0x1010  RDPWD - ok
11:23:45.0768 0x1010  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:23:45.0799 0x1010  rdyboost - ok
11:23:45.0830 0x1010  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:23:45.0861 0x1010  RemoteAccess - ok
11:23:45.0892 0x1010  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:23:45.0939 0x1010  RemoteRegistry - ok
11:23:45.0955 0x1010  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:23:45.0986 0x1010  RpcEptMapper - ok
11:23:45.0986 0x1010  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
11:23:46.0017 0x1010  RpcLocator - ok
11:23:46.0064 0x1010  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
11:23:46.0095 0x1010  RpcSs - ok
11:23:46.0142 0x1010  [ 43110C2A2C5ED32EAD96C440718E4452, BAF6E770620AA5B7C80273BB062D6F8FBCD8761FC681C425CC888DD11315AFEC ] RRNetCap        C:\Windows\system32\DRIVERS\rrnetcap.sys
11:23:46.0158 0x1010  RRNetCap - ok
11:23:46.0158 0x1010  [ 43110C2A2C5ED32EAD96C440718E4452, BAF6E770620AA5B7C80273BB062D6F8FBCD8761FC681C425CC888DD11315AFEC ] RRNetCapMP      C:\Windows\system32\DRIVERS\rrnetcap.sys
11:23:46.0158 0x1010  RRNetCapMP - ok
11:23:46.0189 0x1010  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:23:46.0220 0x1010  rspndr - ok
11:23:46.0298 0x1010  [ 2D4705361D73E83BD55FC7D9CACBF7BA, BD520397AC41669AE936CFDFDEF2BFB88349CFEF0A586B53A2A44B8492948838 ] RTL8192cu       C:\Windows\system32\DRIVERS\RTL8192cu.sys
11:23:46.0345 0x1010  RTL8192cu - ok
11:23:46.0376 0x1010  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
11:23:46.0423 0x1010  s3cap - ok
11:23:46.0438 0x1010  [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] SamSs           C:\Windows\system32\lsass.exe
11:23:46.0454 0x1010  SamSs - ok
11:23:46.0470 0x1010  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:23:46.0485 0x1010  sbp2port - ok
11:23:46.0532 0x1010  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:23:46.0548 0x1010  SCardSvr - ok
11:23:46.0563 0x1010  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:23:46.0579 0x1010  scfilter - ok
11:23:46.0641 0x1010  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
11:23:46.0688 0x1010  Schedule - ok
11:23:46.0782 0x1010  [ AA3F58564A552818A369896111F84A8C, DEA41B76D7189766B08CBACA82EB1CECEE9567C8FCA8E7FDCCC84E056903C861 ] ScopeItPort     C:\SCOPE-IT\ScopeIt.sys
11:23:46.0797 0x1010  ScopeItPort - detected UnsignedFile.Multi.Generic ( 1 )
11:23:49.0309 0x1010  ScopeItPort ( UnsignedFile.Multi.Generic ) - warning
11:23:49.0309 0x1010  Force sending object to P2P due to detect: ScopeItPort
11:23:51.0805 0x1010  Object send P2P result: true
11:23:54.0316 0x1010  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:23:54.0348 0x1010  SCPolicySvc - ok
11:23:54.0379 0x1010  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:23:54.0426 0x1010  SDRSVC - ok
11:23:54.0457 0x1010  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:23:54.0504 0x1010  secdrv - ok
11:23:54.0504 0x1010  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
11:23:54.0550 0x1010  seclogon - ok
11:23:54.0566 0x1010  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
11:23:54.0582 0x1010  SENS - ok
11:23:54.0582 0x1010  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:23:54.0613 0x1010  SensrSvc - ok
11:23:54.0613 0x1010  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:23:54.0613 0x1010  Serenum - ok
11:23:54.0644 0x1010  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:23:54.0675 0x1010  Serial - ok
11:23:54.0722 0x1010  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:23:54.0753 0x1010  sermouse - ok
11:23:54.0800 0x1010  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:23:54.0847 0x1010  SessionEnv - ok
11:23:54.0862 0x1010  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:23:54.0894 0x1010  sffdisk - ok
11:23:54.0894 0x1010  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:23:54.0925 0x1010  sffp_mmc - ok
11:23:54.0956 0x1010  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:23:54.0987 0x1010  sffp_sd - ok
11:23:55.0003 0x1010  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:23:55.0034 0x1010  sfloppy - ok
11:23:55.0081 0x1010  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:23:55.0128 0x1010  SharedAccess - ok
11:23:55.0143 0x1010  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:23:55.0174 0x1010  ShellHWDetection - ok
11:23:55.0190 0x1010  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
11:23:55.0206 0x1010  sisagp - ok
11:23:55.0206 0x1010  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:23:55.0221 0x1010  SiSRaid2 - ok
11:23:55.0237 0x1010  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:23:55.0237 0x1010  SiSRaid4 - ok
11:23:55.0268 0x1010  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:23:55.0299 0x1010  Smb - ok
11:23:55.0346 0x1010  [ C3BF55189AA92B8F919108EF9E4ACCAE, BC61B8E6D54C630A493DD09F33BDA4019EC8F7D9041383B36071E4BDDA680AB8 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
11:23:55.0362 0x1010  snapman - ok
11:23:55.0362 0x1010  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:23:55.0377 0x1010  SNMPTRAP - ok
11:23:55.0440 0x1010  [ FFC5F7ED77AA59AA0A6B70F3D7A22A93, F0EF3A1A8C74CDD9EE0EF585F0489385573D764DE75E14FA8ADFEA05112935DA ] Sound Blaster X-Fi MB Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
11:23:55.0440 0x1010  Sound Blaster X-Fi MB Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
11:23:57.0891 0x1010  Detect skipped due to KSN trusted
11:23:57.0891 0x1010  Sound Blaster X-Fi MB Licensing Service - ok
11:23:57.0906 0x1010  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:23:57.0922 0x1010  spldr - ok
11:23:57.0984 0x1010  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
11:23:58.0062 0x1010  Spooler - ok
11:23:58.0203 0x1010  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
11:23:58.0312 0x1010  sppsvc - ok
11:23:58.0359 0x1010  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:23:58.0390 0x1010  sppuinotify - ok
11:23:58.0499 0x1010  [ C743E384E9EFCA10B41C60D406DE39C0, A8872FE127F374D6008D161FFD9792B17E8DA8F6E8C74C52E06B92AB19E9FAFB ] SRTSP           C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS
11:23:58.0515 0x1010  SRTSP - ok
11:23:58.0546 0x1010  [ FE9BD381778A344F0E39AE2D5E607D7F, 04F7EEE5ADF802BE120CFC730D5D5B97AF561278ABDE3C094E43174886C3867B ] SRTSPX          C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS
11:23:58.0562 0x1010  SRTSPX - ok
11:23:58.0593 0x1010  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:23:58.0640 0x1010  srv - ok
11:23:58.0671 0x1010  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:23:58.0702 0x1010  srv2 - ok
11:23:58.0718 0x1010  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:23:58.0749 0x1010  srvnet - ok
11:23:58.0764 0x1010  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:23:58.0796 0x1010  SSDPSRV - ok
11:23:58.0827 0x1010  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
11:23:58.0842 0x1010  ssmdrv - ok
11:23:58.0858 0x1010  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:23:58.0874 0x1010  SstpSvc - ok
11:23:58.0889 0x1010  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:23:58.0905 0x1010  stexstor - ok
11:23:58.0967 0x1010  [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
11:23:58.0998 0x1010  StillCam - ok
11:23:59.0061 0x1010  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
11:23:59.0092 0x1010  StiSvc - ok
11:23:59.0123 0x1010  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
11:23:59.0139 0x1010  storflt - ok
11:23:59.0154 0x1010  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
11:23:59.0170 0x1010  storvsc - ok
11:23:59.0201 0x1010  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:23:59.0201 0x1010  swenum - ok
11:23:59.0217 0x1010  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
11:23:59.0248 0x1010  swprv - ok
11:23:59.0279 0x1010  [ 5A193E5E0F0A776430E5D62A051C1E16, A65E927581CD92F9769F540D3292EF12299273F9EEE99DECAE01E2B52B8DB465 ] SymDS           C:\Windows\system32\drivers\NIS\1404000.028\SYMDS.SYS
11:23:59.0295 0x1010  SymDS - ok
11:23:59.0342 0x1010  [ 1773FB2920EBB3A8BAD0360618091470, 82ABB41801BB4DBADEC8AED8579F0B2BC4D704B1559F768DC223FCB0B13C6A01 ] SymEFA          C:\Windows\system32\drivers\NIS\1404000.028\SYMEFA.SYS
11:23:59.0357 0x1010  SymEFA - ok
11:23:59.0420 0x1010  [ F50D81D3E0C7A353F205562B89CD06D6, 5D5B3685A6D9B16575C01FCC7A701458524B875F3FBC0EE6D42008E6087D93CC ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
11:23:59.0435 0x1010  SymEvent - ok
11:23:59.0451 0x1010  [ 8C9B9036E301A9965CF15BEC91C58A12, B96C5FF47880552277596FB3CBEEBCFE91115331DB9A77B2A0D8ABA2AFCDF0AF ] SymIRON         C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS
11:23:59.0466 0x1010  SymIRON - ok
11:23:59.0482 0x1010  [ AF879C2A9DBF8529E1F8169B8BAC643C, 6034D7C293EDFAD5BBC76D67CAC999BCF77D41744BDAAA9EEE5E9BE509F04739 ] SymNetS         C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS
11:23:59.0498 0x1010  SymNetS - ok
11:23:59.0498 0x1010  Synth3dVsc - ok
11:23:59.0576 0x1010  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
11:23:59.0622 0x1010  SysMain - ok
11:23:59.0669 0x1010  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
11:23:59.0716 0x1010  TabletInputService - ok
11:23:59.0763 0x1010  [ 8CF6E2AE1707D82E904ECCA68CEF8B87, 623765F0E5521B9EDDDEF3A3683C2E4A1FB6D96E80CC7CD22426066FE0D4843A ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
11:23:59.0794 0x1010  tap0901 - ok
11:23:59.0841 0x1010  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:23:59.0888 0x1010  TapiSrv - ok
11:23:59.0950 0x1010  [ 77BD6143C6DCE0A1BF7B5571BED860DC, B628CBA8FF127506C26B2E599A1588255CFD733721B7425D944306E2059C71BA ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
11:23:59.0950 0x1010  tbhsd - ok
11:23:59.0981 0x1010  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
11:24:00.0012 0x1010  TBS - ok
11:24:00.0106 0x1010  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:24:00.0153 0x1010  Tcpip - ok
11:24:00.0200 0x1010  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:24:00.0231 0x1010  TCPIP6 - ok
11:24:00.0278 0x1010  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:24:00.0309 0x1010  tcpipreg - ok
11:24:00.0340 0x1010  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:24:00.0402 0x1010  TDPIPE - ok
11:24:00.0449 0x1010  [ 3B7B6779EB231F731BBA8F9FE67AADFC, 869783334C97F321B2C8D3F93D62233D4FAF35BD5B4DBD468429287D14CCBAAA ] tdrpman         C:\Windows\system32\DRIVERS\tdrpman.sys
11:24:00.0480 0x1010  tdrpman - ok
11:24:00.0512 0x1010  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:24:00.0512 0x1010  TDTCP - ok
11:24:00.0558 0x1010  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:24:00.0621 0x1010  tdx - ok
11:24:00.0652 0x1010  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:24:00.0668 0x1010  TermDD - ok
11:24:00.0714 0x1010  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
11:24:00.0792 0x1010  TermService - ok
11:24:00.0808 0x1010  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
11:24:00.0839 0x1010  Themes - ok
11:24:00.0839 0x1010  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
11:24:00.0870 0x1010  THREADORDER - ok
11:24:00.0886 0x1010  [ B0B3122BFF3910E0BA97014045467778, C4D8A2A9C18C24B609B084DD63F059E177B42D018C1975458857463239624156 ] tifsfilter      C:\Windows\system32\DRIVERS\tifsfilt.sys
11:24:00.0902 0x1010  tifsfilter - ok
11:24:00.0917 0x1010  [ 13BFE330880AC0CE8672D00AA5AFF738, 0A46BDDCA70109617779A11BAE6D30FEB84DE000D85C9ACD1E293B82C2E5BA64 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
11:24:00.0933 0x1010  timounter - ok
11:24:00.0948 0x1010  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
11:24:00.0980 0x1010  TrkWks - ok
11:24:01.0026 0x1010  [ 746B8CF9CEDEDDD865472544EDF626DA, 17B41796D8E3252695E6BA7AC32E51E09F79FEC6426A4A8462290144E3DDF858 ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
11:24:01.0058 0x1010  truecrypt - ok
11:24:01.0120 0x1010  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:24:01.0167 0x1010  TrustedInstaller - ok
11:24:01.0245 0x1010  [ 484D4D0CA6C346248A4B14D807FB28A9, 27518456EE2A837FE028465CC533941589FB29B4355D8B438AECE707F96784E3 ] TryAndDecideService C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
11:24:01.0260 0x1010  TryAndDecideService - ok
11:24:01.0307 0x1010  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:24:01.0338 0x1010  tssecsrv - ok
11:24:01.0370 0x1010  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:24:01.0416 0x1010  TsUsbFlt - ok
11:24:01.0416 0x1010  tsusbhub - ok
11:24:01.0479 0x1010  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:24:01.0526 0x1010  tunnel - ok
11:24:01.0541 0x1010  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:24:01.0557 0x1010  uagp35 - ok
11:24:01.0572 0x1010  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:24:01.0588 0x1010  udfs - ok
11:24:01.0604 0x1010  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:24:01.0619 0x1010  UI0Detect - ok
11:24:01.0666 0x1010  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:24:01.0682 0x1010  uliagpkx - ok
11:24:01.0713 0x1010  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:24:01.0744 0x1010  umbus - ok
11:24:01.0760 0x1010  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:24:01.0775 0x1010  UmPass - ok
11:24:01.0822 0x1010  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
11:24:01.0869 0x1010  UmRdpService - ok
11:24:02.0087 0x1010  [ 7A78ED1088890114DFDE2C4AB038D6B6, B52357594A90A8BCF5F96FA630F52BB1274A2FE814AF0270D21C892871D076FC ] UNS             C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:24:02.0165 0x1010  UNS - ok
11:24:02.0181 0x1010  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
11:24:02.0196 0x1010  upnphost - ok
11:24:02.0228 0x1010  [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
11:24:02.0259 0x1010  USBAAPL - ok
11:24:02.0290 0x1010  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
11:24:02.0352 0x1010  usbccgp - ok
11:24:02.0399 0x1010  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:24:02.0430 0x1010  usbcir - ok
11:24:02.0462 0x1010  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\drivers\usbehci.sys
11:24:02.0493 0x1010  usbehci - ok
11:24:02.0524 0x1010  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:24:02.0555 0x1010  usbhub - ok
11:24:02.0571 0x1010  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:24:02.0602 0x1010  usbohci - ok
11:24:02.0618 0x1010  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:24:02.0633 0x1010  usbprint - ok
11:24:02.0680 0x1010  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:24:02.0711 0x1010  usbscan - ok
11:24:02.0727 0x1010  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:24:02.0789 0x1010  USBSTOR - ok
11:24:02.0805 0x1010  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:24:02.0836 0x1010  usbuhci - ok
11:24:02.0867 0x1010  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
11:24:02.0914 0x1010  UxSms - ok
11:24:02.0930 0x1010  [ 981CE3E3A653511799F4A862494B66A8, 414D975387A118535E39636413969A7D4C98A85E542A44B8FA515C8A20D6093F ] VaultSvc        C:\Windows\system32\lsass.exe
11:24:02.0961 0x1010  VaultSvc - ok
11:24:02.0992 0x1010  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:24:03.0008 0x1010  vdrvroot - ok
11:24:03.0070 0x1010  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
11:24:03.0101 0x1010  vds - ok
11:24:03.0148 0x1010  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:24:03.0164 0x1010  vga - ok
11:24:03.0179 0x1010  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:24:03.0210 0x1010  VgaSave - ok
11:24:03.0210 0x1010  VGPU - ok
11:24:03.0273 0x1010  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:24:03.0288 0x1010  vhdmp - ok
11:24:03.0304 0x1010  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
11:24:03.0320 0x1010  viaagp - ok
11:24:03.0335 0x1010  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
11:24:03.0382 0x1010  ViaC7 - ok
11:24:03.0413 0x1010  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:24:03.0429 0x1010  viaide - ok
11:24:03.0444 0x1010  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
11:24:03.0460 0x1010  vmbus - ok
11:24:03.0491 0x1010  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
11:24:03.0507 0x1010  VMBusHID - ok
11:24:03.0522 0x1010  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:24:03.0538 0x1010  volmgr - ok
11:24:03.0554 0x1010  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:24:03.0569 0x1010  volmgrx - ok
11:24:03.0632 0x1010  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:24:03.0647 0x1010  volsnap - ok
11:24:03.0663 0x1010  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
11:24:03.0678 0x1010  vsmraid - ok
11:24:03.0741 0x1010  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
11:24:03.0803 0x1010  VSS - ok
11:24:03.0819 0x1010  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:24:03.0850 0x1010  vwifibus - ok
11:24:03.0866 0x1010  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:24:03.0881 0x1010  vwififlt - ok
11:24:03.0912 0x1010  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
11:24:03.0944 0x1010  W32Time - ok
11:24:03.0959 0x1010  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:24:03.0990 0x1010  WacomPen - ok
11:24:04.0037 0x1010  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:24:04.0068 0x1010  WANARP - ok
11:24:04.0084 0x1010  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:24:04.0100 0x1010  Wanarpv6 - ok
11:24:04.0162 0x1010  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
11:24:04.0224 0x1010  wbengine - ok
11:24:04.0256 0x1010  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:24:04.0271 0x1010  WbioSrvc - ok
11:24:04.0302 0x1010  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:24:04.0334 0x1010  wcncsvc - ok
11:24:04.0349 0x1010  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:24:04.0412 0x1010  WcsPlugInService - ok
11:24:04.0474 0x1010  [ 147C60622CB53E901EFD8BB6D44A4C46, 453E9DDBE17C9C54C60BD160BBA045B39914A70B6DF7B6C530D68333944C43FB ] WCUService_STC_IE C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
11:24:04.0490 0x1010  WCUService_STC_IE - ok
11:24:04.0505 0x1010  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:24:04.0521 0x1010  Wd - ok
11:24:04.0568 0x1010  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:24:04.0599 0x1010  Wdf01000 - ok
11:24:04.0614 0x1010  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:24:04.0677 0x1010  WdiServiceHost - ok
11:24:04.0692 0x1010  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:24:04.0708 0x1010  WdiSystemHost - ok
11:24:04.0739 0x1010  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
11:24:04.0802 0x1010  WebClient - ok
11:24:04.0833 0x1010  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:24:04.0864 0x1010  Wecsvc - ok
11:24:04.0911 0x1010  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:24:04.0942 0x1010  wercplsupport - ok
11:24:04.0958 0x1010  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
11:24:04.0973 0x1010  WerSvc - ok
11:24:04.0989 0x1010  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:24:05.0020 0x1010  WfpLwf - ok
11:24:05.0036 0x1010  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:24:05.0051 0x1010  WIMMount - ok
11:24:05.0129 0x1010  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
11:24:05.0223 0x1010  WinDefend - ok
11:24:05.0223 0x1010  WinHttpAutoProxySvc - ok
11:24:05.0270 0x1010  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:24:05.0316 0x1010  Winmgmt - ok
11:24:05.0394 0x1010  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
11:24:05.0441 0x1010  WinRM - ok
11:24:05.0519 0x1010  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:24:05.0535 0x1010  WinUsb - ok
11:24:05.0582 0x1010  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:24:05.0628 0x1010  Wlansvc - ok
11:24:05.0722 0x1010  [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:24:05.0753 0x1010  wlidsvc - ok
11:24:05.0784 0x1010  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:24:05.0800 0x1010  WmiAcpi - ok
11:24:05.0816 0x1010  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:24:05.0831 0x1010  wmiApSrv - ok
11:24:05.0940 0x1010  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:24:06.0018 0x1010  WMPNetworkSvc - ok
11:24:06.0034 0x1010  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:24:06.0065 0x1010  WPCSvc - ok
11:24:06.0096 0x1010  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:24:06.0143 0x1010  WPDBusEnum - ok
11:24:06.0159 0x1010  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:24:06.0190 0x1010  ws2ifsl - ok
11:24:06.0190 0x1010  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
11:24:06.0206 0x1010  wscsvc - ok
11:24:06.0252 0x1010  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
11:24:06.0284 0x1010  WSDPrintDevice - ok
11:24:06.0284 0x1010  WSearch - ok
11:24:06.0377 0x1010  [ 7E5C454A3F986FEBAD075DB8D915917E, 9E9147DDACD075958689523130DB92FC4ED0E38433461D8AB8792BCFBD9376DA ] wuauserv        C:\Windows\system32\wuaueng.dll
11:24:06.0471 0x1010  wuauserv - ok
11:24:06.0486 0x1010  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:24:06.0533 0x1010  WudfPf - ok
11:24:06.0564 0x1010  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:24:06.0580 0x1010  WUDFRd - ok
11:24:06.0627 0x1010  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:24:06.0658 0x1010  wudfsvc - ok
11:24:06.0689 0x1010  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:24:06.0736 0x1010  WwanSvc - ok
11:24:06.0752 0x1010  ================ Scan global ===============================
11:24:06.0798 0x1010  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
11:24:06.0845 0x1010  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
11:24:06.0861 0x1010  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
11:24:06.0892 0x1010  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
11:24:06.0908 0x1010  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
11:24:06.0908 0x1010  [ Global ] - ok
11:24:06.0908 0x1010  ================ Scan MBR ==================================
11:24:06.0923 0x1010  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:24:07.0126 0x1010  \Device\Harddisk0\DR0 - ok
11:24:07.0126 0x1010  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
11:24:07.0282 0x1010  \Device\Harddisk1\DR1 - ok
11:24:07.0282 0x1010  ================ Scan VBR ==================================
11:24:07.0282 0x1010  [ EBBDAC3DB22B3F0C08BF96242D0E5BE1 ] \Device\Harddisk0\DR0\Partition1
11:24:07.0282 0x1010  \Device\Harddisk0\DR0\Partition1 - ok
11:24:07.0298 0x1010  [ 963C4400AB1C1AD71F7C610E408382B7 ] \Device\Harddisk0\DR0\Partition2
11:24:07.0298 0x1010  \Device\Harddisk0\DR0\Partition2 - ok
11:24:07.0298 0x1010  [ 81AA0BD93000EC7184C0C39DB7709F0E ] \Device\Harddisk0\DR0\Partition3
11:24:07.0298 0x1010  \Device\Harddisk0\DR0\Partition3 - ok
11:24:07.0298 0x1010  [ 15CC24BCDCC0859A20A2CDCAB66D4C0B ] \Device\Harddisk1\DR1\Partition1
11:24:07.0313 0x1010  \Device\Harddisk1\DR1\Partition1 - ok
11:24:07.0313 0x1010  ================ Scan generic autorun ======================
11:24:07.0344 0x1010  [ 7DA77557B339A4CDC6EAB9327331E321, 5B7601ACC60A698F01E46F4924B2ADCBA8B152B3A006BF906E75F466CE80E0D3 ] C:\Windows\system32\igfxtray.exe
11:24:07.0360 0x1010  IgfxTray - ok
11:24:07.0376 0x1010  [ 0B92113765B45B1C0458593A6B87D379, 36DCA820699F950D8A23838F541B0DA5E9F01D5AEFAB26EBDD5DEE9EB53F0F37 ] C:\Windows\system32\hkcmd.exe
11:24:07.0391 0x1010  HotKeysCmds - ok
11:24:07.0391 0x1010  [ B7480BA5924D07D5797C834E4B158EEB, 644690A82083C6DB0668400C0435A3F49937B86F68C33E91C3CD08D84B891C87 ] C:\Windows\system32\igfxpers.exe
11:24:07.0407 0x1010  Persistence - ok
11:24:07.0563 0x1010  [ 1248D3C920BFC59FE8B9D1C0808167D7, 8CA1AAA564F0EC5ED8DAEEDE8EF6A5A4B63CBCF030A390ADDDEECD5E03092934 ] C:\Program Files\XFastUsb\XFastUsb.exe
11:24:07.0734 0x1010  XFastUsb - detected UnsignedFile.Multi.Generic ( 1 )
11:24:10.0170 0x1010  Detect skipped due to KSN trusted
11:24:10.0170 0x1010  XFastUsb - ok
11:24:10.0279 0x1010  [ 629B12D94C228F8C59AD15EB76F02A6E, 2A447A955829CCBBA181205D908166BBAD9993B40EC0B9A5FA0D28334A49B0F6 ] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
11:24:10.0326 0x1010  CTSyncService - detected UnsignedFile.Multi.Generic ( 1 )
11:24:12.0791 0x1010  Detect skipped due to KSN trusted
11:24:12.0791 0x1010  CTSyncService - ok
11:24:12.0900 0x1010  [ 43A4F52F7A38ED9EE0AACA36FE6DAC5D, 1701C050E18E98BB9AD29568B8A50D1F907E6F6EF53520D53EF281B847C5B0C9 ] C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
11:24:12.0916 0x1010  VolPanel - detected UnsignedFile.Multi.Generic ( 1 )
11:24:15.0380 0x1010  Detect skipped due to KSN trusted
11:24:15.0380 0x1010  VolPanel - ok
11:24:15.0412 0x1010  [ C419DF63E0121D72411285780C2FC6CC, F47F854D327C589D174D3BB5B55D5C05F5ACA73DF52A6BEF47596B9010190291 ] C:\Windows\UpdReg.EXE
11:24:15.0427 0x1010  UpdReg - detected UnsignedFile.Multi.Generic ( 1 )
11:24:17.0892 0x1010  Detect skipped due to KSN trusted
11:24:17.0892 0x1010  UpdReg - ok
11:24:17.0908 0x1010  [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\system32\RunDLL32.exe
11:24:17.0939 0x1010  RunDLLEntry - ok
11:24:17.0970 0x1010  [ 34A14CD6B6E9C8BFBABEAF6EED5149BB, C50DEC821FB661F4514D8F1D24A48C38135518D21DF4CC8BB0EDD5B463AEAE4C ] C:\Windows\Logi_MwX.Exe
11:24:18.0001 0x1010  Logitech Utility - ok
11:24:18.0048 0x1010  [ 27BF45E6900AE1056DAF0B5647E2E266, B363E8B8E117912567299A6429A4E99307FD689EE981F2E40C046D513D3E7FAB ] C:\Program Files\ControlCenter4\BrCcBoot.exe
11:24:18.0064 0x1010  ControlCenter4 - detected UnsignedFile.Multi.Generic ( 1 )
11:24:21.0106 0x1010  Detect skipped due to KSN trusted
11:24:21.0106 0x1010  ControlCenter4 - ok
11:24:21.0246 0x1010  [ 7F42FFCD6FF7CA558C2D95DADCD5EFA9, CD9E71A718AD3FF465950A7D3937884154F021A296C301BE2FECD0AE69F04713 ] C:\Program Files\Browny02\Brother\BrStMonW.exe
11:24:21.0324 0x1010  BrStsMon00 - detected UnsignedFile.Multi.Generic ( 1 )
11:24:23.0773 0x1010  Detect skipped due to KSN trusted
11:24:23.0773 0x1010  BrStsMon00 - ok
11:24:23.0820 0x1010  [ 07C4EBD3107799774FA3103956CD1C40, BB798DE0F18D2A28B18467D958B68C23DBA0A802512C36E708D9EBD9352492F6 ] C:\Program Files\Nuance\PaperPort\IndexSearch.exe
11:24:23.0836 0x1010  IndexSearch - ok
11:24:23.0867 0x1010  [ E5F1D2C7D51C816437BBE2306828BC4B, BBBEB3294EF02F3E4C73A3A2FAE83C261A095602D86E1FF272C6FDFCE0C05E1B ] C:\Program Files\Nuance\PaperPort\pptd40nt.exe
11:24:23.0882 0x1010  PaperPort PTD - ok
11:24:23.0898 0x1010  [ 0D1D2FBAE112BDDB9F77B7BC7A956D3A, BD833CF275B4EC4EC12E868EB2EE049A6F9F0792A326BEAEB1433586257C098F ] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe
11:24:23.0929 0x1010  PPort12reminder - ok
11:24:24.0085 0x1010  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
11:24:24.0116 0x1010  Adobe ARM - ok
11:24:24.0163 0x1010  [ 322CF4872B86852FB584AA37250AC619, 7C6576904A62E2187E9951B08F554D26597ADEC8BC484ABA70057F16D8DD69F2 ] C:\Program Files\FreePDF_XP\fpassist.exe
11:24:24.0194 0x1010  FreePDF Assistant - detected UnsignedFile.Multi.Generic ( 1 )
11:24:26.0644 0x1010  Detect skipped due to KSN trusted
11:24:26.0644 0x1010  FreePDF Assistant - ok
11:24:26.0722 0x1010  [ 09E60B4FE341A94A300830C008907099, 5F07868953FAA8FFA9E6477F6BAC52DEEDF3EA4A3F8AF5B4E15878D8240223AB ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
11:24:26.0737 0x1010  APSDaemon - ok
11:24:27.0081 0x1010  [ 11B774FB1DC1F8C49537BB4CFB6480C0, 692B0CA7C4CB03B46BF154CBFE589906DDBF4C9FBDF14C40DF28CDEA35133D48 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
11:24:27.0301 0x1010  RtHDVCpl - ok
11:24:27.0348 0x1010  [ E7D75EC4BBD08FF5B16F875BA4EA810D, 85F7F034E1CA7CE8804AED6109F25E87CFB61FC09D5CC7C2B7E9A1555C04587C ] C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
11:24:27.0379 0x1010  ZyngaGamesAgent - ok
11:24:27.0410 0x1010  [ 5B7ACC0673B3D754DE31EB1A7F488EB2, DBC3540946844CD9A7F550B4645D468A25721A1A04C5B3D29C1AD9512598F91F ] C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe
11:24:27.0441 0x1010  STCAgent - ok
11:24:27.0566 0x1010  [ 1B28396AE4175E8F8EC65A52E5118452, 2903FA5F9AC50B010AAB47C4A968227CF999E0D9871C8B7015C9976FDAE541C7 ] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
11:24:27.0629 0x1010  TrueImageMonitor.exe - ok
11:24:27.0660 0x1010  [ 555EEA25924E31CDF13F0F35D0FC6124, 0A874916A73BBDD2B219C3E2F7CF1D9EA3F832EB6652CC02F0F2152CD0092444 ] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
11:24:27.0691 0x1010  AcronisTimounterMonitor - ok
11:24:27.0738 0x1010  [ 43A9C12912DAFC92E5C84337ABA4B6AB, 82BE06716DB36A67F1B740DBB4992DFC6D37B27C9B9B25F7E1D4697C6DCAC66E ] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
11:24:27.0753 0x1010  Acronis Scheduler2 Service - ok
11:24:27.0831 0x1010  [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
11:24:27.0847 0x1010  SunJavaUpdateSched - ok
11:24:27.0909 0x1010  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
11:24:27.0925 0x1010  BCSSync - ok
11:24:28.0034 0x1010  [ 5C9C368F9088865CCB946F124339E746, 2362C53D2FA48F033FFECD2580EF4247E5AB2CC1DA7D75EA7DE48BDF3889D6D8 ] C:\Program Files\KeePass Password Safe 2\KeePass.exe
11:24:28.0097 0x1010  KeePass 2 PreLoad - detected UnsignedFile.Multi.Generic ( 1 )
11:24:30.0563 0x1010  Detect skipped due to KSN trusted
11:24:30.0563 0x1010  KeePass 2 PreLoad - ok
11:24:30.0626 0x1010  [ 0EF0822810009D58118CCDFD098FA9F4, 9FAA263057898BCDBCB0A064C463F48D149474AA339A3C4C47626CC118750D2D ] C:\Program Files\iTunes\iTunesHelper.exe
11:24:30.0641 0x1010  iTunesHelper - ok
11:24:30.0704 0x1010  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files\QuickTime\QTTask.exe
11:24:30.0719 0x1010  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
11:24:33.0184 0x1010  Detect skipped due to KSN trusted
11:24:33.0184 0x1010  QuickTime Task - ok
11:24:33.0387 0x1010  [ 3E23D1F7E91627DBD44AC82077E2BA7C, 09235370B85EF5FEA24F1291B9ADAD805C8D7357A78EF8CE3BA0E913F59145EC ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
11:24:33.0434 0x1010  avgnt - ok
11:24:33.0512 0x1010  [ CB08561AB36857CCF74BF11475C9AEB2, 5F15F6868A719A0A84D3E0FE2BC4E76975C50FA99D642279DDA972269ADFDB8B ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
11:24:33.0527 0x1010  Avira Systray - ok
11:24:33.0621 0x1010  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
11:24:33.0699 0x1010  Sidebar - ok
11:24:33.0730 0x1010  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
11:24:33.0746 0x1010  mctadmin - ok
11:24:33.0777 0x1010  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
11:24:33.0824 0x1010  Sidebar - ok
11:24:33.0824 0x1010  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
11:24:33.0839 0x1010  mctadmin - ok
11:24:33.0839 0x1010  ISUSPM - ok
11:24:33.0917 0x1010  [ 373BC350CFB2ADB86A8891EA0A29914C, 87612CCE42A80D501446892246153833926892845696DADD209964E1763F06BB ] C:\Program Files\PureSync\PureSyncTray.exe
11:24:33.0949 0x1010  PureSync - ok
11:24:34.0089 0x1010  [ 7B6CB5C60E549B746FA8DEEE82C5BB53, 8E6D0EFE5FC085D09991BCAD39A52322224B4F87397CEE253CEC1996F4A85327 ] C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
11:24:34.0105 0x1010  AceStream - ok
11:24:34.0167 0x1010  [ 43DFDE6570A948A178000348950B3546, 120963113D9AB4144374D7849D74C93BC495F484C6A76B6960B7EF166A3DFD74 ] C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
11:24:34.0198 0x1010  AceWebException - ok
11:24:34.0307 0x1010  [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
11:24:34.0323 0x1010  ISUSPM - ok
11:24:34.0385 0x1010  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files\QuickTime\QTTask.exe
11:24:34.0417 0x1010  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
11:24:34.0417 0x1010  Detect skipped due to KSN trusted
11:24:34.0417 0x1010  QuickTime Task - ok
11:24:34.0417 0x1010  Waiting for KSN requests completion. In queue: 20
11:24:35.0431 0x1010  Waiting for KSN requests completion. In queue: 10
11:24:36.0445 0x1010  Waiting for KSN requests completion. In queue: 10
11:24:37.0490 0x1010  AV detected via SS2: Avira Antivirus, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.9.460 ), 0x41000 ( enabled : updated )
11:24:37.0505 0x1010  AV detected via SS2: Norton Internet Security CBE, C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\WSCStub.exe ( 20.4.0.0 ), 0x50000 ( disabled : updated )
11:24:37.0505 0x1010  FW detected via SS2: Norton Internet Security CBE, C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\WSCStub.exe ( 20.4.0.0 ), 0x50010 ( disabled )
11:24:37.0521 0x1010  Win FW state via NFP2: enabled
11:24:39.0894 0x1010  ============================================================
11:24:39.0894 0x1010  Scan finished
11:24:39.0894 0x1010  ============================================================
11:24:39.0894 0x1a34  Detected object count: 1
11:24:39.0894 0x1a34  Actual detected object count: 1
11:25:10.0560 0x1a34  ScopeItPort ( UnsignedFile.Multi.Generic ) - skipped by user
11:25:10.0560 0x1a34  ScopeItPort ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:25:18.0749 0x17c4  Deinitialize success
         

Geändert von Floh312 (05.05.2015 um 08:39 Uhr) Grund: Das war ein Doppelpost. Jetzt kopier ich Teil 2 rein.

Alt 05.05.2015, 11:40   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Standard

Aus Email Anhang von DHL TR/Emotet.A.92 installiert



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.05.2015, 12:06   #11
Floh312
 
Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Standard

Kein Logfile



Hallo,

Combofix ist ohne Fehlermeldung durchgelaufen. Nach Neustart des Rechners gabs die von dir angekündigte Fehlermeldung: Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde."

Ich hab die Meldung weggeclickt und den Rechner neugestartet. Die Fehlermeldung tauchte auch nicht mehr auf. Einen Logfile combofix.txt find ich nirgends. Wat nu?

VG
Floh

Alt 06.05.2015, 15:37   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Standard

Aus Email Anhang von DHL TR/Emotet.A.92 installiert



Poste mal bitte ein frisches FRST Log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.05.2015, 11:29   #13
Floh312
 
Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Standard

Frisches FRST



Log.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by Volker Henkels (administrator) on DESKTOP on 07-05-2015 11:16:19
Running from C:\Users\Volker Henkels\Documents\Downloads\Trojaner
Loaded Profiles: Volker Henkels (Available profiles: Volker Henkels & Uta)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccsvchst.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FNet Co., Ltd.) C:\Program Files\XFastUsb\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
(Creative Technology Ltd) C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Macrovision Europe Ltd.) C:\Users\Volker Henkels\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
(Logitech Inc.) C:\Windows\LOGI_MWX.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Jumping Bytes) C:\Program Files\PureSync\PureSyncTray.exe
() C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
() C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Dropbox, Inc.) C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Jumping Bytes) C:\Program Files\Common Files\Jumping Bytes\jbUpdater.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\ace_update.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XFastUsb] => C:\Program Files\XFastUsb\XFastUsb.exe [4942336 2011-10-22] (FNet Co., Ltd.)
HKLM\...\Run: [CTSyncService] => C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe [1233195 2009-07-08] (Creative Technology Ltd)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Logitech Utility] => C:\Windows\Logi_MwX.Exe [19968 2003-12-17] (Logitech Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2010-10-26] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [312320 2007-06-26] (shbox.de)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11734240 2012-12-13] (Realtek Semiconductor)
HKLM\...\Run: [ZyngaGamesAgent] => C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)
HKLM\...\Run: [STCAgent] => C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-01-21] (Splashtop Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2622296 2008-04-21] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [911168 2008-04-21] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [136472 2008-04-21] (Acronis)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [ISUSPM] =>  -scheduler
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [PureSync] => C:\Program Files\PureSync\PureSyncTray.exe [915120 2014-08-25] (Jumping Bytes)
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [AceStream] => C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe [23984 2014-12-07] ()
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Run: [AceWebException] => C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] ()
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk [2014-01-02]
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software)
Startup: C:\Users\Uta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-06-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Volker Henkels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-03-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
BootExecute: autocheck autochk /k:C * 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2498879569-601166142-2179082399-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2498879569-601166142-2179082399-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
SearchScopes: HKU\S-1-5-21-2498879569-601166142-2179082399-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2014-12-03] (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll [2013-05-31] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\IPS\IPSBHO.DLL [2013-04-09] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-11] (Oracle Corporation)
BHO: Media Player -> {86c47305-d478-4eba-baf4-1e6c48b01195} -> C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha460\ie\MediaPlayerV1alpha460.dll No File
BHO: Video Player -> {8f2263fe-d363-40e0-9538-52bd78d36ed8} -> C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ie\VideoPlayerV3beta821.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-11] (Oracle Corporation)
BHO: Media Watch -> {e5978446-df5c-4ffe-b126-cc9f04d8bcbb} -> C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ie\MediaWatchV1home3705.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll [2013-05-31] (Symantec Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-05-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2498879569-601166142-2179082399-1000: @acestream.net/acestreamplugin,version=3.0.2 -> C:\Users\Volker Henkels\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-07] (Innovative Digital Technologies)
FF Extension: AS Magic Player - C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\Extensions\magicplayer@acestream.org [2015-03-01]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2015-03-31]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-31]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn [2013-09-02]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn [2013-05-07]
FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta821.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha460.net] - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha460\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home3705.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ff
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-03-31]

Chrome: 
=======
CHR Profile: C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-06]
CHR Extension: (Google Docs) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-12]
CHR Extension: (Google Drive) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-12]
CHR Extension: (YouTube) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-12]
CHR Extension: (Google Search) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-12]
CHR Extension: (Google Sheets) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-06]
CHR Extension: (AdBlock) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-06]
CHR Extension: (Bookmark Manager) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (No Name) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-10-25]
CHR Extension: (Google Wallet) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-12]
CHR Extension: (Gmail) - C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-12]
CHR HKLM\...\Chrome\Extension: [ggkcbejnocbilhflhkfinpglppngccom] - C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ch\MediaWatchV1home3705.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jkfdofagjlgcljcjibmembhbjnpbalip] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ch\VideoPlayerV3beta821.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\Exts\Chrome.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [431384 2008-04-21] (Acronis)
R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-10-22] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-10-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-10-22] (Creative Labs) [File not signed]
R2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498952 2008-04-21] ()
R2 WCUService_STC_IE; C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [497480 2011-03-22] (Splashtop Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci32; C:\Windows\System32\DRIVERS\asahci32.sys [32352 2011-03-23] (Asmedia Technology)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [95720 2010-12-29] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [293352 2010-12-29] (ASMedia Technology Inc)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [13832 2010-06-11] (Windows (R) Win 7 DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107400 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-05] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2012-03-03] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-04-28] (Avira Operations GmbH & Co. KG)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
R2 DLPortIO; C:\Windows\system32\DRIVERS\DLPortIO.SYS [3584 1999-01-10] () [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-27] (Symantec Corporation)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29248 2011-10-22] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2011-10-22] (FNet Co., Ltd.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130830.001\IDSvix86.sys [392792 2013-08-21] (Symantec Corporation)
S3 L8042pr2; C:\Windows\System32\DRIVERS\L8042pr2.Sys [51729 2003-12-17] (Logitech, Inc.)
S3 Ltn_hyd7700pc; C:\Windows\System32\Drivers\Ltn_hyd7700pc.sys [374144 2007-05-18] (Liteon)
S3 Ltn_rc; C:\Windows\System32\Drivers\Ltn_rc.sys [11520 2006-12-27] (Liteon)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130901.019\NAVENG.SYS [93272 2013-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130901.019\NAVEX15.SYS [1612376 2013-08-29] (Symantec Corporation)
S3 npf; C:\Windows\System32\drivers\npf.sys [34064 2009-02-08] (CACE Technologies)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2011-11-30] (Sonic Solutions) [File not signed]
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2010-11-16] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2010-11-16] (RapidSolution Software AG)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [629760 2010-08-10] (Realtek Semiconductor Corporation                           )
R2 ScopeItPort; C:\SCOPE-IT\ScopeIt.sys [5231 2012-03-28] () [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2010-11-16] (RapidSolution Software AG)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2013-05-07] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2013-05-07] (Acronis)
S3 catchme; \??\C:\Users\VOLKER~1\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 10:59 - 2015-05-06 11:55 - 00000000 ____D () C:\ComboFix
2015-05-06 10:59 - 2015-05-06 10:59 - 00000000 ____D () C:\Qoobox
2015-05-06 10:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-06 10:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-06 10:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-06 10:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-06 10:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-06 10:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-06 10:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-06 10:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-06 10:58 - 2015-05-06 11:55 - 00000000 ____D () C:\Windows\erdnt
2015-05-05 08:52 - 2015-05-05 08:52 - 00000000 ____D () C:\Users\Uta\AppData\Roaming\Avira
2015-05-05 08:49 - 2015-05-05 08:49 - 00000000 ____D () C:\Users\Uta\AppData\Local\{B89840C6-3AAC-46F4-ADA3-6EE66298673F}
2015-05-03 12:00 - 2015-05-04 14:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-03 12:00 - 2015-05-03 13:12 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-03 12:00 - 2015-05-03 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-03 11:59 - 2015-05-03 13:09 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-03 11:36 - 2015-05-04 11:41 - 00000000 ____D () C:\Users\Volker Henkels\Documents\Logfiles
2015-05-03 11:36 - 2015-05-03 11:36 - 00006103 _____ () C:\Users\Volker Henkels\Documents\gmer_1.txt
2015-05-03 11:07 - 2015-05-03 11:07 - 00000000 _____ () C:\Users\Volker Henkels\defogger_reenable
2015-05-03 10:41 - 2015-05-07 11:16 - 00000000 ____D () C:\FRST
2015-04-28 19:50 - 2015-04-28 19:51 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\{C3DB041C-1E63-4A95-ABED-B741677EE872}
2015-04-28 15:47 - 2015-04-28 15:47 - 00001138 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-28 15:41 - 2015-04-28 15:41 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\{AE544530-74CF-41C2-9CE6-4BA80E6B3A40}
2015-04-28 15:40 - 2015-05-01 18:00 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\Avira
2015-04-28 15:39 - 2015-05-05 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-28 15:39 - 2015-05-05 13:12 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-28 15:39 - 2015-05-05 13:12 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-28 15:39 - 2015-05-05 13:12 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-28 15:39 - 2015-05-01 17:59 - 00000000 ____D () C:\ProgramData\Avira
2015-04-28 15:39 - 2015-04-28 15:46 - 00000000 ____D () C:\Program Files\Avira
2015-04-28 15:39 - 2015-04-28 15:41 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-28 15:39 - 2014-02-14 11:00 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-04-27 11:26 - 2015-04-27 11:26 - 00000000 ____D () C:\Users\Uta\AppData\Local\{BFD7934C-2205-4CAC-9226-B1B1F6DF58FD}
2015-04-26 08:06 - 2015-04-26 08:07 - 00000000 ____D () C:\Users\Uta\AppData\Local\{E9D9B646-E08B-41F7-BC93-585011053EBC}
2015-04-20 14:02 - 2015-04-20 14:02 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\{BB557B0C-47D7-4BFC-B874-C5E70A9B36CB}
2015-04-19 18:19 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-19 18:19 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-18 20:57 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-18 20:57 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-18 20:57 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-18 20:57 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-18 20:57 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-18 20:57 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-18 20:57 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-18 20:57 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-18 20:57 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-18 20:57 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-18 20:57 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-18 20:57 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-18 20:57 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-18 20:57 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-18 20:57 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-18 20:57 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-18 20:57 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-18 20:57 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-18 20:57 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-18 20:57 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-18 20:57 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-18 20:57 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-18 20:57 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-18 20:57 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-18 20:57 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-18 20:57 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-18 20:57 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-18 20:57 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-18 20:57 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-18 20:57 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-18 20:57 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-18 20:57 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-18 20:57 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-18 20:57 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-18 20:57 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-18 20:57 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-18 20:57 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-18 20:57 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-18 20:57 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-18 20:57 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-18 20:57 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-18 20:57 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-18 20:57 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-18 20:57 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-18 20:57 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-18 20:57 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-18 20:57 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-18 20:57 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-18 20:57 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-18 20:56 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-18 20:56 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-18 20:56 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-18 20:56 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-13 10:56 - 2015-04-13 10:57 - 00000000 ____D () C:\Users\Uta\AppData\Local\{0FE4FDFF-C807-4FB4-B922-0E48C4512D86}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-07 11:16 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-07 11:16 - 2009-07-14 06:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-07 11:12 - 2011-10-19 14:36 - 02020250 _____ () C:\Windows\WindowsUpdate.log
2015-05-07 11:10 - 2014-03-16 10:29 - 00000000 ___RD () C:\Users\Volker Henkels\Dropbox
2015-05-07 11:10 - 2014-03-16 10:25 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\Dropbox
2015-05-07 11:08 - 2014-02-12 19:10 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-07 11:07 - 2013-05-07 16:27 - 00074101 _____ () C:\Windows\setupact.log
2015-05-07 11:07 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-06 16:49 - 2014-02-12 19:10 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-06 16:43 - 2014-06-22 13:05 - 00000000 ____D () C:\Users\Uta\AppData\Roaming\Dropbox
2015-05-06 13:22 - 2012-10-05 12:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-06 12:23 - 2011-10-20 11:00 - 00001863 _____ () C:\Windows\Alltag.ini
2015-05-06 12:17 - 2011-10-20 11:01 - 00000086 _____ () C:\Windows\Kontext.ini
2015-05-06 11:54 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-06 11:20 - 2013-05-07 21:05 - 00433930 _____ () C:\Windows\PFRO.log
2015-05-05 12:59 - 2013-08-01 18:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-03 13:06 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\addins
2015-05-03 11:07 - 2011-10-19 14:38 - 00000000 ____D () C:\Users\Volker Henkels
2015-05-01 21:04 - 2014-03-22 14:42 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\KeePass
2015-05-01 20:05 - 2014-07-20 13:13 - 00017182 _____ () C:\Users\Volker Henkels\Passwort Datenbank.kdbx
2015-05-01 18:50 - 2014-02-12 19:13 - 00002166 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-01 18:36 - 2011-11-28 15:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-04-28 19:45 - 2014-09-08 17:10 - 00000000 ____D () C:\Program Files\Free Easy CD DVD Burner
2015-04-28 15:47 - 2015-02-03 14:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-28 15:35 - 2013-06-09 19:04 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Local\CrashDumps
2015-04-25 11:08 - 2014-03-16 10:28 - 00000000 ____D () C:\Users\Volker Henkels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-23 12:13 - 2011-10-20 10:27 - 00000000 ____D () C:\Users\Volker Henkels\Documents\Steuerfälle
2015-04-22 16:13 - 2011-12-19 11:34 - 00000000 ____D () C:\Users\Volker Henkels\Documents\Stabliste
2015-04-21 13:04 - 2014-08-15 13:25 - 00002220 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2014.lnk
2015-04-20 13:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-19 18:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-19 18:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-19 18:09 - 2014-12-12 12:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-19 18:09 - 2014-05-08 20:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-19 18:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-19 03:22 - 2011-10-19 15:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-19 03:20 - 2011-10-19 14:37 - 01602556 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 03:16 - 2009-07-14 04:04 - 00000478 _____ () C:\Windows\win.ini
2015-04-18 22:22 - 2012-03-31 17:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-18 22:22 - 2011-10-25 09:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-08 13:23 - 2014-11-05 18:57 - 00002220 _____ () C:\Users\Public\Desktop\SteuerSparErklärung 2015.lnk
2015-04-07 10:07 - 2011-10-20 10:17 - 00000000 ____D () C:\Users\Volker Henkels\Documents\Arbeitsamt

==================== Files in the root of some directories =======

2011-12-02 14:30 - 2015-01-28 00:08 - 0000649 _____ () C:\Users\Volker Henkels\AppData\Roaming\burnaware.ini
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Volker Henkels\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Volker Henkels\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Volker Henkels\AppData\Local\CDRip.dll
2013-05-13 14:41 - 2015-02-03 14:04 - 0006144 _____ () C:\Users\Volker Henkels\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-19 18:23 - 2011-10-19 18:23 - 0000749 _____ () C:\Users\Volker Henkels\AppData\Local\error.log
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Volker Henkels\AppData\Local\No23 Recorder.exe
2011-10-19 18:23 - 2011-10-19 18:23 - 0001955 _____ () C:\Users\Volker Henkels\AppData\Local\process.log
2013-01-30 20:11 - 2013-01-30 20:11 - 0001506 _____ () C:\Users\Volker Henkels\AppData\Local\RecConfig.xml
2012-03-08 20:24 - 2012-03-08 20:24 - 0000017 _____ () C:\Users\Volker Henkels\AppData\Local\resmon.resmoncfg

Files to move or delete:
====================
C:\Users\Volker Henkels\adw24cleaner.exe


Some content of TEMP:
====================
C:\Users\Uta\AppData\Local\Temp\avgnt.exe
C:\Users\Uta\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz0plli.dll
C:\Users\Volker Henkels\AppData\Local\Temp\avgnt.exe
C:\Users\Volker Henkels\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsxiout.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 12:35

==================== End Of Log ============================
         
--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-05-2015 01
Ran by Volker Henkels at 2015-05-07 11:17:42
Running from C:\Users\Volker Henkels\Documents\Downloads\Trojaner
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2498879569-601166142-2179082399-500 - Administrator - Disabled)
Gast (S-1-5-21-2498879569-601166142-2179082399-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2498879569-601166142-2179082399-1005 - Limited - Enabled)
Uta (S-1-5-21-2498879569-601166142-2179082399-1003 - Limited - Enabled) => C:\Users\Uta
Volker Henkels (S-1-5-21-2498879569-601166142-2179082399-1000 - Administrator - Enabled) => C:\Users\Volker Henkels

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security CBE (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security CBE (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security CBE (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Ace Stream Media 3.0.2 (HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\AceStream) (Version: 3.0.2 - Ace Stream Media) <==== ATTENTION!
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acronis*True*Image*Home (HKLM\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8105 - Acronis)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Alltags-Adressen (HKLM\...\Adressen_is1) (Version:  - Heiko Prueß / Alltags-Programme)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.7.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.2.2.000 - Asmedia Technology)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.56 (HKLM\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock InstantBoot v1.26 (HKLM\...\ASRock InstantBoot_is1) (Version:  - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-7460DN (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
BurnAware Free 5.3 (HKLM\...\BurnAware Free_is1) (Version:  - Burnaware Technologies)
calibre (HKLM\...\{C354D7E2-C1F3-45AB-A547-BF500F2E0814}) (Version: 1.45.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivxToDVD 0.5.2b (HKLM\...\VSO DivxToDVD_is1) (Version: 0.5.2b - VSO-Software SARL)
Dropbox (HKU\S-1-5-21-2498879569-601166142-2179082399-1000\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
fotokasten comfort 5.3 (HKLM\...\fotokasten comfort_is1) (Version:  - )
Free Easy Burner V 5.1 (HKLM\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
FreePDF XP (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
GIMP 2.6.12 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.12 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
iExplorer 2.2.1.3 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant, LLC)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.7.2386.747 - )
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
JPEG-EXIF_autorotate (HKLM\...\JPEG-EXIF_autorotate) (Version:  - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 2.25 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)
K-Lite Codec Pack 5.2.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 5.2.0 - )
Leawo Video Converter 2012 Version  4.1.0.0 (HKLM\...\{E0A8AB05-5217-4D9E-AE90-2BA8B9FB8496}_is1) (Version: 4.1.0.0 - Leawo Software)
Logitech MouseWare 9.79.1  (HKLM\...\{5809E7CF-4DCF-11D4-9875-00105ACE7734}) (Version:  - )
MAGIX Foto Designer 7 (HKLM\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\MX.{0860A3E3-E2BA-485C-8D98-1144A494D167}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 (32-Bit-Version) (HKLM\...\MX.{7571AD6B-E8C3-462E-92B4-020A2CF69B90}) (Version: 14.0.1.21 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 (32-Bit-Version) (Version: 14.0.1.21 - MAGIX Software GmbH) Hidden
Media Player (HKLM\...\MediaPlayerV1alpha460) (Version: 1.1 - Media Player) <==== ATTENTION
Mediaport (HKLM\...\Mediaport) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Encarta Enzyklopädie 2000 (HKLM\...\Encarta Encyclopedia 2000 D) (Version:  - )
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NetObjects Fusion 10.0 (HKLM\...\{6BCC67CF-BABD-4456-B95C-E6431C8FBC18}) (Version: 10.0 German - )
NetObjects Fusion 10.0 (HKLM\...\{EB280D0C-E8F7-4EA6-907B-4CD72122E904}) (Version: 10.0 German - )
No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
Norton Internet Security CBE (HKLM\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Overlook Fing (HKLM\...\Overlook Fing 1.4) (Version: 1.4 - Overlook)
PaperPort 8.0 SE (HKLM\...\{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}) (Version: 1.0.0.0000 - ScanSoft, Inc.)
Passbild-Generator v4.0a (HKLM\...\Passbild-Generator_is1) (Version:  - Passbild-Generator)
PC Inspector smart recovery (HKLM\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
PixiePack Codec Pack (HKLM\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
PureSync (Version: 3.8.1 - Jumping Bytes) Hidden
PureSync 3.8.1 (HKLM\...\PureSync) (Version: 3.8.1 - Jumping Bytes)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Schachtrainer (HKLM\...\Schachtrainer_is1) (Version:  - Tivola Development GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM\...\SLABCOMM&10C4&EA60) (Version:  - )
Sound Blaster X-Fi MB (HKLM\...\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}) (Version: 1.0 - Creative Technology Limited)
Splashtop Connect IE (HKLM\...\{F9F5EF72-18CF-4DCF-A721-EC86B94DAC46}) (Version: 1.1.12.1 - Splashtop Inc.)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.13.97 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung 2015 (HKLM\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.32.155 - Akademische Arbeitsgemeinschaft)
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version:  - )
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Tunebite (HKLM\...\{DDED1469-A08D-4043-9661-7FF914BD8F99}) (Version: 7.2.13700.0 - RapidSolution Software AG)
Video DVD Maker v3.30.0.75 (HKLM\...\{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}) (Version:  - )
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VR-NetWorld (HKLM\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
WaveAgent (HKLM\...\InstallShield_{053C7D32-3566-452B-9A37-D42B4F4C5379}) (Version: 1.20 - Sound Devices LLC)
WaveAgent (Version: 1.20 - Sound Devices LLC) Hidden
WBFS Manager 4.0 (HKLM\...\{825E9A84-1E03-4526-9F8E-45015C938A7C}) (Version: 4.0 - WBFS)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
winpcap-overlook 4.02 (HKLM\...\winpcap-overlook) (Version:  - )
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
XFastUsb (HKLM\...\XFastUsb) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\VOLKER~1\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{9000834c-c6c7-43ac-b8ee-dc9668f39a81}\localserver32 -> C:\Users\VOLKER~1\AppData\Local\Temp\{91814ec0-b5f0-11d2-80b9-00104b1f6cea}\IDriver.NonElevated.exe  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2498879569-601166142-2179082399-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-05-06 11:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FCA4127-6BEC-4515-A7ED-28FA9EC00057} - System32\Tasks\{794DB57D-7EB9-4BA0-A3C7-7EBE3D028F00} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {131B0445-BC6F-4F53-89A5-ECE9C0788863} - System32\Tasks\{6180D768-68E5-4B2C-BC04-3DADEB1A14CF} => E:\Setup.EXE
Task: {18511FD6-6A77-4351-B0D0-9C2C8AC88BD0} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe
Task: {289D24C2-79EB-41D2-86B3-5F6EA8D4353E} - System32\Tasks\{91AC768C-5270-4F3C-BCDE-8F60AB0134B4} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {34BA2C71-F71B-46CF-B102-0BAF3B01F302} - System32\Tasks\{EFA2BC6B-098A-4F69-B8EF-EF7449585CEF} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {42E35F47-810C-49A7-A66F-76431EE90E5C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18] (Adobe Systems Incorporated)
Task: {4415D302-A36C-4D4A-94AF-0941DE55A4B0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {4DE13AC1-7A5E-48F4-95EF-DC8D12BF3434} - System32\Tasks\{5AEADBF5-2266-4CB2-902F-EAC4ECA10BA0} => E:\Setup.EXE
Task: {51786A54-D505-400B-914B-EE751D94E89F} - System32\Tasks\{D7B08E1E-9FF0-4729-AC7B-3C277597F92C} => C:\Users\Volker Henkels\Documents\Downloads\Torpark\Torpark.exe
Task: {51907D83-A567-478B-B71A-2FCB53F8797D} - System32\Tasks\{EABA05C3-2F74-4BB5-99F7-072C20501280} => pcalua.exe -a E:\paperport\PP12Installer.exe -d E:\paperport
Task: {63023C49-3575-4105-85A5-A7DFBE1FC3DC} - System32\Tasks\{18C65823-8B94-4B01-9F15-CE2A1DDA68F7} => pcalua.exe -a "C:\Program Files\Microsoft Encarta\Encarta Enzyklopädie 2000\unee2000.exe" -c /uninstall
Task: {6687E89E-0EA9-4C7B-80B3-7588D16BCAEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {74FB5C52-6DA4-4ADB-916D-4597ED057F61} - System32\Tasks\{5B67CB8B-964C-4C8E-8D41-04ECF755E104} => pcalua.exe -a "C:\Users\Volker Henkels\Downloads\jxpiinstall.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {81640940-9D5D-4FA7-9B36-331EC2DC8C92} - System32\Tasks\{C5EF75EB-2831-46AD-A4DC-01370676B696} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {822638D8-6F93-490D-93D7-4D4C3DE1972E} - System32\Tasks\{DAFCD1C1-7C64-4B97-A21C-7405D7E6AE6C} => C:\Program Files\Emme\Kleiner Eisbär 2\UNWISE.EXE
Task: {8A541488-06D3-429D-A2A0-B003FCF2B597} - System32\Tasks\{8132B927-E965-487E-98DD-29905D7B89D2} => C:\Users\Volker Henkels\Documents\Downloads\Torpark.exe
Task: {90CDF918-1746-4F25-A79C-A9F6CCEFC876} - System32\Tasks\{ADBEB609-D22B-4CD5-99E4-F7412357DC7C} => pcalua.exe -a C:\PROGRA~1\TECHNI~1\MEDIAP~1\UNWISE.EXE -c C:\PROGRA~1\TECHNI~1\MEDIAP~1\INSTALL.LOG
Task: {9421D7AE-F5E5-4AED-9BA2-F3561670E9C3} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9B2DCD82-E459-41CE-B203-40E75D93BB5F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {A5AA510D-F9CA-48B6-A886-E83FFC87583D} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {B3420DD3-EEBA-4A85-A10F-3E13A2DC79DD} - System32\Tasks\{BD137A0E-0F87-485C-A8F9-C89BC4224A9F} => pcalua.exe -a "C:\Program Files\IncrediMail\Bin\ImSetup.exe" -c /uninstallProduct /addon:incredimail
Task: {B49F145D-3B72-4BC7-A6FA-E8818EB845C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-12] (Google Inc.)
Task: {BFA0BDF5-B1B2-4176-8E0F-DF5002D6C903} - System32\Tasks\{CAEC5C14-DA68-494B-9656-F43CB49E0684} => C:\Users\Volker Henkels\Documents\Downloads\Torpark\Torpark.exe
Task: {C2E434F7-9077-4EAC-A430-0368EC4A3407} - System32\Tasks\{EDF60F3E-89B0-4DE1-BF0C-85462ABD839D} => msiexec.exe /package "E:\Setup\Löwenzahn 5.msi"
Task: {C61680E4-97EE-40A4-A841-A88EA1691CB7} - System32\Tasks\{8E92A3C3-8295-42C5-8836-72DD9552015B} => pcalua.exe -a "C:\Users\Volker Henkels\Documents\Downloads\VRNetWorldSW_51012.exe" -d "C:\Users\Volker Henkels\Documents\Downloads"
Task: {C81CDF8E-6421-4F24-84BD-E468FC949571} - System32\Tasks\{77D564C7-808F-4AB7-A975-D95CE6069C90} => pcalua.exe -a "C:\Users\Volker Henkels\Download\Maus\mw9791deu.exe" -d "C:\Users\Volker Henkels\Download\Maus"
Task: {DAECB3EA-C5FA-4B4F-A00C-C6925395EB1D} - System32\Tasks\{981E4BC2-CA6D-4C07-834A-C23786137ED9} => C:\Users\Volker Henkels\Documents\Downloads\torpark-2.4.1-ff3.exe
Task: {DBDF02DB-5EF7-4BA4-B2EE-567E629571E8} - System32\Tasks\{14A5D1A3-3B6D-40FD-B989-C55CBD9CC488} => C:\Users\Volker Henkels\Documents\Downloads\torpark-2.4.1-ff3.exe
Task: {E4297023-2DAB-4DD9-BD10-534216F1718B} - System32\Tasks\Norton Internet Security CBE\Norton Error Analyzer => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {E8B4FED2-D186-4C9F-BE0E-07BDB3E8FA65} - System32\Tasks\Norton Internet Security CBE\Norton Error Processor => C:\Program Files\Norton Internet Security CBE\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {F8B6E8F8-4D0E-41F9-88A6-5968D7843E96} - System32\Tasks\{2CCE7FD9-AB71-4537-B279-25FE075D821F} => pcalua.exe -a E:\EE\SETUP.EXE -d E:\EE
Task: {FBBD6DDF-74A3-4123-A987-14C93C0FD596} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FE781653-1136-40F3-848A-71AB4B3A5F07} - System32\Tasks\{BEB0EF88-0D0B-4128-B0A5-C8FF2E0C65C2} => pcalua.exe -a "C:\Users\Volker Henkels\Documents\Downloads\pci_de_smartrecovery45.exe" -d "C:\Program Files\Mozilla Firefox"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-12-02 11:33 - 2001-10-28 18:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-10-20 10:56 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2006-09-14 08:56 - 2006-09-14 08:56 - 00102400 _____ () C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-13 15:10 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2008-04-21 23:27 - 2008-04-21 23:27 - 00498952 _____ () C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-10-23 22:39 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2011-08-31 19:13 - 2011-08-31 19:13 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-05-07 11:08 - 2015-05-07 11:08 - 00697884 _____ () C:\Users\Volker Henkels\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0002\~df394b.tmp
2015-05-07 11:08 - 2015-05-07 11:08 - 00592896 _____ () C:\Users\Volker Henkels\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0002\~de6248.tmp
2011-10-22 12:04 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2011-10-22 12:04 - 2009-04-20 11:55 - 00148480 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2008-04-21 22:43 - 2008-04-21 22:43 - 01336600 _____ () C:\Program Files\Acronis\TrueImageHome\fox.dll
2014-10-13 11:44 - 2014-12-07 13:33 - 00023984 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
2014-10-13 11:44 - 2015-03-30 09:42 - 00268800 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2013-11-27 17:50 - 2013-11-27 17:50 - 00018944 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2015-01-19 17:42 - 2015-02-17 15:59 - 02386432 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd
2014-10-13 11:42 - 2015-03-30 09:42 - 02029056 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00106496 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\select.pyd
2014-01-23 13:37 - 2014-01-23 13:37 - 00036352 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2013-12-21 15:20 - 2013-12-21 15:20 - 00053248 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2013-12-21 15:20 - 2013-12-21 15:20 - 00040448 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2011-02-13 17:02 - 2011-02-13 17:02 - 00031232 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2014-10-13 11:57 - 2015-03-30 09:42 - 03035648 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-07 18:36 - 2012-02-07 18:36 - 00111616 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-07 18:36 - 2012-02-07 18:36 - 00024064 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2010-10-11 00:23 - 2010-10-11 00:23 - 00723968 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-29 18:20 - 2013-01-29 18:20 - 00082944 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-07-15 21:37 - 2011-07-15 21:37 - 00981504 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00746496 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00670720 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00966144 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00674816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00688128 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2013-12-21 15:02 - 2013-12-21 15:02 - 00061952 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2013-01-29 18:20 - 2013-01-29 18:20 - 00066048 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2015-03-01 11:17 - 2015-02-28 04:23 - 00022824 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
2015-03-01 11:17 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_socket.pyd
2015-03-01 11:17 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_ssl.pyd
2015-03-01 11:17 - 2014-01-23 14:37 - 00036352 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_psutil_mswindows.pyd
2015-03-01 11:17 - 2012-02-07 19:37 - 00098816 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\win32api.pyd
2015-03-01 11:17 - 2012-02-07 19:35 - 00110080 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\pywintypes27.dll
2015-03-01 11:17 - 2012-02-07 19:38 - 00358912 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\pythoncom27.dll
2015-03-01 11:17 - 2012-02-07 19:42 - 00266240 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\win32com.shell.shell.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_hashlib.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00106496 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\_ctypes.pyd
2015-03-01 11:17 - 2010-10-11 00:23 - 00723968 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\apsw.pyd
2015-03-01 11:17 - 2011-01-19 00:56 - 00334336 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\M2Crypto.__m2crypto.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\select.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\pyexpat.pyd
2015-03-01 11:17 - 2011-06-12 15:06 - 00688128 _____ () C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension\updater\lib\unicodedata.pyd
2015-05-07 11:09 - 2015-05-07 11:09 - 00043008 _____ () c:\Users\Volker Henkels\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsxiout.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-01 18:37 - 2014-10-01 18:37 - 00022824 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\ace_update.exe
2011-06-12 15:09 - 2011-06-12 15:09 - 00038400 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 15:09 - 2011-06-12 15:09 - 00720896 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-15 21:37 - 2011-07-15 21:37 - 00981504 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00746496 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00670720 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00966144 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-15 21:38 - 2011-07-15 21:38 - 00674816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00287232 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-18 23:56 - 2011-01-18 23:56 - 00334336 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00011776 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 15:06 - 2011-06-12 15:06 - 00152576 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-07 18:37 - 2012-02-07 18:37 - 00098816 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-07 18:35 - 2012-02-07 18:35 - 00110080 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-07 18:38 - 2012-02-07 18:38 - 00358912 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-07 18:36 - 2012-02-07 18:36 - 00111616 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-07 18:36 - 2012-02-07 18:36 - 00024064 _____ () C:\Users\Volker Henkels\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2498879569-601166142-2179082399-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Volker Henkels\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: IndexSearch => C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
MSCONFIG\startupreg: PaperPort PTD => C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
MSCONFIG\startupreg: PP8 SE Reminder => "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{B37FBAC1-8C0F-4168-91B8-F39952115DBE}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2F692203-1DB0-4D3B-B001-F4197354EA7D}] => (Allow) LPort=2869
FirewallRules: [{C3AA16F4-F657-431B-840D-67338D188046}] => (Allow) LPort=1900
FirewallRules: [{D6FC6651-0E7C-44B5-9591-AB5328E138B1}] => (Allow) C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{2677B019-5FAF-4218-94FD-5AD974B99E7D}] => (Allow) C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{A1790FAE-BF64-4E6B-95D2-2B1F6B3D9ECE}] => (Allow) LPort=54925
FirewallRules: [{54F3DB20-4D53-4A49-B3EF-F2524D3D7D59}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{5A5C99AC-8FB6-4D87-824E-0193BE27042A}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{9854BE86-E71A-41AF-8E33-4CBA3552D207}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{26F9458A-FB63-4507-89BD-9A17235A5279}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{F0C0E574-8614-4289-8F83-987C96BD5D34}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{ABEE847B-4764-4802-94EF-4A20880DFE7F}] => (Allow) C:\Users\Volker Henkels\AppData\Local\Apps\2.0\2Q250O22.HWY\96JPLEXE.RNE\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
FirewallRules: [{5974B080-77EC-461C-9A28-D71C28373024}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CC034879-5FB8-4C61-A8CC-C2A1529C5A59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8D86D336-FBED-447F-B1C0-26032749444B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{19A36E4D-E61A-413A-A3F8-2BAEF6CD642B}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E6FDE045-88E8-4474-ACB9-5CCCA8D0D3B3}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6F5E31D1-BFCD-4E87-8887-8C4A33E3E314}] => (Allow) C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BDD3FCEE-C823-4A50-88E2-3FBA7BCB1EF4}] => (Allow) C:\Users\Uta\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7675CFF5-2E9E-4EFA-BA6C-06C0F863A867}C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1ECDA62E-ABD3-45BD-BA05-6511837BCCB0}C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\volker henkels\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{D3A78000-8D4A-412F-8B0D-126975DFC77E}C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F19E5006-6BC2-4255-9223-5E3A88D26C02}C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\uta\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{F3C2C1AA-99B4-4142-BF01-D0EEA4F36B6A}C:\program files\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [UDP Query User{DA7C87AA-40D6-4370-A2BD-743F9A22C0C3}C:\program files\streamtorrent 1.0\streamtorrent.exe] => (Allow) C:\program files\streamtorrent 1.0\streamtorrent.exe
FirewallRules: [{2E511D02-9252-473B-AF20-85B473A191C5}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{0B4FAA86-1D43-4FB3-8897-4A883287B2A5}] => (Allow) C:\Users\Volker Henkels\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{C476E187-F630-4614-A471-B6053D14D323}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9E09D535-E1C7-44B9-8451-134E55CDEE3C}C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{8BBF613D-AAC1-4074-B1EB-65742D4AC391}C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\volker henkels\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{1A445D69-5C90-4D1B-9D88-870FFB289B15}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{20813C83-76AB-4994-994D-FEFCC96F5B83}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CEE3DBEA-465C-4E83-9C96-F4283D174415}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: BHDrvx86
Description: BHDrvx86
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BHDrvx86
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Norton Internet Security CBE Settings Manager
Description: Norton Internet Security CBE Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ccSet_NIS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/06/2015 11:09:40 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x81000101).

Error: (05/05/2015 08:52:16 AM) (Source: ESENT) (EventID: 215) (User: )
Description: wlmail (1804) C:\Users\Uta\AppData\Local\Microsoft\Windows Live Mail\Calendars\: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (05/04/2015 08:25:53 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101).

Error: (05/04/2015 08:25:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x81000101).

Error: (05/04/2015 01:02:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80080005, Starten des Servers fehlgeschlagen
.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/04/2015 01:02:15 PM) (Source: VSS) (EventID: 11) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden.
Höchst wahrscheinlich ist die CPU stark ausgelastet. [0x80080005, Starten des Servers fehlgeschlagen
]


Vorgang:
   VSS-Server wird instanziiert

Error: (05/04/2015 00:55:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80080005, Starten des Servers fehlgeschlagen
.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/04/2015 00:55:35 PM) (Source: VSS) (EventID: 11) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden.
Höchst wahrscheinlich ist die CPU stark ausgelastet. [0x80080005, Starten des Servers fehlgeschlagen
]


Vorgang:
   VSS-Server wird instanziiert

Error: (05/04/2015 00:48:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80080005, Starten des Servers fehlgeschlagen
.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/04/2015 00:48:54 PM) (Source: VSS) (EventID: 11) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden.
Höchst wahrscheinlich ist die CPU stark ausgelastet. [0x80080005, Starten des Servers fehlgeschlagen
]


Vorgang:
   VSS-Server wird instanziiert


System errors:
=============
Error: (05/07/2015 11:08:56 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/07/2015 11:08:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
BHDrvx86
ccSet_NIS
SymIRON

Error: (05/06/2015 04:43:07 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (05/06/2015 04:42:58 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/06/2015 04:42:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
BHDrvx86
ccSet_NIS
SymIRON

Error: (05/06/2015 01:18:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
BHDrvx86
ccSet_NIS
SymIRON

Error: (05/06/2015 01:18:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/06/2015 11:58:10 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/06/2015 11:57:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
BHDrvx86
ccSet_NIS
SymIRON

Error: (05/06/2015 11:21:55 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (05/06/2015 11:09:40 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x81000101

Error: (05/05/2015 08:52:16 AM) (Source: ESENT) (EventID: 215) (User: )
Description: wlmail1804C:\Users\Uta\AppData\Local\Microsoft\Windows Live Mail\Calendars\:

Error: (05/04/2015 08:25:53 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x81000101

Error: (05/04/2015 08:25:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x81000101

Error: (05/04/2015 01:02:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80080005, Starten des Servers fehlgeschlagen


Vorgang:
   VSS-Server wird instanziiert

Error: (05/04/2015 01:02:15 PM) (Source: VSS) (EventID: 11) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80080005, Starten des Servers fehlgeschlagen


Vorgang:
   VSS-Server wird instanziiert

Error: (05/04/2015 00:55:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80080005, Starten des Servers fehlgeschlagen


Vorgang:
   VSS-Server wird instanziiert

Error: (05/04/2015 00:55:35 PM) (Source: VSS) (EventID: 11) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80080005, Starten des Servers fehlgeschlagen


Vorgang:
   VSS-Server wird instanziiert

Error: (05/04/2015 00:48:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80080005, Starten des Servers fehlgeschlagen


Vorgang:
   VSS-Server wird instanziiert

Error: (05/04/2015 00:48:54 PM) (Source: VSS) (EventID: 11) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80080005, Starten des Servers fehlgeschlagen


Vorgang:
   VSS-Server wird instanziiert


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 51%
Total physical RAM: 3050.68 MB
Available physical RAM: 1491.77 MB
Total Pagefile: 6097.59 MB
Available Pagefile: 4298.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.87 GB) (Free:102.91 GB) NTFS
Drive d: () (Fixed) (Total:172.79 GB) (Free:22.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F961277B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=172.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 08.05.2015, 09:48   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Standard

Aus Email Anhang von DHL TR/Emotet.A.92 installiert



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Ace Stream Media 3.0.2

    Media Player


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.05.2015, 17:24   #15
Floh312
 
Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Standard

Aus Email Anhang von DHL TR/Emotet.A.92 installiert



Die Deinstallation von Media Player ist fehlgeschlagen FehlermeldunG: "Uninstall Fehlgeschlagen! Vermutlich ungültiger deinstall Befehl!"

Bei Ace Strem ging es glatt.

Die Logs:
mbam
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 08.05.2015
Suchlauf-Zeit: 13:01:00
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.08.03
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Volker Henkels

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 428813
Verstrichene Zeit: 31 Min, 55 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 29
PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\MediaPlayerV1alpha460, In Quarantäne, [6bc8157cc9c1cd693d089784d034e21e], 
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\MediaWatchV1home3705, In Quarantäne, [1d16434e2b5f3600c4b8004d7f86b848], 
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\GGKCBEJNOCBILHFLHKFINPGLPPNGCCOM, In Quarantäne, [0a296a27c7c30c2a617ccc05000327d9], 
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\JKFDOFAGJLGCLJCJIBMEMBHBJNPBALIP, In Quarantäne, [0132a3eed2b8c373df04f9d81de6fa06], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [81b2622feb9f83b3663188aba56022de], 
PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{86c47305-d478-4eba-baf4-1e6c48b01195}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], 
PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\CLASSES\CLSID\{86C47305-D478-4EBA-BAF4-1E6C48B01195}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], 
PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{ef30233f-af83-417a-979d-ae2b78f3c539}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], 
PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{21792CBD-C281-4CDC-9D43-8A598184A947}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], 
PUP.Optional.MediaPlayerAlpha.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{86C47305-D478-4EBA-BAF4-1E6C48B01195}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], 
PUP.Optional.MediaPlayerAlpha.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{86C47305-D478-4EBA-BAF4-1E6C48B01195}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], 
PUP.Optional.MediaPlayerAlpha.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{86C47305-D478-4EBA-BAF4-1E6C48B01195}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], 
PUP.Optional.MediaPlayerAlpha.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{86C47305-D478-4EBA-BAF4-1E6C48B01195}, In Quarantäne, [3102cfc25c2e71c5097b0f0b45c11ce4], 
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8f2263fe-d363-40e0-9538-52bd78d36ed8}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], 
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\CLASSES\CLSID\{8F2263FE-D363-40E0-9538-52BD78D36ED8}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], 
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4c9cdb22-2927-43ac-b7cc-10bda78884ab}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], 
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{65D9C5CE-29B8-4487-8331-BC9683E49059}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], 
PUP.Optional.VideoPlayer.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8F2263FE-D363-40E0-9538-52BD78D36ED8}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], 
PUP.Optional.VideoPlayer.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8F2263FE-D363-40E0-9538-52BD78D36ED8}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], 
PUP.Optional.VideoPlayer.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8F2263FE-D363-40E0-9538-52BD78D36ED8}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], 
PUP.Optional.VideoPlayer.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8F2263FE-D363-40E0-9538-52BD78D36ED8}, In Quarantäne, [68cbddb4acde979f2ab8ce4c3acc8080], 
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{e5978446-df5c-4ffe-b126-cc9f04d8bcbb}, In Quarantäne, [f0438d047b0f90a64996f525828421df], 
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5978446-DF5C-4FFE-B126-CC9F04D8BCBB}, In Quarantäne, [f0438d047b0f90a64996f525828421df], 
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{24a97fcd-7161-46d6-91d9-370ccf32be62}, In Quarantäne, [f0438d047b0f90a64996f525828421df], 
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BA1AC0A4-08A2-4C4D-A258-673EEAD31ABE}, In Quarantäne, [f0438d047b0f90a64996f525828421df], 
PUP.Optional.MediaWatch.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E5978446-DF5C-4FFE-B126-CC9F04D8BCBB}, In Quarantäne, [f0438d047b0f90a64996f525828421df], 
PUP.Optional.MediaWatch.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E5978446-DF5C-4FFE-B126-CC9F04D8BCBB}, In Quarantäne, [f0438d047b0f90a64996f525828421df], 
PUP.Optional.MediaWatch.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E5978446-DF5C-4FFE-B126-CC9F04D8BCBB}, In Quarantäne, [f0438d047b0f90a64996f525828421df], 
PUP.Optional.MediaWatch.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E5978446-DF5C-4FFE-B126-CC9F04D8BCBB}, In Quarantäne, [f0438d047b0f90a64996f525828421df], 

Registrierungswerte: 7
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ggkcbejnocbilhflhkfinpglppngccom|path, C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ch\MediaWatchV1home3705.crx, In Quarantäne, [0a296a27c7c30c2a617ccc05000327d9]
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jkfdofagjlgcljcjibmembhbjnpbalip|path, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ch\VideoPlayerV3beta821.crx, In Quarantäne, [0132a3eed2b8c373df04f9d81de6fa06]
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@VideoPlayerV3beta821.net, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta821\ff, In Quarantäne, [7bb8e4ad8703df57d933e032c93b9b65]
PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaPlayerV1alpha460.net, C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha460\ff, In Quarantäne, [c76c94fd93f74ee8bc8ae03b1aea11ef]
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaWatchV1home3705.net, C:\Program Files\MediaWatchV1\MediaWatchV1home3705\ff, In Quarantäne, [88abe2afb2d86ec805783d100203ab55]
PUP.Optional.SearchQu.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}|URL, hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}, In Quarantäne, [bd76ddb4abdfc27485d71d47b74eb64a]
PUP.Optional.SearchQu.A, HKU\S-1-5-21-2498879569-601166142-2179082399-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}|SuggestionsURL_JSON, hxxp://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=413&qu={searchTerms}&ft=json, In Quarantäne, [87ac88093b4f3df9a8b4bea615f0e41c]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 48
PUP.Optional.Datamngr.A, C:\Users\Uta\AppData\LocalLow\DataMngr, In Quarantäne, [77bc474a0f7ba195ac9d683ac63dfa06], 
PUP.Optional.Datamngr.A, C:\Users\Volker Henkels\AppData\LocalLow\DataMngr, In Quarantäne, [56ddb2df9ceea98dbd8c435fa16236ca], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\css, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\cufon, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\jquery, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\ts, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\locale, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\locale\en-US, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\locale\ru-RU, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\defaults, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\defaults\preferences, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\icons, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\common, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\css, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\cufon, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\jquery, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\ts, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\_locales, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\_locales\en_US, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\_locales\ru, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0\images, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], 
PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], 
PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0\images, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], 
PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0\images, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1\images, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], 
PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\images, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], 
PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], 
PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], 
PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0\images, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], 
PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], 

Dateien: 360
PUP.Optional.Bandoo.A, C:\Users\Volker Henkels\Documents\Downloads\Setup71_FreeFlvConverter.exe, In Quarantäne, [57dc9af72f5b0d2986b649087a8c728e], 
PUP.Optional.FreeNew.A, C:\Users\Volker Henkels\Documents\Downloads\Emoji_Fun_+_Smiley_+_Emotion_Keyboard_1.0_downloader.exe, In Quarantäne, [dd56ade4bad0bf770feae362fa079d63], 
PUP.Optional.Searchqu.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, In Quarantäne, [062d6928236740f669be9c98976e1fe1], 
PUP.Optional.Datamngr.A, C:\Users\Uta\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, In Quarantäne, [77bc474a0f7ba195ac9d683ac63dfa06], 
PUP.Optional.Datamngr.A, C:\Users\Volker Henkels\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, In Quarantäne, [56ddb2df9ceea98dbd8c435fa16236ca], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome.manifest, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\install.rdf, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\ff-overlay.xul, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\gm_compiler.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\gm_prefs.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\gm_xhr.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\icon.png, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\overlay.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\utils.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\css\magicplayer.css, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\css\ts-buttons.css, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\jquery\jquery-1.7.min.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\ts\button.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\ts\core.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\ts\magicplayer.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\lib\ts\player.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\1337x.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\adminko.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\animelayer.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\animereactor.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\arenabg.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\baibako.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bakabt.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\beeretracker.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\berloga.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bete.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\big-boss.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bigfangroup.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bigtorrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bithumen.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bitmanija.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bitsnoop.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bitsoup.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\btscene.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\coda.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\dark-os.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\demonoid.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\dimeadozen.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\divxtotal.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\dontracker.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\dxp.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\elitetorrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\ex.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\extratorrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\eztv.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\fast-torrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\fasttorrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\fat.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\fenopy.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\fex.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\file.lu.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\filebag.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\filebase.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\free-torrents.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\freekino.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\fulldls.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\goldenshara.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\hdclub.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\hdclub.org.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\hdreactor.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\hilm.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\hq-video.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\hqclub.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\jc-club.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\jesus-torrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\kat.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\katushka.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\kinokopilka.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\kinoshek.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\kinozal.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\kinsburg.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\limetorrents.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\linkomanija.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\lostfilm.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\masters-tb.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\maxnet.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\mediastore.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\mininova.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\monova.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\movietorrents.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\multiestrenos.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\bithq.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\estrenosdtl.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\frenchtorrentdb.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\piratbit.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\seedpeer.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\toloka.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\mytorrento.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\newtorr.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\nice-media.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\nigma.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\nnm.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\nnportal.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\novafilm.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\novaset.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\nyaa.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\oday.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\opensharing.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\opentorrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\picktorrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\pirat.ca.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\planefilm.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\powertracker.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\pravtor.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\publichd.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\rarbg.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\rgfootball.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\riper.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\rt-tracker.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\rustorka.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\rutor.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\rutracker.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\scenefz.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\starbit.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\stepashka.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\streamzone.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\sumotorrent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\take.fm.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\tapochek.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\tfile.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\thepiratebay.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torlock.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\tormovies.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrent73.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentbit.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentdownloads.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentfunk.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentom.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentreactor.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrents.by.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrents.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrents.net.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentsmd.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentstream.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrentzap.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrnado-ru.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\torrnado.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\treckera-net.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\uatracker.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\undelete.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\uniongang.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\unionpeer.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\uraltrack.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\vertor.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\x-torrents.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\yify.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\yourbittorent.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\youtor.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\youtube.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\youtube_pre.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\zamunda.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\zlofenix.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\zoneland.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\content\userscripts\_conf.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\locale\en-US\as_magicplayer.dtd, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\locale\en-US\as_magicplayer.properties, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\locale\ru-RU\as_magicplayer.dtd, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\chrome\locale\ru-RU\as_magicplayer.properties, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Roaming\Mozilla\Firefox\Profiles\xed8oa8w.default\extensions\magicplayer@acestream.org\defaults\preferences\as_magicplayer.js, In Quarantäne, [42f1f69b820824122594933aa75cf50b], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\background.html, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\bootstrap.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\init.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\manifest.json, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\icons\magicplayer128.png, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\icons\magicplayer16.png, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\icons\magicplayer48.png, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\common\core.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\common\prefs.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\common\utils.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\bg.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\utils.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\css\magicplayer.css, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\css\ts-buttons.css, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\jquery\jquery-1.7.min.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\ts\button.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\ts\core.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\ts\magicplayer.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\lib\ts\player.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\1337x.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\adminko.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\animelayer.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\animereactor.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\arenabg.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\baibako.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bakabt.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\beeretracker.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\berloga.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bete.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\big-boss.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bigfangroup.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bigtorrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bithumen.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bitmanija.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bitsnoop.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bitsoup.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\btscene.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\coda.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\dark-os.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\demonoid.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\dimeadozen.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\divxtotal.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\dontracker.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\dxp.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\elitetorrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\ex.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\extratorrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\eztv.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fast-torrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fasttorrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fat.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fenopy.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fex.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\file.lu.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\filebag.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\filebase.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\free-torrents.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\freekino.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\fulldls.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\goldenshara.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hdclub.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hdclub.org.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hdreactor.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hilm.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hq-video.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\hqclub.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\jc-club.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\jesus-torrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\kat.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\katushka.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\kinokopilka.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\kinoshek.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\kinozal.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\kinsburg.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\limetorrents.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\linkomanija.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\lostfilm.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\masters-tb.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\maxnet.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\mediastore.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\mininova.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\monova.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\movietorrents.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\multiestrenos.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\bithq.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\estrenosdtl.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\frenchtorrentdb.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\piratbit.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\seedpeer.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\toloka.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\mytorrento.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\newtorr.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\nice-media.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\nigma.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\nnm.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\nnportal.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\novafilm.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\novaset.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\nyaa.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\oday.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\opensharing.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\opentorrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\picktorrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\pirat.ca.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\planefilm.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\powertracker.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\pravtor.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\publichd.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rarbg.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rgfootball.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\riper.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rt-tracker.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rustorka.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rutor.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\rutracker.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\scenefz.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\starbit.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\stepashka.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\streamzone.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\sumotorrent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\take.fm.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\tapochek.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\tfile.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\thepiratebay.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torlock.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\tormovies.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrent73.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentbit.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentdownloads.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentfunk.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentom.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentreactor.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrents.by.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrents.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrents.net.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentsmd.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentstream.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrentzap.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrnado-ru.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\torrnado.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\treckera-net.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\uatracker.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\undelete.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\uniongang.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\unionpeer.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\uraltrack.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\vertor.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\x-torrents.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\yify.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\yourbittorent.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\youtor.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\youtube.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\youtube_pre.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\zamunda.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\zlofenix.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\zoneland.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\src\magicplayer\userscripts\_conf.js, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\_locales\en_US\messages.json, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.ASMagicPlayer.A, C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\_locales\ru\messages.json, In Quarantäne, [2112dbb6d5b58da95a60f2dbcf34cf31], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0\manifest.json, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0\icon.ico, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0\images\MediaViewV1alpha76_128.png, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0\images\MediaViewV1alpha76_16.png, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0\images\MediaViewV1alpha76_48.png, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapaeejlffemnmbcjbcnmcdhnekhnfbk\1.1_0\images\MediaViewV1alpha76_64.png, In Quarantäne, [59da0b862c5e58dea031b59cd82eb54b], 
PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0\manifest.json, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], 
PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0\icon.ico, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], 
PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0\images\MediaWatchV1home3705_128.png, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], 
PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0\images\MediaWatchV1home3705_16.png, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], 
PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0\images\MediaWatchV1home3705_48.png, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], 
PUP.Optional.MediaWatch.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkcbejnocbilhflhkfinpglppngccom\1.1_0\images\MediaWatchV1home3705_64.png, In Quarantäne, [8ca7c7cae3a7f442dbf8bf92b353cf31], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0\manifest.json, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0\icon.ico, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0\images\MediaViewV1alpha943_128.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0\images\MediaViewV1alpha943_16.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0\images\MediaViewV1alpha943_48.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_0\images\MediaViewV1alpha943_64.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1\icon.ico, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1\manifest.json, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1\images\MediaViewV1alpha943_128.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1\images\MediaViewV1alpha943_16.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1\images\MediaViewV1alpha943_48.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.MediaView.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdnmpmimckhjkjkbhbgaiphcngngmo\1.1_1\images\MediaViewV1alpha943_64.png, In Quarantäne, [48ebc0d1e8a2ea4c1db497ba3cca34cc], 
PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\manifest.json, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], 
PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\icon.ico, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], 
PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\images\Thumbs.db, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], 
PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\images\VideoPlayerV3beta821_128.png, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], 
PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\images\VideoPlayerV3beta821_16.png, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], 
PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\images\VideoPlayerV3beta821_48.png, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], 
PUP.Optional.VideoPlayer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfdofagjlgcljcjibmembhbjnpbalip\1.1_0\images\VideoPlayerV3beta821_64.png, In Quarantäne, [79ba266b5337a492b6203f1235d1d927], 
PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0\manifest.json, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], 
PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0\icon.ico, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], 
PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0\images\MediaViewerV1alpha1230_128.png, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], 
PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0\images\MediaViewerV1alpha1230_16.png, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], 
PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0\images\MediaViewerV1alpha1230_48.png, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], 
PUP.Optional.MediaViewer.A, C:\Users\Uta\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfphlpagfcnilblhpjjgadncbmfpjgl\1.1_0\images\MediaViewerV1alpha1230_64.png, In Quarantäne, [7db6246de7a3c670557daaa77b8b0cf4], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.203 - Bericht erstellt 08/05/2015 um 16:52:52
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-08.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x86)
# Benutzername : Volker Henkels - DESKTOP
# Gestarted von : C:\Users\Volker Henkels\Documents\Downloads\AdwCleaner_4.203.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\Users\Volker Henkels\AppData\Roaming\AceWebExtension
Ordner Gelöscht : C:\Users\Volker Henkels\Documents\Updater
Datei Gelöscht : C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage
Datei Gelöscht : C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage-journal
Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

***** [ Geplante Tasks ] *****

Task Gelöscht : AmiUpdXp
Task Gelöscht : DealPlyUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Wert Gelöscht : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Video Player
Schlüssel Gelöscht : HKLM\SOFTWARE\VideoPlayerV3

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v36.0.4 (x86 de)


-\\ Google Chrome v42.0.2311.135

[C:\Users\Volker Henkels\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : mfhnkgpdlogbknkhlgdjlejeljbhflim

*************************

AdwCleaner[R0].txt - [13497 Bytes] - [22/04/2014 00:39:07]
AdwCleaner[R1].txt - [1404 Bytes] - [22/04/2014 20:13:05]
AdwCleaner[R2].txt - [2357 Bytes] - [08/05/2015 16:50:34]
AdwCleaner[S0].txt - [13480 Bytes] - [22/04/2014 00:39:56]
AdwCleaner[S1].txt - [2277 Bytes] - [08/05/2015 16:52:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2336  Bytes] ##########
         

Antwort

Themen zu Aus Email Anhang von DHL TR/Emotet.A.92 installiert
antivir, antivirus, avira, bonjour, browser, converter, desktop, dhl mail, email, flash player, google, kaspersky, launch, logfile, maus, realtek, registry, scan, security, software, starten, svchost.exe, symantec, system, trojaner, virusverdacht, virusverdacht nach öffnen infizierter emailanhang, windows



Ähnliche Themen: Aus Email Anhang von DHL TR/Emotet.A.92 installiert


  1. Malware.RDM.23!5.1D[F1] in Anhang bei Email
    Log-Analyse und Auswertung - 22.10.2015 (7)
  2. win32/emotet.aa - T-online "Rechnung" .exe im Anhang ausgeführt
    Plagegeister aller Art und deren Bekämpfung - 23.06.2014 (6)
  3. Phishing email und Anhang geoeffnet
    Plagegeister aller Art und deren Bekämpfung - 06.05.2014 (1)
  4. Frage zum Email Anhang
    Plagegeister aller Art und deren Bekämpfung - 11.12.2013 (3)
  5. TR/Matsnu.A.66 im Email Anhang (geöffnet)
    Log-Analyse und Auswertung - 07.10.2013 (19)
  6. Windows 7: Trojaner o.ä. aus eMail Anhang
    Log-Analyse und Auswertung - 06.09.2013 (13)
  7. verseuchte email mit zip anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 01.09.2013 (29)
  8. Ominöser Email-Anhang geöffnet
    Log-Analyse und Auswertung - 26.08.2013 (9)
  9. Spam-Email-Anhang (Zip) geöffnet
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (9)
  10. Mahnbescheid per email mit anhang
    Log-Analyse und Auswertung - 08.05.2013 (2)
  11. Trojaner aus Email-Anhang
    Log-Analyse und Auswertung - 22.04.2013 (15)
  12. Email-Anhang (ZIP) geöffnet
    Log-Analyse und Auswertung - 18.04.2013 (1)
  13. Email Anhang geöffnet!
    Log-Analyse und Auswertung - 11.03.2013 (44)
  14. Email-Anhang (.zip Datei) geöffnet; Gefälschte Email über Mahngebühren
    Log-Analyse und Auswertung - 25.02.2013 (19)
  15. Email mit ZIP-Datei als Anhang!
    Log-Analyse und Auswertung - 13.02.2013 (1)
  16. Ukash Trojaner in email-Anhang
    Log-Analyse und Auswertung - 30.04.2012 (5)
  17. email anhang
    Plagegeister aller Art und deren Bekämpfung - 06.01.2004 (3)

Zum Thema Aus Email Anhang von DHL TR/Emotet.A.92 installiert - Ich habe versehentlich den Anhang (eine .zip Datei) aus der Email geöffnet (voll dumm. ich weiß) Als mir klar wurde, dass die DHL Mail gefälscht war habe ich einen System - Aus Email Anhang von DHL TR/Emotet.A.92 installiert...
Archiv
Du betrachtest: Aus Email Anhang von DHL TR/Emotet.A.92 installiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.