Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner "searchprotect" und "tmp00000be1" entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.05.2016, 00:03   #1
HackedNoob
 
Trojaner "searchprotect" und "tmp00000be1" entfernen - Ausrufezeichen

Trojaner "searchprotect" und "tmp00000be1" entfernen



Hi Leute,

ich brauche leider mal wieder Hilfe.

Jemand/bzw. irgendein Programm hat in 2 meiner Email Accounts an alle Kontakte Spamware, und mir "Delivery Failure" Nachrichten geschickt.

Laut Bitdefender und Avira ist ein Programm "searchProtect", dessen Ordner sich unter "C/ProgrammeX86/SearchProtect nicht löschen lässt.

Avira hat zudem massenhaft Dateien im Ordner "tmp00000be1" gefunden.


Hier mal der Avira Log:

Zitat:
Lizenznehmer : Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : BEN-PC

Versionsinformationen:
build.dat : 15.0.16.282 92460 Bytes 22.02.2016 16:45:00
AVSCAN.EXE : 15.0.16.276 1235360 Bytes 20.05.2016 18:41:14
AVSCANRC.DLL : 15.0.16.269 65256 Bytes 20.05.2016 18:41:14
LUKE.DLL : 15.0.16.273 67840 Bytes 20.05.2016 18:41:20
AVSCPLR.DLL : 15.0.16.280 130712 Bytes 20.05.2016 18:41:14
REPAIR.DLL : 15.0.16.251 596760 Bytes 20.05.2016 18:41:13
repair.rdf : 1.0.17.16 1612500 Bytes 20.05.2016 18:41:56
AVREG.DLL : 15.0.16.273 350584 Bytes 20.05.2016 18:41:13
avlode.dll : 15.0.16.276 721384 Bytes 20.05.2016 18:41:12
avlode.rdf : 14.0.5.36 94056 Bytes 20.05.2016 18:41:11
XBV00009.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00010.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00011.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00012.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00013.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00014.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00015.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00016.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00017.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00018.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00019.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00020.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00021.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00022.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00023.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00024.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00025.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00026.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00027.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00028.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00029.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00030.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00031.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00032.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00033.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:41
XBV00034.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:42
XBV00035.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:42
XBV00036.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:42
XBV00037.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:42
XBV00038.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:42
XBV00039.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:42
XBV00040.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:42
XBV00041.VDF : 8.12.37.66 2048 Bytes 17.12.2015 18:41:42
XBV00178.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00179.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00180.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00181.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00182.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00183.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00184.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00185.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00186.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00187.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00188.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00189.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00190.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00191.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00192.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00193.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00194.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00195.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00196.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00197.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:47
XBV00198.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00199.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00200.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00201.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00202.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00203.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00204.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00205.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00206.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00207.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00208.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00209.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00210.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00211.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00212.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00213.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00214.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00215.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00216.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00217.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00218.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00219.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00220.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00221.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00222.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00223.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00224.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00225.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00226.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00227.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00228.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00229.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:48
XBV00230.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00231.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00232.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00233.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00234.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00235.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00236.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00237.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00238.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00239.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00240.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00241.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00242.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00243.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00244.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00245.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00246.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00247.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00248.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00249.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00250.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00251.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00252.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00253.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00254.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00255.VDF : 8.12.88.34 2048 Bytes 06.05.2016 18:41:49
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 11:02:04
XBV00001.VDF : 7.11.237.0 48041984 Bytes 02.06.2015 18:41:33
XBV00002.VDF : 7.12.37.36 16452096 Bytes 17.12.2015 18:41:36
XBV00003.VDF : 8.12.44.142 3948032 Bytes 09.01.2016 18:41:37
XBV00004.VDF : 8.12.52.208 4036096 Bytes 02.02.2016 18:41:38
XBV00005.VDF : 8.12.62.184 2779136 Bytes 26.02.2016 18:41:39
XBV00006.VDF : 8.12.71.186 2191360 Bytes 19.03.2016 18:41:39
XBV00007.VDF : 8.12.80.192 3617280 Bytes 13.04.2016 18:41:40
XBV00008.VDF : 8.12.88.34 4358144 Bytes 06.05.2016 18:41:41
XBV00042.VDF : 8.12.88.36 42496 Bytes 06.05.2016 18:41:42
XBV00043.VDF : 8.12.88.38 26624 Bytes 06.05.2016 18:41:42
XBV00044.VDF : 8.12.88.40 19968 Bytes 06.05.2016 18:41:42
XBV00045.VDF : 8.12.88.42 32256 Bytes 06.05.2016 18:41:42
XBV00046.VDF : 8.12.88.44 31232 Bytes 06.05.2016 18:41:42
XBV00047.VDF : 8.12.88.46 48128 Bytes 06.05.2016 18:41:42
XBV00048.VDF : 8.12.88.62 89088 Bytes 07.05.2016 18:41:42
XBV00049.VDF : 8.12.88.74 35840 Bytes 07.05.2016 18:41:42
XBV00050.VDF : 8.12.88.86 14848 Bytes 07.05.2016 18:41:42
XBV00051.VDF : 8.12.88.88 7168 Bytes 07.05.2016 18:41:42
XBV00052.VDF : 8.12.88.100 19968 Bytes 07.05.2016 18:41:42
XBV00053.VDF : 8.12.88.112 27648 Bytes 07.05.2016 18:41:42
XBV00054.VDF : 8.12.88.114 124416 Bytes 07.05.2016 18:41:42
XBV00055.VDF : 8.12.88.126 100352 Bytes 08.05.2016 18:41:42
XBV00056.VDF : 8.12.88.138 11776 Bytes 08.05.2016 18:41:42
XBV00057.VDF : 8.12.88.150 16384 Bytes 08.05.2016 18:41:42
XBV00058.VDF : 8.12.88.162 27136 Bytes 08.05.2016 18:41:42
XBV00059.VDF : 8.12.88.174 24576 Bytes 08.05.2016 18:41:42
XBV00060.VDF : 8.12.88.176 147456 Bytes 09.05.2016 18:41:43
XBV00061.VDF : 8.12.88.190 2048 Bytes 09.05.2016 18:41:43
XBV00062.VDF : 8.12.88.204 50688 Bytes 09.05.2016 18:41:43
XBV00063.VDF : 8.12.88.216 29184 Bytes 09.05.2016 18:41:43
XBV00064.VDF : 8.12.88.226 2048 Bytes 09.05.2016 18:41:43
XBV00065.VDF : 8.12.88.230 199168 Bytes 09.05.2016 18:41:43
XBV00066.VDF : 8.12.88.232 2048 Bytes 09.05.2016 18:41:43
XBV00067.VDF : 8.12.88.234 2048 Bytes 09.05.2016 18:41:43
XBV00068.VDF : 8.12.88.236 2048 Bytes 09.05.2016 18:41:43
XBV00069.VDF : 8.12.88.250 127488 Bytes 10.05.2016 18:41:43
XBV00070.VDF : 8.12.89.4 21504 Bytes 10.05.2016 18:41:43
XBV00071.VDF : 8.12.89.14 27648 Bytes 10.05.2016 18:41:43
XBV00072.VDF : 8.12.89.24 2048 Bytes 10.05.2016 18:41:43
XBV00073.VDF : 8.12.89.34 2048 Bytes 10.05.2016 18:41:43
XBV00074.VDF : 8.12.89.54 117760 Bytes 10.05.2016 18:41:43
XBV00075.VDF : 8.12.89.64 2048 Bytes 10.05.2016 18:41:43
XBV00076.VDF : 8.12.89.74 2048 Bytes 10.05.2016 18:41:43
XBV00077.VDF : 8.12.89.84 84992 Bytes 10.05.2016 18:41:43
XBV00078.VDF : 8.12.89.94 27648 Bytes 10.05.2016 18:41:43
XBV00079.VDF : 8.12.89.96 33792 Bytes 10.05.2016 18:41:43
XBV00080.VDF : 8.12.89.98 24576 Bytes 10.05.2016 18:41:43
XBV00081.VDF : 8.12.89.102 110080 Bytes 11.05.2016 18:41:43
XBV00082.VDF : 8.12.89.104 2048 Bytes 11.05.2016 18:41:43
XBV00083.VDF : 8.12.89.106 2560 Bytes 11.05.2016 18:41:43
XBV00084.VDF : 8.12.89.108 2048 Bytes 11.05.2016 18:41:43
XBV00085.VDF : 8.12.89.110 79360 Bytes 11.05.2016 18:41:43
XBV00086.VDF : 8.12.89.124 90624 Bytes 11.05.2016 18:41:43
XBV00087.VDF : 8.12.89.138 2048 Bytes 11.05.2016 18:41:43
XBV00088.VDF : 8.12.89.140 2048 Bytes 11.05.2016 18:41:44
XBV00089.VDF : 8.12.89.152 193024 Bytes 12.05.2016 18:41:44
XBV00090.VDF : 8.12.89.182 75776 Bytes 12.05.2016 18:41:44
XBV00091.VDF : 8.12.89.192 47616 Bytes 12.05.2016 18:41:44
XBV00092.VDF : 8.12.89.234 126976 Bytes 12.05.2016 18:41:44
XBV00093.VDF : 8.12.89.248 17408 Bytes 12.05.2016 18:41:44
XBV00094.VDF : 8.12.90.6 25088 Bytes 12.05.2016 18:41:44
XBV00095.VDF : 8.12.90.32 13824 Bytes 12.05.2016 18:41:44
XBV00096.VDF : 8.12.90.46 18944 Bytes 12.05.2016 18:41:44
XBV00097.VDF : 8.12.90.48 2048 Bytes 12.05.2016 18:41:44
XBV00098.VDF : 8.12.90.62 81408 Bytes 13.05.2016 18:41:44
XBV00099.VDF : 8.12.90.74 13312 Bytes 13.05.2016 18:41:44
XBV00100.VDF : 8.12.90.76 20992 Bytes 13.05.2016 18:41:44
XBV00101.VDF : 8.12.90.80 118784 Bytes 13.05.2016 18:41:44
XBV00102.VDF : 8.12.90.82 2048 Bytes 13.05.2016 18:41:44
XBV00103.VDF : 8.12.90.94 2048 Bytes 13.05.2016 18:41:44
XBV00104.VDF : 8.12.90.106 96768 Bytes 13.05.2016 18:41:44
XBV00105.VDF : 8.12.90.118 2048 Bytes 13.05.2016 18:41:44
XBV00106.VDF : 8.12.90.130 37888 Bytes 13.05.2016 18:41:44
XBV00107.VDF : 8.12.90.142 2048 Bytes 13.05.2016 18:41:44
XBV00108.VDF : 8.12.90.166 127488 Bytes 14.05.2016 18:41:44
XBV00109.VDF : 8.12.90.176 16384 Bytes 14.05.2016 18:41:44
XBV00110.VDF : 8.12.90.186 26624 Bytes 14.05.2016 18:41:44
XBV00111.VDF : 8.12.90.196 13824 Bytes 14.05.2016 18:41:44
XBV00112.VDF : 8.12.90.198 27648 Bytes 14.05.2016 18:41:44
XBV00113.VDF : 8.12.90.200 196608 Bytes 15.05.2016 18:41:45
XBV00114.VDF : 8.12.90.210 17408 Bytes 15.05.2016 18:41:45
XBV00115.VDF : 8.12.90.220 15872 Bytes 15.05.2016 18:41:45
XBV00116.VDF : 8.12.90.230 19968 Bytes 15.05.2016 18:41:45
XBV00117.VDF : 8.12.90.240 69120 Bytes 16.05.2016 18:41:45
XBV00118.VDF : 8.12.90.242 2048 Bytes 16.05.2016 18:41:45
XBV00119.VDF : 8.12.90.246 2048 Bytes 16.05.2016 18:41:45
XBV00120.VDF : 8.12.91.0 24064 Bytes 16.05.2016 18:41:45
XBV00121.VDF : 8.12.91.2 25088 Bytes 16.05.2016 18:41:45
XBV00122.VDF : 8.12.91.4 38400 Bytes 16.05.2016 18:41:45
XBV00123.VDF : 8.12.91.6 60416 Bytes 16.05.2016 18:41:45
XBV00124.VDF : 8.12.91.8 20992 Bytes 16.05.2016 18:41:45
XBV00125.VDF : 8.12.91.10 17408 Bytes 16.05.2016 18:41:45
XBV00126.VDF : 8.12.91.12 16896 Bytes 16.05.2016 18:41:45
XBV00127.VDF : 8.12.91.14 12288 Bytes 16.05.2016 18:41:45
XBV00128.VDF : 8.12.91.24 10240 Bytes 16.05.2016 18:41:45
XBV00129.VDF : 8.12.91.32 13824 Bytes 16.05.2016 18:41:45
XBV00130.VDF : 8.12.91.40 9728 Bytes 16.05.2016 18:41:45
XBV00131.VDF : 8.12.91.48 11776 Bytes 16.05.2016 18:41:45
XBV00132.VDF : 8.12.91.50 7168 Bytes 16.05.2016 18:41:45
XBV00133.VDF : 8.12.91.52 30208 Bytes 17.05.2016 18:41:45
XBV00134.VDF : 8.12.91.56 10240 Bytes 17.05.2016 18:41:45
XBV00135.VDF : 8.12.91.58 16896 Bytes 17.05.2016 18:41:45
XBV00136.VDF : 8.12.91.60 11264 Bytes 17.05.2016 18:41:45
XBV00137.VDF : 8.12.91.62 13824 Bytes 17.05.2016 18:41:45
XBV00138.VDF : 8.12.91.66 2048 Bytes 17.05.2016 18:41:45
XBV00139.VDF : 8.12.91.70 124416 Bytes 17.05.2016 18:41:45
XBV00140.VDF : 8.12.91.78 29184 Bytes 17.05.2016 18:41:46
XBV00141.VDF : 8.12.91.86 2048 Bytes 17.05.2016 18:41:46
XBV00142.VDF : 8.12.91.94 47104 Bytes 17.05.2016 18:41:46
XBV00143.VDF : 8.12.91.102 2048 Bytes 17.05.2016 18:41:46
XBV00144.VDF : 8.12.91.104 2048 Bytes 17.05.2016 18:41:46
XBV00145.VDF : 8.12.91.112 2048 Bytes 17.05.2016 18:41:46
XBV00146.VDF : 8.12.91.120 95744 Bytes 17.05.2016 18:41:46
XBV00147.VDF : 8.12.91.128 2048 Bytes 18.05.2016 18:41:46
XBV00148.VDF : 8.12.91.144 96256 Bytes 18.05.2016 18:41:46
XBV00149.VDF : 8.12.91.150 17920 Bytes 18.05.2016 18:41:46
XBV00150.VDF : 8.12.91.156 10752 Bytes 18.05.2016 18:41:46
XBV00151.VDF : 8.12.91.170 17408 Bytes 18.05.2016 18:41:46
XBV00152.VDF : 8.12.91.184 50688 Bytes 18.05.2016 18:41:46
XBV00153.VDF : 8.12.91.200 117760 Bytes 18.05.2016 18:41:46
XBV00154.VDF : 8.12.91.214 2048 Bytes 18.05.2016 18:41:46
XBV00155.VDF : 8.12.91.216 2048 Bytes 18.05.2016 18:41:46
XBV00156.VDF : 8.12.91.218 2048 Bytes 18.05.2016 18:41:46
XBV00157.VDF : 8.12.91.220 40448 Bytes 18.05.2016 18:41:46
XBV00158.VDF : 8.12.91.234 15872 Bytes 18.05.2016 18:41:46
XBV00159.VDF : 8.12.92.4 17408 Bytes 18.05.2016 18:41:46
XBV00160.VDF : 8.12.92.18 12800 Bytes 18.05.2016 18:41:46
XBV00161.VDF : 8.12.92.20 2048 Bytes 18.05.2016 18:41:46
XBV00162.VDF : 8.12.92.46 74240 Bytes 19.05.2016 18:41:46
XBV00163.VDF : 8.12.92.58 10240 Bytes 19.05.2016 18:41:46
XBV00164.VDF : 8.12.92.70 6144 Bytes 19.05.2016 18:41:46
XBV00165.VDF : 8.12.92.72 5632 Bytes 19.05.2016 18:41:46
XBV00166.VDF : 8.12.92.74 14848 Bytes 19.05.2016 18:41:46
XBV00167.VDF : 8.12.92.78 2560 Bytes 19.05.2016 18:41:46
XBV00168.VDF : 8.12.92.82 89088 Bytes 19.05.2016 18:41:46
XBV00169.VDF : 8.12.92.84 2048 Bytes 19.05.2016 18:41:47
XBV00170.VDF : 8.12.92.96 24064 Bytes 19.05.2016 18:41:47
XBV00171.VDF : 8.12.92.120 56320 Bytes 20.05.2016 18:41:47
XBV00172.VDF : 8.12.92.132 13824 Bytes 20.05.2016 18:41:47
XBV00173.VDF : 8.12.92.144 10240 Bytes 20.05.2016 18:41:47
XBV00174.VDF : 8.12.92.156 17920 Bytes 20.05.2016 18:41:47
XBV00175.VDF : 8.12.92.160 17408 Bytes 20.05.2016 18:41:47
XBV00176.VDF : 8.12.92.164 47616 Bytes 20.05.2016 20:43:01
XBV00177.VDF : 8.12.92.176 8192 Bytes 20.05.2016 20:43:01
LOCAL001.VDF : 8.12.92.176 158728192 Bytes 20.05.2016 20:43:13
Engineversion : 8.3.40.16
AEBB.DLL : 8.1.3.0 59296 Bytes 20.05.2016 18:41:08
AECORE.DLL : 8.3.12.4 247720 Bytes 20.05.2016 18:41:08
AECRYPTO.DLL : 8.2.0.2 128936 Bytes 20.05.2016 18:41:10
AEDROID.DLL : 8.4.3.362 2717608 Bytes 20.05.2016 18:41:10
AEEMU.DLL : 8.1.3.8 404328 Bytes 20.05.2016 18:41:08
AEEXP.DLL : 8.4.2.176 306032 Bytes 20.05.2016 18:41:10
AEGEN.DLL : 8.1.8.114 547696 Bytes 20.05.2016 18:41:08
AEHELP.DLL : 8.3.2.10 284584 Bytes 20.05.2016 18:41:09
AEHEUR.DLL : 8.1.4.2308 10259312 Bytes 20.05.2016 18:41:09
AELIBINF.DLL : 8.2.1.4 68464 Bytes 20.05.2016 18:41:10
AEMOBILE.DLL : 8.1.8.10 301936 Bytes 20.05.2016 18:41:10
AEOFFICE.DLL : 8.3.3.34 468904 Bytes 20.05.2016 18:41:09
AEPACK.DLL : 8.4.2.14 805744 Bytes 20.05.2016 18:41:10
AERDL.DLL : 8.2.1.42 813928 Bytes 20.05.2016 18:41:10
AESBX.DLL : 8.2.21.4 1629032 Bytes 20.05.2016 18:41:10
AESCN.DLL : 8.3.4.6 141216 Bytes 20.05.2016 18:41:10
AESCRIPT.DLL : 8.3.0.136 608168 Bytes 20.05.2016 18:41:10
AEVDF.DLL : 8.3.3.4 142184 Bytes 20.05.2016 18:41:10
AVWINLL.DLL : 15.0.16.227 27680 Bytes 20.05.2016 18:41:08
AVPREF.DLL : 15.0.16.227 53944 Bytes 20.05.2016 18:41:13
AVREP.DLL : 15.0.16.227 223400 Bytes 20.05.2016 18:41:13
AVARKT.DLL : 15.0.16.227 230080 Bytes 20.05.2016 18:41:11
AVEVTLOG.DLL : 15.0.16.251 200192 Bytes 20.05.2016 18:41:12
SQLITE3.DLL : 15.0.16.227 459752 Bytes 20.05.2016 18:41:22
AVSMTP.DLL : 15.0.16.227 80200 Bytes 20.05.2016 18:41:14
NETNT.DLL : 15.0.16.227 16880 Bytes 20.05.2016 18:41:20
CommonImageRc.dll: 15.0.16.222 4307832 Bytes 20.05.2016 18:41:08
CommonTextRc.dll: 15.0.16.222 68864 Bytes 20.05.2016 18:41:08

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\Antivirus\TEMP\AVGUARD_573f7f68\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Auszulassende Dateien.................:
Abweichende Gefahrenkategorien........: +APPL,+JOKE,+SPR,

Beginn des Suchlaufs: Freitag, 20. Mai 2016 23:29

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'vsserv.exe' - '239' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '146' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTAudSvc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '161' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'CtHdaSvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'LogiRegistryService.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'plays_service.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ProductAgentService.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'updatesrv.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.ServiceHost.exe' - '172' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'GWX.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCore.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'RadeonSettings.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'bdagent.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'Spotify.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpotifyWebHelper.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '179' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SBRnPCIe.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpotifyCrashService.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dit.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'DitExp.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'Spotify.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'Spotify.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.Systray.exe' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'raptr.exe' - '170' Modul(e) wurden durchsucht
Durchsuche Prozess 'playstv.exe' - '187' Modul(e) wurden durchsucht
Durchsuche Prozess 'raptr_im.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'plays_ep64.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'raptr_ep64.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_21_0_0_242.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_21_0_0_242.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Windows\Temp\tmp00000be1\tmp004bba64'
[INFO] RepairMalware: Disinfection of malware PUA/SearchProtect.Gen7 needs a reboot to complete
[WARN] GetSHA256: SHA - Cannot open the file: \\?\C:\Windows\Temp\tmp00000be1\tmp004bba64
[INFO] RepairMalware: Disinfection of malware PUA/SearchProtect.Gen7 needs a reboot to complete
C:\Windows\Temp\tmp00000be1\tmp004bba64
[FUND] Enthält Muster der Software PUA/SearchProtect.Gen7
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
Beginne mit der Suche in 'C:\Windows\Temp\tmp0000564d\tmp000103fc'
[INFO] RepairMalware: Disinfection of malware PUA/SearchProtect.Gen7 needs a reboot to complete
[WARN] GetSHA256: SHA - Cannot open the file: \\?\C:\Windows\Temp\tmp0000564d\tmp000103fc
[ERROR] RepairMalware: Not able to Repair Malware PUA/SearchProtect.Gen7
[INFO] RepairMalware: Disinfection of malware PUA/SearchProtect.Gen7 needs the rescue cd to complete
C:\Windows\Temp\tmp0000564d\tmp000103fc
[FUND] Enthält Muster der Software PUA/SearchProtect.Gen7
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
Beginne mit der Suche in 'C:\Windows\Temp\tmp0000564d\tmp000103ff'
Der zu durchsuchende Pfad C:\Windows\Temp\tmp0000564d\tmp000103ff konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\tmp0000564d\tmp00010401'
Der zu durchsuchende Pfad C:\Windows\Temp\tmp0000564d\tmp00010401 konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Windows\Temp\tmp0000564d\tmp00010402'
Der zu durchsuchende Pfad C:\Windows\Temp\tmp0000564d\tmp00010402 konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
und der Malwarebytes Log:
Zitat:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 20.05.2016
Suchlaufzeit: 23:54
Protokolldatei: 2.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.05.20.08
Rootkit-Datenbank: v2016.05.20.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Ben

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333565
Abgelaufene Zeit: 8 Min., 10 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 107
PUP.Optional.WebCheck, HKU\S-1-5-21-2410925410-2808068811-915591143-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E155F23C-9931-47C6-A619-20E6FCA86D75}, , [ef390dcbecadc4722a6c591bfd0540c0],
PUP.Optional.WebCheck, HKU\S-1-5-21-2410925410-2808068811-915591143-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E155F23C-9931-47C6-A619-20E6FCA86D75}, , [ef390dcbecadc4722a6c591bfd0540c0],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, , [75b36b6dbbdece6838fb81ef887a35cb],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLive.Update3WebControl.3, , [75b36b6dbbdece6838fb81ef887a35cb],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.Update3WebControl.3, , [75b36b6dbbdece6838fb81ef887a35cb],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLive.Update3WebControl.3, , [75b36b6dbbdece6838fb81ef887a35cb],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, , [75b36b6dbbdece6838fb81ef887a35cb],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C536F080-57B7-46D6-8894-C647553F2889}, , [42e67c5c4d4c8aac45f3630d54ae15eb],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, , [42e67c5c4d4c8aac45f3630d54ae15eb],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, , [42e67c5c4d4c8aac45f3630d54ae15eb],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, , [42e67c5c4d4c8aac45f3630d54ae15eb],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, , [42e67c5c4d4c8aac45f3630d54ae15eb],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLive.OneClickProcessLauncherMachine, , [42e67c5c4d4c8aac45f3630d54ae15eb],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLive.OneClickProcessLauncherMachine.1.0, , [42e67c5c4d4c8aac45f3630d54ae15eb],
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [d4541bbd841558de8ca83c3b9a6820e0],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, , [2efa8f490297290d6cc488e8db27619f],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, , [4eda795f8a0fd66057d9ea861de518e8],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, , [4eda795f8a0fd66057d9ea861de518e8],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, , [4eda795f8a0fd66057d9ea861de518e8],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassSvc, , [4eda795f8a0fd66057d9ea861de518e8],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, , [4eda795f8a0fd66057d9ea861de518e8],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, , [91979b3d4b4e191d64d7363a38cad22e],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, , [3bedd1075b3e90a6bb800e62d82a32ce],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, , [3bedd1075b3e90a6bb800e62d82a32ce],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, , [3bedd1075b3e90a6bb800e62d82a32ce],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebSvc, , [3bedd1075b3e90a6bb800e62d82a32ce],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebSvc.1.0, , [3bedd1075b3e90a6bb800e62d82a32ce],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, , [77b13d9b2a6f62d450d973fd3cc62cd4],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, , [72b6a7317e1b38feb0790d634fb3e818],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, , [72b6a7317e1b38feb0790d634fb3e818],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, , [72b6a7317e1b38feb0790d634fb3e818],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, , [72b6a7317e1b38feb0790d634fb3e818],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, , [72b6a7317e1b38feb0790d634fb3e818],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, , [1f096b6dfa9f6bcbcb5fb8b8c53db44c],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, , [ac7c3c9c7524fb3bc26893ddfc0646ba],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, , [ac7c3c9c7524fb3bc26893ddfc0646ba],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, , [ac7c3c9c7524fb3bc26893ddfc0646ba],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CredentialDialogMachine, , [ac7c3c9c7524fb3bc26893ddfc0646ba],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CredentialDialogMachine.1.0, , [ac7c3c9c7524fb3bc26893ddfc0646ba],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, , [58d086523e5bbe78b972353b9969857b],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, , [96924b8d6a2f6fc777b4a6caba48d32d],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, , [96924b8d6a2f6fc777b4a6caba48d32d],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, , [96924b8d6a2f6fc777b4a6caba48d32d],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoCreateAsync, , [96924b8d6a2f6fc777b4a6caba48d32d],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoCreateAsync.1.0, , [96924b8d6a2f6fc777b4a6caba48d32d],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, , [b77136a2fd9cfc3a909d4030e02238c8],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, , [fc2c06d2b6e3bf77a4899bd572907090],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, , [fc2c06d2b6e3bf77a4899bd572907090],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, , [fc2c06d2b6e3bf77a4899bd572907090],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebMachineFallback, , [fc2c06d2b6e3bf77a4899bd572907090],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, , [fc2c06d2b6e3bf77a4899bd572907090],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, , [f6323a9e168316204fdf5917c63c6d93],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, , [ba6efbdddcbdc76f79b57ff1df23857b],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, , [ba6efbdddcbdc76f79b57ff1df23857b],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, , [ba6efbdddcbdc76f79b57ff1df23857b],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoreMachineClass, , [ba6efbdddcbdc76f79b57ff1df23857b],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoreMachineClass.1, , [ba6efbdddcbdc76f79b57ff1df23857b],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, , [77b1e9eff8a1fd39ea45b8b87f838d73],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, , [ff29627608914de931fe175951b114ec],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, , [ff29627608914de931fe175951b114ec],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, , [ff29627608914de931fe175951b114ec],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.ProcessLauncher, , [ff29627608914de931fe175951b114ec],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.ProcessLauncher.1.0, , [ff29627608914de931fe175951b114ec],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, , [260233a57920fb3bcd64e987be44ae52],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, , [8c9cf5e35d3c6ec8e24f2b45dd256898],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, , [8c9cf5e35d3c6ec8e24f2b45dd256898],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, , [8c9cf5e35d3c6ec8e24f2b45dd256898],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassMachine, , [8c9cf5e35d3c6ec8e24f2b45dd256898],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, , [8c9cf5e35d3c6ec8e24f2b45dd256898],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass, , [9494b028a3f652e40d2c343c29d9d030],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass.1, , [bc6cac2c4b4e4bebe257f37d877b9b65],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass, , [bc6cac2c4b4e4bebe257f37d877b9b65],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass.1, , [bc6cac2c4b4e4bebe257f37d877b9b65],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoreClass, , [bc6cac2c4b4e4bebe257f37d877b9b65],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.CoreClass.1, , [bc6cac2c4b4e4bebe257f37d877b9b65],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, , [b5737a5ececb6cca85b5b5bb689a54ac],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, , [ba6ef0e87227b581a298214f59a910f0],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, , [ba6ef0e87227b581a298214f59a910f0],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, , [ba6ef0e87227b581a298214f59a910f0],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3COMClassService, , [ba6ef0e87227b581a298214f59a910f0],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3COMClassService.1.0, , [ba6ef0e87227b581a298214f59a910f0],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, , [1e0aba1e2d6cf83ee458a1cfa959d030],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, , [84a4be1af4a559dd0a32244ce919f010],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, , [84a4be1af4a559dd0a32244ce919f010],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, , [84a4be1af4a559dd0a32244ce919f010],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebMachine, , [84a4be1af4a559dd0a32244ce919f010],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DealPlyLiveUpdate.Update3WebMachine.1.0, , [84a4be1af4a559dd0a32244ce919f010],
PUP.Optional.DealPly, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickCtrl.9, , [1d0be7f1fc9d7abc77a9ceb05ea554ac],
PUP.Optional.Conduit, HKLM\SOFTWARE\DIVX\INSTALL\SETUP\WIZARDLAYOUT\ConduitToolbar, , [cd5ba3350a8f7abc30e12e7dfc062cd4],
PUP.Optional.Amonetize, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{38B8CBDA-377E-4E7D-AEE2-CCE933A1A41A}, , [31f78454326764d269e5406bc53d7987],
PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7E3CCFA7-27E1-4377-8A2A-B4D1710718DB}, , [0c1c20b89bfecb6ba0d17360cc3752ae],
PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A04FC64B-F436-4119-97FD-FF9F741261F2}, , [29ffe7f10198c0766f028c4747bc4eb2],
PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Dealply, , [9c8cbe1a9504e45250dc91edc04331cf],
PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DealPlyUpdate, , [ce5aefe96c2d68ce41eb45395ea5956b],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OpenCandyHelperRunAsStandardUser2635B73B16EE4E4F8D8BBDBD1283BEF4, , [eb3d5880e5b4251162a8ccc1ec17a060],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OpenCandyHelperRunOnce8AA55C164BE14A90A4EDB9165DC7F0E6, , [0622d80035642e088e7c1578bf44cd33],
PUP.Optional.ProtectedSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProtectedSearch, , [b474696f891078be4166e8a734cf3cc4],
PUP.Optional.Amonetize, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UpdaterEX, , [bf696a6e376232044609357625ddd12f],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickCtrl.9, , [2800dff915847abc56cabdc109fa3ec2],
PUP.Optional.HomeTab, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bddpogknpjlgfpbboediomaiiaecfajn, , [7dab1cbc3e5b72c4cf43e89c26ddd52b],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9F556458-901F-409F-990E-B7D22FD82067}, , [2cfc0fc9bbdeff378c2996e712f1c739],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AF599219-EF5E-47C1-A708-7B06C2F6DE8C}, , [53d5568264358da9fcb7bbc2669d24dc],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FFA1FD95-AC6D-4E27-B0B4-A8F1B1322FD8}, , [190f5385841568ce2f85364752b1d828],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=3, , [012723b55247c96d89a4ed918b780ff1],
PUP.Optional.DealPly, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=9, , [ca5e02d6e8b1d264e845295559aa05fb],
PUP.Optional.Babylon, HKU\S-1-5-21-2410925410-2808068811-915591143-1000\SOFTWARE\BABSOLUTION\Updater, , [b8704f8984152f07db95b1c5946fe11f],
PUP.Optional.Conduit, HKU\S-1-5-21-2410925410-2808068811-915591143-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E1A1345E-9886-421C-8D65-0800B7F144F5}, , [4bdd7761bcdda88ee64b90ebdb28f50b],

Registrierungswerte: 12
PUP.Optional.Amonetize, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{38B8CBDA-377E-4E7D-AEE2-CCE933A1A41A}|Path, \UpdaterEX, , [31f78454326764d269e5406bc53d7987]
PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7E3CCFA7-27E1-4377-8A2A-B4D1710718DB}|Path, \Dealply, , [0c1c20b89bfecb6ba0d17360cc3752ae]
PUP.Optional.DealPly, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A04FC64B-F436-4119-97FD-FF9F741261F2}|Path, \DealPlyUpdate, , [29ffe7f10198c0766f028c4747bc4eb2]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9f556458-901f-409f-990e-b7d22fd82067}|AppName, Plus-HD-1.5-codedownloader.exe, , [2cfc0fc9bbdeff378c2996e712f1c739]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{af599219-ef5e-47c1-a708-7b06c2f6de8c}|AppName, Plus-HD-1.5-bg.exe, , [53d5568264358da9fcb7bbc2669d24dc]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ffa1fd95-ac6d-4e27-b0b4-a8f1b1322fd8}|AppName, Plus-HD-1.5-buttonutil.exe, , [190f5385841568ce2f85364752b1d828]
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|Plus-HD-1.5-bg.exe, 8000, , [f137c4140d8cd462cc5b3f97a45fa35d]
PUP.Optional.CertifiedToolBar.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=99&st=bs&tid=0&q=%s, , [8e9a3b9d1f7a3df92fb416b104fe9070]
PUP.Optional.FirstSeenToday, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_de_159, , [9a8e5385e5b4ef4772c2afd21ee56997],
PUP.Optional.Conduit, HKU\S-1-5-21-2410925410-2808068811-915591143-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E1A1345E-9886-421C-8D65-0800B7F144F5}|URL, hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MA62C3147-8AE0-40E0-918E-AEDF8799F4C5&SearchSource=58&CUI=&UM=5&UP=SP62D14C1F-E9FB-4EFC-B42C-631FD0CBFD66&q={searchTerms}&SSPV=, , [4bdd7761bcdda88ee64b90ebdb28f50b]
PUP.Optional.Conduit, HKU\S-1-5-21-2410925410-2808068811-915591143-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E1A1345E-9886-421C-8D65-0800B7F144F5}|SuggestionsURL_JSON, hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, , [42e69741debbbb7b89a947345ca760a0]
PUP.Optional.Trovi, HKU\S-1-5-21-2410925410-2808068811-915591143-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E1A1345E-9886-421C-8D65-0800B7F144F5}|DisplayName, Trovi, , [2cfc8c4c1980a492579947506f94867a]

Registrierungsdaten: 3
PUP.Optional.SimplyTech, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|newtab, %appdata%\SimplyTech\home\home.htm, Gut: (www.google.com), Schlecht: (%appdata%\SimplyTech\home\home.htm),,[3fe933a51386b48242ca1935ce366e92]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[2206795f495054e23a58d874897b38c8]
PUP.Optional.SearchCertifiedTB, HKU\S-1-5-21-2410925410-2808068811-915591143-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=99&st=bs&tid=0&q=%s, Gut: (www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=99&st=bs&tid=0&q=%s),,[e444bf198e0b40f607deee5f52b246ba]

Ordner: 29
PUP.Optional.UpdateProc, C:\Users\Ben\AppData\Roaming\UpdaterEX\UpdateProc, , [0523f7e17029b185abdfc3d57e85748c],
PUP.Optional.UpdateProc, C:\Users\Ben\AppData\Roaming\UpdaterEX, , [0523f7e17029b185abdfc3d57e85748c],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\chrome, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\chrome\content, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\chrome\locale, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\chrome\locale\en-US, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\chrome\skin, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\defaults, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\defaults\preferences, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserUpdater, C:\Windows\System32\Tasks\Browser Updater, , [30f86771c5d41f177401751a43bf45bb],
PUP.Optional.DealPly, C:\Users\Ben\AppData\Roaming\Dealply, , [a58301d7dfbabf777a46f59de31ff907],
PUP.Optional.DealPly, C:\Users\Ben\AppData\Roaming\Dealply\UpdateProc, , [a58301d7dfbabf777a46f59de31ff907],
PUP.Optional.DealPly, C:\Users\Ben\AppData\Local\DealPlyLive, , [66c2af295f3ae65064615b37a161f709],
PUP.Optional.DealPly, C:\Users\Ben\AppData\Local\DealPlyLive\CrashReports, , [66c2af295f3ae65064615b37a161f709],
PUP.Optional.FreeSoftToday, C:\Users\Ben\AppData\Local\freeSOFTtoday, , [d751993f6c2d47ef915e306489790cf4],
PUP.Optional.FreeSoftToday, C:\Users\Ben\AppData\Local\freeSOFTtoday\freeSOFTtoday, , [d751993f6c2d47ef915e306489790cf4],
PUP.Optional.FreeSoftToday, C:\Users\Ben\AppData\Local\freeSOFTtoday\freeSOFTtoday\1.0, , [d751993f6c2d47ef915e306489790cf4],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}, , [4fd9f5e36039989e2e15f5a1f30f7d83],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\chrome, , [4fd9f5e36039989e2e15f5a1f30f7d83],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\components, , [4fd9f5e36039989e2e15f5a1f30f7d83],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\plugins, , [4fd9f5e36039989e2e15f5a1f30f7d83],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}, , [15138157c2d760d673d0fa9c738f7b85],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\chrome, , [15138157c2d760d673d0fa9c738f7b85],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\components, , [15138157c2d760d673d0fa9c738f7b85],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\plugins, , [15138157c2d760d673d0fa9c738f7b85],
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect, , [24047365aaef4de967d27a2bd929ad53],
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect, , [24047365aaef4de967d27a2bd929ad53],
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep, , [24047365aaef4de967d27a2bd929ad53],

Dateien: 53
PUP.Optional.SimplyTech, C:\Windows\Launcher.exe, , [8f99c11736636bcb1cd272a71ce8da26],
PUP.Optional.Amonetize, C:\Windows\Tasks\UpdaterEX.job, , [b3752eaa0f8ac96dcc81a00b976bf30d],
PUP.Optional.Findr, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\findr.xml, , [44e43e9a8f0a6dc95bca79083dc62bd5],
PUP.Optional.Findr, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\searchplugins\findr.xml, , [36f2597fd4c52e082df87b06e91a31cf],
PUP.Optional.UpdateProc, C:\Users\Ben\AppData\Roaming\UpdaterEX\UpdateProc\prod.dat, , [0523f7e17029b185abdfc3d57e85748c],
PUP.Optional.UpdateProc, C:\Users\Ben\AppData\Roaming\UpdaterEX\UpdateProc\config.dat, , [0523f7e17029b185abdfc3d57e85748c],
PUP.Optional.UpdateProc, C:\Users\Ben\AppData\Roaming\UpdaterEX\UpdateProc\STTL.DAT, , [0523f7e17029b185abdfc3d57e85748c],
PUP.Optional.UpdateProc, C:\Users\Ben\AppData\Roaming\UpdaterEX\UpdateProc\TTL.DAT, , [0523f7e17029b185abdfc3d57e85748c],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\chrome.manifest, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\install.rdf, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\chrome\content\browseradditions.x ul, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\chrome\content\init.js, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\chrome\content\poweraddon.js, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\chrome\content\utils.js, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\chrome\locale\en-US\browseradditions.dtd, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\chrome\skin\icon16.png, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\chrome\skin\icon32.png, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\chrome\skin\overlay.css, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.BrowserAdditions, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\toolbarbutton@browseradditions.com\defaults\preferences\browseraddit ions.js, , [5fc9dff99801c670b358355a27db9d63],
PUP.Optional.DealPly, C:\Users\Ben\AppData\Roaming\Dealply\UpdateProc\config.dat, , [a58301d7dfbabf777a46f59de31ff907],
PUP.Optional.DealPly, C:\Users\Ben\AppData\Roaming\Dealply\UpdateProc\STTL.DAT, , [a58301d7dfbabf777a46f59de31ff907],
PUP.Optional.DealPly, C:\Users\Ben\AppData\Roaming\Dealply\UpdateProc\TTL.DAT, , [a58301d7dfbabf777a46f59de31ff907],
PUP.Optional.FreeSoftToday, C:\Users\Ben\AppData\Local\freeSOFTtoday\freeSOFTtoday\1.0\freeSOFTtoday.cyl, , [d751993f6c2d47ef915e306489790cf4],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\chrome.manifest, , [4fd9f5e36039989e2e15f5a1f30f7d83],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\HomeTab_6787.sqlite, , [4fd9f5e36039989e2e15f5a1f30f7d83],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\install.js, , [4fd9f5e36039989e2e15f5a1f30f7d83],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\install.rdf, , [4fd9f5e36039989e2e15f5a1f30f7d83],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\pop.htm, , [4fd9f5e36039989e2e15f5a1f30f7d83],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\wtb_ff.bin, , [4fd9f5e36039989e2e15f5a1f30f7d83],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\chrome\HomeTab_6787.jar, , [4fd9f5e36039989e2e15f5a1f30f7d83],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\components\wtb_complete.js, , [4fd9f5e36039989e2e15f5a1f30f7d83],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\plugins\npwiddit.dll, , [4fd9f5e36039989e2e15f5a1f30f7d83],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\chrome.manifest, , [15138157c2d760d673d0fa9c738f7b85],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\HomeTab_6787.sqlite, , [15138157c2d760d673d0fa9c738f7b85],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\install.js, , [15138157c2d760d673d0fa9c738f7b85],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\install.rdf, , [15138157c2d760d673d0fa9c738f7b85],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\pop.htm, , [15138157c2d760d673d0fa9c738f7b85],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\wtb_ff.bin, , [15138157c2d760d673d0fa9c738f7b85],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\chrome\HomeTab_6787.jar, , [15138157c2d760d673d0fa9c738f7b85],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\components\wtb_complete.js, , [15138157c2d760d673d0fa9c738f7b85],
PUP.Optional.HomeTab, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\plugins\npwiddit.dll, , [15138157c2d760d673d0fa9c738f7b85],
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [24047365aaef4de967d27a2bd929ad53],
PUP.Optional.Iminent, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js, Gut: (), Schlecht: (user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0"), ,[e345e8f07d1c5cda634c5319966e827e]
PUP.Optional.Iminent, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js, Gut: (), Schlecht: (
*
* If you make changes to this file while the application is running,
* the chang), ,[82a605d3cccdd6606e416a02f80c25db]
PUP.Optional.Iminent, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js, Gut: (), Schlecht: (ke changes to this file while the application is running,
* the changes will be overwri), ,[e642954354457cba3b74422a5aaa9b65]
PUP.Optional.Iminent, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js, Gut: (), Schlecht: (ke changes to this file while the application is running,
* the changes ), ,[67c1984060390e28713eff6d50b4817f]
PUP.Optional.Iminent, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js, Gut: (), Schlecht: (*
* If you make changes to this file while the application is running,
* the changes wil), ,[d256c3154257b0863c731b51bd47eb15]
PUP.Optional.Conduit, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js, Gut: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Schlecht: (user_pref("browser.startup.homepage", "hxxp://search.conduit.com), ,[3cecc11711885ed81ac4acc5aa5a6f91]
PUP.Optional.Iminent, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\prefs.js, Gut: (), Schlecht: (user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0"), ,[6fb936a27f1ab581624de8840004e917]
PUP.Optional.Iminent, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\prefs.js, Gut: (), Schlecht: (
*
* If you make changes to this file while the application is running,
* the change), ,[12169d3b3c5d53e3109fce9ec44038c8]
PUP.Optional.Iminent, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\prefs.js, Gut: (), Schlecht: (e changes to this file while the application is running,
* the changes will be overwrit), ,[b276ba1e2e6b9c9a1d92214b24e0c63a]
PUP.Optional.Iminent, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\prefs.js, Gut: (), Schlecht: (e changes to this file while the application is running,
* the changes w), ,[d7514b8d74250234efc05418e222a858]
PUP.Optional.Iminent, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\prefs.js, Gut: (), Schlecht: (
* If you make changes to this file while the application is running,
* the changes will), ,[2cfcd305adec0a2c228db2bae61e47b9]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Kann mir jemand helfen?!
Vielen Dank schon mal

Alt 21.05.2016, 00:07   #2
M-K-D-B
/// TB-Ausbilder
 
Trojaner "searchprotect" und "tmp00000be1" entfernen - Standard

Trojaner "searchprotect" und "tmp00000be1" entfernen






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:



Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________

__________________

Alt 21.05.2016, 00:38   #3
HackedNoob
 
Trojaner "searchprotect" und "tmp00000be1" entfernen - Standard

Trojaner "searchprotect" und "tmp00000be1" entfernen



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:19-05-2016
durchgeführt von Ben (Administrator) auf BEN-PC (21-05-2016 00:21:49)
Gestartet von C:\Users\Ben\Downloads
Geladene Profile: Ben (Verfügbare Profile: Ben)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
(ICSI Technology Ltd.) C:\Windows\Dit.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(ICSI) C:\Windows\DitExp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-06] (Logitech Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1651600 2016-04-25] (Bitdefender)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [885760 2012-02-22] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dit] => C:\Windows\Dit.exe [90112 2004-08-05] (ICSI Technology Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-27] (DivX, LLC)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-05-09] (Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-27] (Raptr, Inc)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-05-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-04-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [Dropbox Update] => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [Spotify] => C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-28] (Spotify Ltd)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [Spotify Web Helper] => C:\Users\Ben\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-28] (Spotify Ltd)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\MountPoints2: F - F:\Setup.exe autorun
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\MountPoints2: {0cffc0e7-918d-11e2-ba83-bc5ff44945d9} - F:\setup.exe
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-21]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-05-21]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 80.69.96.12 81.210.129.4
Tcpip\..\Interfaces\{93459425-DE5C-4808-9F97-6026C69CD4BC}: [DhcpNameServer] 80.69.96.12 81.210.129.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {71588120-FC17-4463-B07D-2C71FE6E057B} URL = hxxp://go.findrsearch.com/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2410925410-2808068811-915591143-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-2410925410-2808068811-915591143-1000 -> {0C3286BA-7A37-4E59-A3F5-F4E06A97F97B} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=71e2f78e-876b-4e42-8029-3e0e5449b2d1&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2410925410-2808068811-915591143-1000 -> {38C82963-9229-4D88-99F7-221997DB985B} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=71e2f78e-876b-4e42-8029-3e0e5449b2d1&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2410925410-2808068811-915591143-1000 -> {94ABC068-6097-46F0-8AC3-5EBFF0AD0703} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=71e2f78e-876b-4e42-8029-3e0e5449b2d1&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2410925410-2808068811-915591143-1000 -> {F280C5F1-262E-4024-AC35-47BEAEBFA6CF} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=71e2f78e-876b-4e42-8029-3e0e5449b2d1&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2410925410-2808068811-915591143-1000 -> {F4ED6660-A91F-481D-A5DF-7DAC3E9994E2} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=71e2f78e-876b-4e42-8029-3e0e5449b2d1&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-2410925410-2808068811-915591143-1000 -> {FD4E9F80-5AC9-44A3-8722-78CA6D2DC141} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=71e2f78e-876b-4e42-8029-3e0e5449b2d1&pid=fotofreeware&mode=bounce&k=0
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Keine Datei
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Keine Datei
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default
FF NewTab: about:home
FF Homepage: hxxp://search.conduit.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MA62C3147-8AE0-40E0-918E-AEDF8799F4C5&SearchSource=55&CUI=&UM=5&UP=SP62D14C1F-E9FB-4EFC-B42C-631FD0CBFD66&SSPV=
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-08-05] (DivX, LLC)
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Photoshop CS6\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-22] (Apple Inc.)
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\google-images.xml [2014-12-18]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\google-maps.xml [2014-12-18]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\youtube.xml [2015-11-12]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\{58827B9B-1E67-4411-915F-922793B7986B}.xml [2012-08-26]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\{A31C05CC-0B97-428B-80B9-224FF9550200}.xml [2012-08-26]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\{D3ED56D7-F8F1-4998-87F7-9D409CB38784}.xml [2012-08-26]
FF Extension: NoScript - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-07]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\artur.dubovoy@gmail.com [2016-05-17]
FF Extension: Cliqz - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\cliqz@cliqz.com.xpi [2016-04-19]
FF Extension: Blur - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\donottrackplus@abine.com.xpi [2015-12-17]
FF Extension: tor-flashproxy-badge - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\jid0-1kqApO5BUHwjBQft5BEUXHXZjCA@jetpack.xpi [2016-01-07]
FF Extension: TopLine - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\jid0-uIWxKlEIWnV1103pH2C8N6RsUe0@jetpack.xpi [2012-10-28] [ist nicht signiert]
FF Extension: Mailvelope - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-12-08]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\vdpure@link64.xpi [2016-01-22]
FF Extension: Video DownloadHelper - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-09]
FF Extension: Adblock Plus - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-05-12]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\cliqz@cliqz.com => nicht gefunden

Chrome: 
=======
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Search-Gol Toolbar) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac [2014-07-03] [UpdateUrl: hxxp://img.delta-search.com/ext/chrome/update/update-delta.xml] <==== ACHTUNG
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]
CHR Extension: (Google-Suche) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-17]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-07-03]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-07-03]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-07-03]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-07-03]
CHR Extension: (Google Wallet) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-03]
CHR Extension: (Google Mail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-07-03]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-05-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-05-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-05-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-05-20] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [280008 2016-04-25] (Avira Operations GmbH & Co. KG)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-08-16] (Creative Labs) [Datei ist nicht signiert]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-08-16] (Creative Labs) [Datei ist nicht signiert]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [Datei ist nicht signiert]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-02-14] (Creative Technology Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-05-09] (Plays.tv, LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-11] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-05-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133168 2016-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69888 2016-05-20] (Avira Operations GmbH & Co. KG)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [118608 2016-02-09] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-02-14] (Creative Technology Ltd)
R3 CTHDB; C:\Windows\System32\DRIVERS\CtHDb.sys [23640 2012-02-29] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-20] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-21 00:21 - 2016-05-21 00:21 - 00030520 _____ C:\Users\Ben\Downloads\FRST.txt
2016-05-21 00:21 - 2016-05-21 00:21 - 00000000 ____D C:\FRST
2016-05-21 00:20 - 2016-05-21 00:20 - 02382336 _____ (Farbar) C:\Users\Ben\Downloads\FRST64.exe
2016-05-20 23:08 - 2016-05-21 00:14 - 00001096 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-20 22:59 - 2016-05-20 22:59 - 22851472 _____ (Malwarebytes ) C:\Users\Ben\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-20 20:41 - 2016-05-21 00:14 - 00001132 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-05-20 20:40 - 2016-05-20 20:42 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Avira
2016-05-20 20:38 - 2016-05-20 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-20 20:38 - 2016-05-20 20:42 - 00000000 ____D C:\ProgramData\Avira
2016-05-20 20:38 - 2016-05-20 20:41 - 00154816 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-05-20 20:38 - 2016-05-20 20:41 - 00133168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-05-20 20:38 - 2016-05-20 20:41 - 00069888 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-05-20 20:38 - 2016-05-20 20:41 - 00000000 ____D C:\Program Files (x86)\Avira
2016-05-20 20:38 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-05-15 16:33 - 2016-05-15 16:33 - 00003640 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-05-15 16:31 - 2016-05-15 16:31 - 00025965 _____ C:\ProgramData\1463322708.bdinstall.bin
2016-05-15 05:10 - 2016-05-15 05:10 - 00394940 _____ C:\ProgramData\1463281764.bdinstall.bin
2016-05-15 05:09 - 2016-05-21 00:14 - 00002116 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-05-15 05:09 - 2016-05-15 05:09 - 00253404 ____H C:\bdr-ld02
2016-05-15 05:09 - 2016-05-15 05:09 - 00009216 ____H C:\bdr-ld02.mbr
2016-05-15 05:09 - 2016-05-15 05:09 - 00000684 ____H C:\bdr-cf02
2016-05-15 05:09 - 2016-05-15 05:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-05-15 05:09 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2016-05-15 05:09 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-05-15 05:09 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-05-15 05:09 - 2015-12-15 21:35 - 49760229 ____H C:\bdr-im02.gz
2016-05-15 05:09 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz02
2016-05-15 05:08 - 2016-05-15 05:08 - 00093711 _____ C:\ProgramData\1463281683.bdinstall.bin
2016-05-15 05:07 - 2016-05-15 05:10 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Bitdefender
2016-05-15 05:07 - 2016-05-15 05:07 - 00390241 _____ C:\ProgramData\1463281564.bdinstall.bin
2016-05-15 05:07 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-05-15 05:07 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-05-15 05:07 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2016-05-15 05:06 - 2016-05-15 05:26 - 00000000 ____D C:\ProgramData\Bitdefender
2016-05-15 05:05 - 2016-05-21 00:13 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-05-14 18:18 - 2016-05-14 18:18 - 00000000 ____D C:\Users\Ben\Desktop\AST Fahrwerk
2016-05-13 21:20 - 2016-05-15 03:45 - 00000000 ____D C:\Users\Ben\AppData\Local\AMD
2016-05-13 21:19 - 2016-05-13 21:19 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-05-13 21:18 - 2016-05-13 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2016-05-13 21:17 - 2016-05-13 21:18 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-05-13 21:17 - 2016-05-13 21:17 - 00000000 ____D C:\Program Files (x86)\AMD
2016-05-13 21:10 - 2016-05-13 21:10 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\Ben\Downloads\autodetectutility.exe
2016-05-13 20:04 - 2016-05-13 20:04 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-13 07:13 - 2016-05-21 00:15 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Raptr
2016-05-12 22:32 - 2016-05-12 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV
2016-05-12 07:36 - 2016-05-21 00:15 - 00000000 ____D C:\Users\Ben\AppData\Roaming\PlaysTV
2016-05-12 07:35 - 2016-05-12 07:35 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-05-11 16:52 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 16:52 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 16:52 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 16:52 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 16:52 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 16:52 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 16:52 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 16:52 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 16:52 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 16:52 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 16:52 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 16:52 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 16:52 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 16:52 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 16:52 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 16:52 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 16:52 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 16:52 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 16:52 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 16:52 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 16:52 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 16:52 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 16:52 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 16:52 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 16:52 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 16:52 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 16:52 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 16:52 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 16:52 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 16:52 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 16:52 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 16:52 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 16:52 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 16:52 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 16:52 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 16:52 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 16:52 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 16:52 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 16:52 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 16:52 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 16:52 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 16:52 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 16:52 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 16:52 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 16:52 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 16:52 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 16:52 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 16:52 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 16:52 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 16:52 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 16:52 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 16:52 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 16:52 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 16:52 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 16:52 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 16:52 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 16:52 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 16:52 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 16:52 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 16:52 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 16:52 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 16:52 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 16:52 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 16:52 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 16:52 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 16:52 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 16:52 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 16:52 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 16:52 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 16:52 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 16:52 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 16:52 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 16:52 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 16:52 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 16:52 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 16:52 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 16:52 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 16:52 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 16:52 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 16:52 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 16:52 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 16:52 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 16:52 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 16:52 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 16:52 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 16:52 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 16:52 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 16:52 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 16:52 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 16:52 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 16:52 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 16:52 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 16:52 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 16:52 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 16:52 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 16:52 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-07 11:16 - 2016-05-07 11:16 - 46070258 _____ C:\Users\Ben\Desktop\Prince Ea - A Brand New Ending - YouTube_720p.mp4
2016-05-05 14:35 - 2016-05-05 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-04 18:30 - 2016-05-04 19:39 - 00000000 ____D C:\Users\Public\CineForm
2016-05-04 18:30 - 2016-05-04 19:29 - 00000000 ____D C:\Users\Ben\AppData\Roaming\GoPro
2016-05-04 18:30 - 2016-05-04 18:30 - 00000000 ____D C:\Users\Ben\AppData\Local\GoPro
2016-05-04 18:29 - 2016-05-04 18:29 - 00000000 ____D C:\Program Files (x86)\OpenAL
2016-04-27 21:28 - 2016-04-27 21:28 - 08306382 _____ C:\Users\Ben\Desktop\Infiltrate template.rar
2016-04-25 20:04 - 2014-12-29 21:16 - 00000000 ____D C:\Users\Ben\Desktop\Template

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-21 00:21 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-21 00:21 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-21 00:20 - 2012-09-21 01:34 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Spotify
2016-05-21 00:18 - 2011-04-12 09:43 - 00699432 _____ C:\Windows\system32\perfh007.dat
2016-05-21 00:18 - 2011-04-12 09:43 - 00149572 _____ C:\Windows\system32\perfc007.dat
2016-05-21 00:18 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-21 00:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-21 00:15 - 2015-11-02 20:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-21 00:15 - 2015-03-04 23:19 - 00000000 ___RD C:\Users\Ben\Dropbox
2016-05-21 00:15 - 2014-09-13 14:31 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-05-21 00:15 - 2013-11-27 20:47 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-05-21 00:15 - 2013-09-13 21:51 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-21 00:15 - 2012-09-21 01:34 - 00000000 ____D C:\Users\Ben\AppData\Local\Spotify
2016-05-21 00:15 - 2012-08-17 03:21 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-21 00:15 - 2012-08-16 20:34 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-05-21 00:15 - 2012-08-16 20:34 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-05-21 00:15 - 2009-07-14 06:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-05-21 00:14 - 2016-03-28 20:56 - 00002165 _____ C:\Users\Public\Desktop\Preset Manager 1.0.lnk
2016-05-21 00:14 - 2016-01-12 00:56 - 00001831 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-05-21 00:14 - 2015-03-21 03:54 - 00002168 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-05-21 00:14 - 2014-11-30 20:11 - 00000761 _____ C:\Users\Public\Desktop\Assetto Corsa.lnk
2016-05-21 00:14 - 2014-08-31 01:09 - 00000953 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2016-05-21 00:14 - 2014-04-20 21:02 - 00001101 _____ C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk
2016-05-21 00:14 - 2014-04-13 19:36 - 00001100 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2016-05-21 00:14 - 2013-09-13 21:51 - 00001141 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-21 00:14 - 2013-08-23 01:01 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-21 00:14 - 2013-03-20 21:54 - 00001944 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-05-21 00:14 - 2012-12-25 18:54 - 00000704 _____ C:\Users\Public\Desktop\Winamp.lnk
2016-05-21 00:14 - 2012-09-21 01:34 - 00001779 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-05-21 00:14 - 2012-08-17 00:39 - 00001923 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Avant Browser.lnk
2016-05-21 00:14 - 2012-08-17 00:39 - 00001911 _____ C:\Users\Public\Desktop\Avant Browser.lnk
2016-05-21 00:14 - 2012-08-16 20:38 - 00001321 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-21 00:14 - 2009-07-14 07:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-05-21 00:14 - 2009-07-14 06:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-05-21 00:13 - 2015-10-13 23:16 - 00000941 _____ C:\Users\Ben\Desktop\Magic Bullet Looks.lnk
2016-05-21 00:13 - 2015-03-04 23:19 - 00001009 _____ C:\Users\Ben\Desktop\Drobox.lnk
2016-05-21 00:13 - 2014-12-17 22:53 - 00001827 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Tunatic.lnk
2016-05-21 00:13 - 2014-10-19 19:41 - 00000905 _____ C:\Users\Ben\Desktop\GTR2.lnk
2016-05-21 00:13 - 2014-09-13 15:19 - 00001038 _____ C:\Users\Ben\Desktop\Vegas Pro 13.0 (64-bit).lnk
2016-05-21 00:13 - 2014-07-10 01:26 - 00000783 _____ C:\Users\Ben\Desktop\Zeug vom Desktop.lnk
2016-05-21 00:13 - 2013-11-27 23:49 - 00000924 _____ C:\Users\Ben\Desktop\GIMP.lnk
2016-05-21 00:13 - 2013-03-20 22:03 - 00000763 _____ C:\Users\Ben\Desktop\GTR Evolution.lnk
2016-05-21 00:13 - 2012-12-30 04:03 - 00001563 _____ C:\Users\Ben\Desktop\Counter-Strike Source.lnk
2016-05-21 00:13 - 2012-11-06 22:55 - 00000961 _____ C:\Users\Ben\Desktop\TeamSpeak 3 Client.lnk
2016-05-21 00:13 - 2012-10-03 14:32 - 00000684 _____ C:\Users\Ben\Desktop\Free PDF to Word Doc Converter.lnk
2016-05-21 00:13 - 2012-09-21 01:34 - 00001793 _____ C:\Users\Ben\Desktop\Spotify.lnk
2016-05-21 00:13 - 2012-08-19 16:49 - 00000842 _____ C:\Users\Ben\Desktop\BitLord.lnk
2016-05-21 00:13 - 2012-08-16 21:17 - 00000355 _____ C:\Users\Ben\Desktop\Arbeitsplatz.lnk
2016-05-21 00:13 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-21 00:12 - 2015-12-26 07:38 - 00292677 _____ C:\bdlog.txt
2016-05-21 00:05 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-20 23:38 - 2015-08-15 12:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-20 23:38 - 2015-06-18 18:28 - 00001216 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000UA.job
2016-05-20 23:37 - 2015-03-11 20:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-20 23:08 - 2015-03-11 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-20 23:08 - 2015-03-11 20:43 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-05-20 21:39 - 2012-08-17 03:18 - 00000000 ____D C:\Users\Ben\AppData\Roaming\vlc
2016-05-20 21:00 - 2012-11-06 22:56 - 00000000 ____D C:\Users\Ben\AppData\Roaming\TS3Client
2016-05-20 20:41 - 2013-08-26 11:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-20 19:38 - 2015-06-18 18:28 - 00001164 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000Core.job
2016-05-20 19:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-20 00:30 - 2015-04-14 01:51 - 00000080 _____ C:\Users\Ben\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2016-05-19 19:19 - 2013-10-13 03:43 - 00000000 ____D C:\Users\Ben\Documents\BitLord
2016-05-19 19:19 - 2013-10-13 03:43 - 00000000 ____D C:\Users\Ben\AppData\Roaming\BitLord
2016-05-19 19:15 - 2012-08-19 16:49 - 00000000 _____ C:\Users\Ben\AppData\Roaming\bitlord_log.txt
2016-05-16 21:24 - 2014-02-01 17:31 - 00000213 _____ C:\Users\Ben\Desktop\TO DO! BICHT!!!.txt
2016-05-16 20:18 - 2012-09-01 01:53 - 00000371 _____ C:\Users\Ben\Desktop\TO DO.txt
2016-05-15 05:09 - 2016-02-14 19:14 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-05-15 05:06 - 2016-02-14 19:14 - 00000000 ____D C:\Program Files\Bitdefender
2016-05-15 03:51 - 2014-11-12 01:50 - 00000000 ____D C:\Users\Ben\AppData\LocalLow\boost_interprocess
2016-05-14 04:13 - 2014-04-05 20:01 - 00000000 ____D C:\Users\Ben\Desktop\CS 2014
2016-05-13 21:19 - 2016-03-29 01:26 - 00004230 _____ C:\Windows\System32\Tasks\AMD Updater
2016-05-13 21:17 - 2016-03-29 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-05-13 21:17 - 2013-12-29 21:05 - 00000000 ____D C:\Program Files\AMD
2016-05-13 20:04 - 2015-03-04 23:19 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Dropbox
2016-05-13 07:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-05-13 07:38 - 2015-08-15 12:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-13 07:38 - 2015-07-23 00:54 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 07:38 - 2015-07-23 00:54 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 22:29 - 2012-08-16 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-05-12 22:29 - 2012-08-16 20:56 - 00000000 ____D C:\Program Files (x86)\Creative
2016-05-12 08:09 - 2015-04-15 19:16 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 08:04 - 2014-12-23 18:11 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-12 02:19 - 2014-08-20 22:58 - 00000000 ____D C:\Users\Ben\AppData\Local\Adobe
2016-05-12 00:44 - 2015-05-02 22:15 - 00005528 _____ C:\Users\Ben\Desktop\Kosten.txt
2016-05-11 23:25 - 2012-08-16 20:50 - 00000000 ____D C:\AMD
2016-05-11 22:53 - 2013-07-11 11:30 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 21:51 - 2009-07-14 06:45 - 05050848 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-11 21:50 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 18:01 - 2012-08-16 21:20 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-10 21:58 - 2012-08-16 20:47 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Adobe
2016-05-08 18:39 - 2012-10-28 19:22 - 00000000 ____D C:\Users\Ben\AppData\Local\CrashDumps
2016-05-06 17:46 - 2015-04-04 22:48 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-06 17:46 - 2015-04-04 22:48 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-06 15:06 - 2016-04-14 23:26 - 00000000 ____D C:\Users\Ben\AppData\Local\bvyvavay
2016-05-05 22:28 - 2013-09-13 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-27 21:43 - 2012-08-16 20:53 - 00120496 _____ C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-01-12 00:56 - 2016-01-12 00:56 - 15566737 _____ () C:\Program Files\FileZilla3141.zip
2012-08-19 16:49 - 2016-05-19 19:15 - 0000000 _____ () C:\Users\Ben\AppData\Roaming\bitlord_log.txt
2012-10-13 19:23 - 2013-12-12 01:51 - 0005632 _____ () C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-17 22:30 - 2015-11-17 22:30 - 0000842 _____ () C:\Users\Ben\AppData\Local\recently-used.xbel
2012-09-12 20:33 - 2013-04-21 19:02 - 0007605 _____ () C:\Users\Ben\AppData\Local\resmon.resmoncfg
2015-06-24 02:06 - 2015-06-24 02:06 - 0043682 _____ () C:\Users\Ben\AppData\Local\Tempdivxa6f9
2015-05-19 02:43 - 2015-05-19 02:43 - 0247298 _____ () C:\Users\Ben\AppData\Local\Tempdivxfe74
2016-05-15 05:07 - 2016-05-15 05:07 - 0390241 _____ () C:\ProgramData\1463281564.bdinstall.bin
2016-05-15 05:08 - 2016-05-15 05:08 - 0093711 _____ () C:\ProgramData\1463281683.bdinstall.bin
2016-05-15 05:10 - 2016-05-15 05:10 - 0394940 _____ () C:\ProgramData\1463281764.bdinstall.bin
2016-05-15 16:31 - 2016-05-15 16:31 - 0025965 _____ () C:\ProgramData\1463322708.bdinstall.bin

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Public\AlexaNSISPlugin.6936.dll


Einige Dateien in TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\$avantbrowser$.update.exe
C:\Users\Ben\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Ben\AppData\Local\Temp\avgnt.exe
C:\Users\Ben\AppData\Local\Temp\cdo1138856251.dll
C:\Users\Ben\AppData\Local\Temp\cdo1148406675.dll
C:\Users\Ben\AppData\Local\Temp\cdo1190206193.dll
C:\Users\Ben\AppData\Local\Temp\cdo1268291816.dll
C:\Users\Ben\AppData\Local\Temp\cdo1594728973.dll
C:\Users\Ben\AppData\Local\Temp\cdo1630582100.dll
C:\Users\Ben\AppData\Local\Temp\cdo1650198476.dll
C:\Users\Ben\AppData\Local\Temp\cdo1680738936.dll
C:\Users\Ben\AppData\Local\Temp\cdo2299574333.dll
C:\Users\Ben\AppData\Local\Temp\cdo2334430240.dll
C:\Users\Ben\AppData\Local\Temp\cdo2434732372.dll
C:\Users\Ben\AppData\Local\Temp\cdo2445184739.dll
C:\Users\Ben\AppData\Local\Temp\cdo262939885.dll
C:\Users\Ben\AppData\Local\Temp\cdo272904227.dll
C:\Users\Ben\AppData\Local\Temp\cdo2742429460.dll
C:\Users\Ben\AppData\Local\Temp\cdo2816061061.dll
C:\Users\Ben\AppData\Local\Temp\cdo3019167050.dll
C:\Users\Ben\AppData\Local\Temp\cdo3268099613.dll
C:\Users\Ben\AppData\Local\Temp\cdo340310218.dll
C:\Users\Ben\AppData\Local\Temp\cdo3432201221.dll
C:\Users\Ben\AppData\Local\Temp\cdo3453013635.dll
C:\Users\Ben\AppData\Local\Temp\cdo3505807980.dll
C:\Users\Ben\AppData\Local\Temp\cdo3608878176.dll
C:\Users\Ben\AppData\Local\Temp\cdo374867413.dll
C:\Users\Ben\AppData\Local\Temp\cdo3932243946.dll
C:\Users\Ben\AppData\Local\Temp\cdo3967037980.dll
C:\Users\Ben\AppData\Local\Temp\cdo4045656951.dll
C:\Users\Ben\AppData\Local\Temp\cdo4072745525.dll
C:\Users\Ben\AppData\Local\Temp\cdo521549086.dll
C:\Users\Ben\AppData\Local\Temp\cdo561457612.dll
C:\Users\Ben\AppData\Local\Temp\cdo759103143.dll
C:\Users\Ben\AppData\Local\Temp\cdo865636502.dll
C:\Users\Ben\AppData\Local\Temp\cdo973371756.dll
C:\Users\Ben\AppData\Local\Temp\Cleanup.dll
C:\Users\Ben\AppData\Local\Temp\ddu.exe
C:\Users\Ben\AppData\Local\Temp\difxapi.dll
C:\Users\Ben\AppData\Local\Temp\DivXSetup.exe
C:\Users\Ben\AppData\Local\Temp\msvcm80.dll
C:\Users\Ben\AppData\Local\Temp\msvcp80.dll
C:\Users\Ben\AppData\Local\Temp\msvcr80.dll
C:\Users\Ben\AppData\Local\Temp\playstv_patch.exe
C:\Users\Ben\AppData\Local\Temp\radeon-crimson-16.3.2-minimalsetup.exe
C:\Users\Ben\AppData\Local\Temp\raptrpatch.exe
C:\Users\Ben\AppData\Local\Temp\raptr_stub.exe
C:\Users\Ben\AppData\Local\Temp\tmp4FE3.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-18 07:54

==================== Ende von FRST.txt ============================
         
__________________

Alt 21.05.2016, 00:39   #4
HackedNoob
 
Trojaner "searchprotect" und "tmp00000be1" entfernen - Standard

Trojaner "searchprotect" und "tmp00000be1" entfernen



[CODE]
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:19-05-2016
durchgeführt von Ben (2016-05-21 00:22:14)
Gestartet von C:\Users\Ben\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-16 18:37:21)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2410925410-2808068811-915591143-500 - Administrator - Disabled)
Ben (S-1-5-21-2410925410-2808068811-915591143-1000 - Administrator - Enabled) => C:\Users\Ben
Gast (S-1-5-21-2410925410-2808068811-915591143-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2410925410-2808068811-915591143-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avant Browser (remove only) (HKLM-x32\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{bfb60b68-92b8-481b-b416-7e05b4ea01c9}) (Version: 1.1.61.18979 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.61.18979 - Avira Operations GmbH & Co. KG) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.17.1000 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender)
BitLord 2.1 (HKLM-x32\...\BitLord) (Version: 2.1.1-91 - House of Life)
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Creative Music Server (HKLM-x32\...\Music Server) (Version: 1.01 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16483 - Landesfinanzdirektion Thüringen)
Extended Update (HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\UpdaterEX) (Version:  - ) <==== ACHTUNG
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
FilmConvert Pro 2.1 AE (HKLM\...\{CC62E726-2E52-4E16-9AF5-8991119A3667}) (Version: 2.12 - Rubber Monkey Software)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Pdf Perfect Prereq (HKLM-x32\...\{8a8f0ec0-a24b-4eb8-b811-2cf05c4d1c85}) (Version: 1.1.0.80 - Covus Freemium GmbH)
Free Pdf Perfect Prereq (x32 Version: 1.1.0.80 - Covus Freemium GmbH) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks)
Logitech Gaming Software 8.78 (HKLM\...\Logitech Gaming Software) (Version: 8.78.129 - Logitech Inc.)
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{E7676EF4-3896-4B7E-B030-1356EEC477CE}) (Version: 11.4.4 - Red Giant)
Magic Bullet Suite 64-bit (Version: 11.4.4 - Red Giant) Hidden
MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Motorola Driver Installation 3.2.0 (HKLM\...\{A7B9041E-9635-4AFF-BB1E-EFAF490A231B}) (Version: 3.2.0 - Motorola Inc.)
Motorola Phone Tools (HKLM-x32\...\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}) (Version: 4.60 - Avanquest Software)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi-Card Reader & Flash Disk (HKLM-x32\...\{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC9}) (Version: 1.00.0000 - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Pinnacle VideoSpin (HKLM-x32\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.10.1-r112682-release - Plays.tv, LLC)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.0-r112326-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Sonic Foundry Preset Manager 1.0 (HKLM-x32\...\{7266C898-F9CB-4122-9452-2AA1DACE245E}) (Version: 1.0.73 - Sonic Foundry)
Sound Blaster Recon3D PCIe (HKLM-x32\...\{F380C602-98E8-49AB-8C3F-8A73BACA45DD}) (Version: 1.00.22 - Creative Technology Limited)
Sound Blaster Recon3D PCIe Extras (HKLM-x32\...\{204FCF73-1450-407D-BCF9-1233EC5F5787}) (Version: 1.0 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Steam(TM) (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Test Drive Unlimited (HKLM-x32\...\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}) (Version: 1.00.0000 - Atari)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{CE92F061-BFBC-11E3-8FF3-F04DA23A5C58}) (Version: 13.0.290 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1-3) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (Version: 1.0.3.1 - LunarG, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {047D8A27-C9C0-4509-B54B-0DAAE60A46CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {108EC6FD-E65D-4308-A188-EAC5ABBB8E77} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {1D70820A-630E-4F59-82B4-BF7CF33CECF1} - \ProtectedSearch\Protected Search -> Keine Datei <==== ACHTUNG
Task: {2439EA23-D503-4688-8E37-FBFA8EB9AD95} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-30] (Bitdefender)
Task: {3169177F-2AA2-4BEF-BCC6-B0D125EB68A2} - System32\Tasks\{A9CE6C82-5B6C-4C81-9C82-F507E1E7B46A} => c:\program files (x86)\avant browser\avant.exe [2016-01-04] (Avant Force)
Task: {5E002749-4D84-4067-A8DF-04F377230DC6} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {5E7983E5-5405-40E6-AE09-95A1217116F8} - System32\Tasks\{3AAAF176-F7EF-41D0-AFD3-9F269021114C} => pcalua.exe -a C:\Users\Ben\Downloads\winessentials2012-all.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {72547DC8-E3C9-4B18-93FE-F570C6E6321F} - \Browser Updater\Browser Updater -> Keine Datei <==== ACHTUNG
Task: {8D528501-7480-4A00-86D1-D12981FF9E0B} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {96E7E24E-45B0-4A1A-8C08-D03C85F54B46} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000Core => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {C9D881A2-1624-42AF-9730-0C1C0E03AA6D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000UA => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {DB598486-F771-4C91-BDF3-6B16D26723ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {E3D8DC2C-B845-49CA-85F1-FE7A92BE57E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000Core.job => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000UA.job => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-05-15 05:09 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-05-15 05:09 - 2016-05-09 11:29 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
2016-05-15 05:09 - 2016-05-09 11:29 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
2016-05-15 05:09 - 2016-05-09 11:29 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
2016-05-15 05:09 - 2016-05-09 11:29 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
2015-10-16 12:02 - 2015-10-16 12:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2012-08-19 01:01 - 2014-06-28 22:53 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-03-19 22:09 - 2012-03-19 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-01-06 21:43 - 2016-01-06 21:43 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-01-06 21:43 - 2016-01-06 21:43 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 22:46 - 2015-11-24 22:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 22:46 - 2015-11-24 22:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 22:57 - 2015-12-07 22:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2015-03-12 13:39 - 2016-04-28 00:44 - 47503472 _____ () C:\Users\Ben\AppData\Roaming\Spotify\libcef.dll
2015-12-12 13:39 - 2016-04-19 21:47 - 00034768 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-05-13 20:04 - 2016-04-19 21:48 - 00019408 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-05-13 20:04 - 2016-04-19 21:47 - 00116688 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 13:39 - 2016-04-19 21:47 - 00093640 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 13:39 - 2016-04-19 21:47 - 00018376 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 13:39 - 2016-05-07 00:35 - 00019760 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00105928 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-05-13 20:04 - 2016-04-19 21:47 - 00392144 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 13:39 - 2016-05-07 00:35 - 00381752 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 13:39 - 2016-04-19 21:47 - 00692688 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00020816 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 13:39 - 2016-04-19 21:48 - 00121296 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 01682760 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00020808 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 13:39 - 2016-05-07 00:35 - 00021840 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00038696 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-05-13 20:04 - 2016-04-19 21:49 - 00020936 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00024528 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00114640 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00124880 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-19 21:39 - 2016-05-07 00:35 - 00021832 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00024016 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00175560 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00030160 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00043472 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00028616 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00048592 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00026456 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00057808 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00024016 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00117056 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00052024 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-12 13:39 - 2016-04-19 21:47 - 00134608 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-05-13 20:04 - 2016-04-19 21:47 - 00134088 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-05-13 20:04 - 2016-04-19 21:48 - 00240584 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-02-19 21:39 - 2016-05-07 00:35 - 00020800 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-19 21:39 - 2016-05-07 00:35 - 00021824 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-19 21:39 - 2016-05-07 00:35 - 00019776 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-19 21:39 - 2016-05-07 00:35 - 00020800 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00024392 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-05-13 20:04 - 2016-04-19 21:50 - 00036296 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\librsync.dll
2016-05-13 20:04 - 2016-05-07 00:34 - 00020280 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 13:39 - 2016-05-07 00:35 - 00023376 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00350152 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-19 21:39 - 2016-05-07 00:35 - 00022352 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00084280 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-05-13 20:04 - 2016-05-07 00:34 - 01826096 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 13:39 - 2016-04-19 21:48 - 00083912 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\sip.pyd
2016-05-13 20:04 - 2016-05-07 00:35 - 03928880 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 01971504 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00531248 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-05-13 20:04 - 2016-05-07 00:35 - 00132912 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-05-13 20:04 - 2016-05-07 00:35 - 00223544 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00207672 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00060880 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32print.pyd
2015-12-12 13:39 - 2016-05-07 00:35 - 00024904 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-05-13 20:04 - 2016-05-07 00:35 - 00546096 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-05-13 20:04 - 2016-05-07 00:35 - 00357680 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2012-02-23 12:56 - 2012-02-23 12:56 - 00593920 _____ () C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\de-DE\SBRnPCIe.resources.dll
2015-03-12 13:39 - 2016-04-28 00:44 - 01584240 _____ () C:\Users\Ben\AppData\Roaming\Spotify\libglesv2.dll
2015-03-12 13:39 - 2016-04-28 00:44 - 00082032 _____ () C:\Users\Ben\AppData\Roaming\Spotify\libegl.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-10-21 22:29 - 2015-10-21 22:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-10-21 22:29 - 2015-10-21 22:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2011-05-10 21:01 - 2011-05-10 21:01 - 00030208 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\simplejson._speedups.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd
2015-06-27 01:09 - 2015-06-27 01:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pythoncom26.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32com.shell.shell.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_sqlite3.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00387072 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sqlite3.dll
2015-10-21 22:29 - 2015-10-21 22:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlc.dll
2015-10-21 22:29 - 2015-10-21 22:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlccore.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32file.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 00216064 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKitWidgets.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 00118784 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKit.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 00199680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtPrintSupport.pyd
2015-06-27 01:09 - 2015-06-27 01:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\amd_ags.dll
2015-11-24 22:47 - 2015-11-24 22:47 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32com.shell.shell.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\unicodedata.pyd
2015-10-21 22:29 - 2015-10-21 22:29 - 00027667 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libdirectsound_plugin.dll
2015-10-21 22:29 - 2015-10-21 22:29 - 00031251 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libwaveout_plugin.dll
2015-10-21 22:29 - 2015-10-21 22:29 - 00066579 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\video_output\libdirectdraw_plugin.dll
2016-05-09 23:02 - 2016-05-09 23:02 - 02619144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\ltc_host_ex.DLL
2010-11-23 00:57 - 2010-11-23 00:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2016-04-19 19:08 - 2016-04-19 19:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2010-11-23 01:06 - 2010-11-23 01:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Ben\Downloads\autodetectutility.exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Downloads\LGS_8.78.129_x64_Logitech.exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Downloads\mbam-setup-2.2.1.1043.exe:BDU [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-05-21 00:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2410925410-2808068811-915591143-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 80.69.96.12 - 81.210.129.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{82260939-98DA-4CF5-9C00-9AFA5E95AA50}] => (Allow) C:\Users\Ben\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{25154B17-4D55-4FE8-8E67-FCD87680A227}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{628A90DC-41D2-444F-A67F-E1BD8E4F0E41}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8F23AC69-6661-4809-9743-AF44604219F2}] => (Allow) LPort=2869
FirewallRules: [{4832E087-A6A2-4E70-B1A2-E0B398DACAFE}] => (Allow) LPort=1900
FirewallRules: [{1922A093-3790-4EC7-A53A-6CADAE8A44C5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E99B4A98-D497-414D-9FD1-5884C0234449}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{73212083-FF94-47C4-8E36-3440751A49BC}D:\programme\bitlord 2\bitlord files\bitlord.exe] => (Allow) D:\programme\bitlord 2\bitlord files\bitlord.exe
FirewallRules: [UDP Query User{D6D56F54-6194-46B0-ACA7-2E4B12A0F787}D:\programme\bitlord 2\bitlord files\bitlord.exe] => (Allow) D:\programme\bitlord 2\bitlord files\bitlord.exe
FirewallRules: [TCP Query User{206CF8F8-DC43-4B9D-9704-95CB89DFA822}C:\games\gta 4\gta 4eflc\eflc.exe] => (Allow) C:\games\gta 4\gta 4eflc\eflc.exe
FirewallRules: [UDP Query User{CF287F40-8FC9-4BE4-A0F1-CB8931BA45FD}C:\games\gta 4\gta 4eflc\eflc.exe] => (Allow) C:\games\gta 4\gta 4eflc\eflc.exe
FirewallRules: [{393B2B65-7498-446E-9454-31AF969079A6}] => (Allow) C:\Games\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{2A4F1161-4EAB-445E-B3B0-83FCEE695245}] => (Allow) C:\Games\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{45AC98BB-E418-4060-979A-CC8CDECBFFAC}] => (Allow) C:\Games\GTA 4\EFLC\LaunchEFLC.exe
FirewallRules: [{541DBC10-74B6-4AD2-AE3F-C380AE5A2C9F}] => (Allow) C:\Games\GTA 4\EFLC\LaunchEFLC.exe
FirewallRules: [{11A821F3-0F61-4472-835D-D3252B192DA2}] => (Allow) C:\Games\Battlefield 3\Battlefield 3\bf3.exe
FirewallRules: [{5F3835D6-4C80-4333-BC5A-08C34ED914EB}] => (Allow) C:\Games\Battlefield 3\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{41B15344-3A5A-4636-9C3F-35DA75AF76B3}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A8AE8963-A576-47D4-98F6-DEDB80BC85B8}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6FB41EF5-9FAB-4581-B977-1689EC9AA7EF}D:\games\testdriveunlimited.exe] => (Allow) D:\games\testdriveunlimited.exe
FirewallRules: [UDP Query User{64387FEB-814E-4783-B293-7A5B606EECF7}D:\games\testdriveunlimited.exe] => (Allow) D:\games\testdriveunlimited.exe
FirewallRules: [TCP Query User{FEEE3324-D95D-467A-9D64-BCFEB5CDE67A}C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe] => (Allow) C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe
FirewallRules: [UDP Query User{FF0A685C-670E-438D-9F26-DD577A62366E}C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe] => (Allow) C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe
FirewallRules: [TCP Query User{AEFFE17A-1F00-4847-A1EF-F493A03005F5}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3AE65D60-5D1B-47CE-9586-7C55D5EC00D2}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5BB8176F-A8A6-4DE3-B257-D8C3F3A80DC0}] => (Allow) D:\Games\Counterstrike Source\Steam.exe
FirewallRules: [{3087D8F2-2770-4EB3-93FA-1CB8D9EBE2BA}] => (Allow) D:\Games\Counterstrike Source\Steam.exe
FirewallRules: [{7910C34F-3285-45AA-BFD7-FAD0D88395F3}] => (Allow) D:\Games\Counterstrike Source\SteamApps\benda88\counter-strike source\hl2.exe
FirewallRules: [{94D2A57D-B23E-4A9C-AAB7-8C1D21B4D964}] => (Allow) D:\Games\Counterstrike Source\SteamApps\benda88\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{14C97613-0E21-4D44-9852-CF90EC1611D7}D:\programme\bitlord 2\bitlord files\bitlord.exe] => (Allow) D:\programme\bitlord 2\bitlord files\bitlord.exe
FirewallRules: [UDP Query User{2BA87064-65EA-4D89-8EB7-DA85FFB26328}D:\programme\bitlord 2\bitlord files\bitlord.exe] => (Allow) D:\programme\bitlord 2\bitlord files\bitlord.exe
FirewallRules: [TCP Query User{04BD9203-48D0-43FB-ADB5-3B4BEEFAC68D}D:\programme\winamp\winamp.exe] => (Allow) D:\programme\winamp\winamp.exe
FirewallRules: [UDP Query User{97B7F389-B7F6-4E29-816C-B6AFF4B0851F}D:\programme\winamp\winamp.exe] => (Allow) D:\programme\winamp\winamp.exe
FirewallRules: [{5E377E07-10F7-4290-834F-BE58812E6F76}] => (Block) D:\programme\winamp\winamp.exe
FirewallRules: [{FE01EF9E-1888-4F86-816C-13FEC81B8906}] => (Block) D:\programme\winamp\winamp.exe
FirewallRules: [{9EB42E62-BF36-468A-AD79-7BFA198420FB}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{0E8F294B-AA4C-4C0C-A89A-8DCB2B379F97}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [TCP Query User{AD4C25ED-3062-4A43-972C-A164F892CA4A}D:\games\testdrive unlimited\testdriveunlimited.exe] => (Allow) D:\games\testdrive unlimited\testdriveunlimited.exe
FirewallRules: [UDP Query User{03D42D7C-D749-47C3-A115-92052FC7BA6C}D:\games\testdrive unlimited\testdriveunlimited.exe] => (Allow) D:\games\testdrive unlimited\testdriveunlimited.exe
FirewallRules: [{C5E1FB36-5032-4614-AEE7-111A4A869A4D}] => (Allow) C:\Program Files (x86)\HomeTab\ProtectedSearch.exe
FirewallRules: [{87AA13B1-170B-4425-A1D4-2301676480F2}] => (Allow) C:\Program Files (x86)\HomeTab\ProtectedSearch.exe
FirewallRules: [{473BC8D5-B3DC-4067-BCEC-857EE4923E13}] => (Allow) C:\Program Files (x86)\HomeTab\TBUpdater.dll
FirewallRules: [{C298F8E5-CEA7-43A9-B81E-137211018874}] => (Allow) C:\Program Files (x86)\HomeTab\TBUpdater.dll
FirewallRules: [{DDFA1555-97C2-46B0-9EA2-F23A325CBE60}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{16B8A47D-851E-4B3B-B421-09DE3FBAF84A}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{0BABDB57-3DB9-4296-8910-3C3A458E26C3}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{C42BDDA3-6536-4111-B58A-A4DC604596D4}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{2E552CE9-5D38-4D4B-9261-9D0479D260E6}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{EA72BB57-06FA-43A8-809F-A8E0BD324793}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{85327394-1EA3-41C3-8295-882DA9AABA80}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{59E3AD89-526E-4CE5-A319-A0FD621B228B}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{E024DEBB-03E5-47CA-B70E-92766CED54DE}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{3ABAA23A-8BFB-4EB2-8DA1-82123A967CF1}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [TCP Query User{5874D941-0FC7-42EF-8050-2C2DCC96B2D0}D:\games\driver by r.g recoding\driver san francisco\driver.exe] => (Allow) D:\games\driver by r.g recoding\driver san francisco\driver.exe
FirewallRules: [UDP Query User{68DB7F72-1DD4-4DCF-91BE-72184861371D}D:\games\driver by r.g recoding\driver san francisco\driver.exe] => (Allow) D:\games\driver by r.g recoding\driver san francisco\driver.exe
FirewallRules: [{9ACC3141-D46C-4D44-A2DB-1BD3E96D978C}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{885550AC-3588-4E68-B087-C790349D8D90}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{2BE45B6C-8AD5-44E9-81D1-AF5402FBF669}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DADD3DCA-1071-472C-92A9-E64CA531B2C9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F917194D-DDAD-4861-95EA-9DEFC1FEDE99}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{094439D1-78A6-4465-BA4F-0AF00A70C56A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E528D144-291B-47AE-B1A7-438F69209663}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{9414D52A-356D-4445-AF87-65B2F30D3EDB}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{47DAECFD-815F-49A6-8F87-D70715039F47}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{C06619D5-7B86-42D5-AE32-FC84F9C87B28}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{7A120E79-F033-4AA1-A9FF-615F241D0D66}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\RM.exe
FirewallRules: [{8A374DED-2F2B-4F9E-AF22-9C454D7F1CCE}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\RM.exe
FirewallRules: [{EDCCE99B-1EA3-47CE-A180-32C6A54CB100}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\umi.exe
FirewallRules: [{25280AF1-DB85-4D61-A3EB-2666FEE353F6}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\umi.exe
FirewallRules: [{DAFA6341-541B-4258-89DC-21E508D66D0C}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe
FirewallRules: [{1B92803D-78EE-4CA3-917A-54A56465E2D7}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe
FirewallRules: [{197BADFC-8B73-4AEC-B698-81FB4A986367}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4BB326BF-F30F-473A-B678-121F376A2CAC}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A6405B9B-8E9C-4C96-B865-ED3BB17D5B35}] => (Allow) D:\Games\Counterstrike Source\bin\steamwebhelper.exe
FirewallRules: [{15F40517-A2A2-417E-A022-14C5740432A3}] => (Allow) D:\Games\Counterstrike Source\bin\steamwebhelper.exe
FirewallRules: [{81E16F13-F192-4E70-A1C3-997E8C7EBFC2}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{2BBE5E67-77A6-4186-9DF8-FBC55AE854AC}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{3C063478-BCEF-4476-9EBC-2A5E4FE4E773}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{5CC72709-3E1A-4EB0-B840-F286F819C1D5}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{DD965C84-3B6D-4725-B883-4324E8C77DC9}] => (Allow) C:\Program Files (x86)\Lightworks\Lightworks.exe
FirewallRules: [{9DB1D22C-05A8-4712-A437-9B0B47EB855D}] => (Allow) C:\Program Files (x86)\Lightworks\Lightworks.exe
FirewallRules: [{6913B43D-9873-4FBB-B769-1A82F9F15375}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{691A9809-E0E6-443C-B66D-3F95929112B8}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{3C5FFFA2-1690-4AF5-923A-3455D97B987D}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{C81672B3-E8B7-4F92-B618-BA3F20058B0B}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{28FE4EA2-EC33-4F6A-9C64-412962B618BA}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{1C26F5D9-7121-4C1D-97DD-B5F8D311F2B9}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [TCP Query User{5FB64045-55F3-4905-9CFE-2BC184BEAD15}G:\games\assetto corsa\acs.exe] => (Allow) G:\games\assetto corsa\acs.exe
FirewallRules: [UDP Query User{0A3FA8DF-6667-4D0F-B51B-D5A10AA30E69}G:\games\assetto corsa\acs.exe] => (Allow) G:\games\assetto corsa\acs.exe
FirewallRules: [{237FCB0F-7306-470C-9EF6-FB3973916181}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E0450BC-05C4-483E-8F71-31642CD5145F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B94E786B-2B31-4018-A9E2-CABDE7FA9381}] => (Allow) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F39379B5-8A6C-4A8F-AF86-FB60705DEB9F}] => (Allow) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{692FB58F-7447-47AF-AFBE-468926958B4C}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{EDA28318-E5DF-4C2C-B95D-CEB4B21AF016}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{21D44B44-2146-4C8D-952B-F032F505A26E}D:\games\counterstrike source\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\counterstrike source\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{27E6EA01-198F-4D61-A04F-8CCEF56F6594}D:\games\counterstrike source\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\counterstrike source\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{01F55C7A-CE01-4CD8-B34D-66EE1F235B3C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{BEC734A2-5A94-47DB-9023-6865E154C06F}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{772F2A32-23D0-4CF1-9990-26E68FB7AF1D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{3F46ADF1-FC33-442F-83B3-ADFFA3655183}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{D4AC49EE-A302-441E-944B-DFBB845C72D3}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{AC5B96E9-3181-45A3-8DC9-866DFF01A97C}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{BFBFE7AD-DC80-4191-A1A1-FE127D60855A}] => (Block) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{0A3F3D33-B641-4E8C-8939-0AA423B31C71}] => (Block) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{495B296D-931F-4890-8686-77CC51E21F4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7B108BE5-D3BB-4FCC-A009-DAC30E3A342A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{24B5DB29-7B0B-4004-A38B-6E91FB5403F0}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{A23EC090-1F9D-44E5-8AFC-FC1E787F5764}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{2D753C63-80CC-420A-9EA7-0EEB52A36DBD}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{BEB9B362-B23E-41B7-9F83-584EAAB333FC}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{27B604C1-5D3C-4A20-8B24-E73A3D26D894}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{361501C3-EF2F-4CA3-BA08-CA1F0B1F4703}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B4D90F43-B272-4298-98BF-D2790D44E0B3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{B2187E78-48B7-4D95-9904-D50A4B212B83}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{3B402AEC-BC41-41D3-AB15-E5F484850458}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{C347660E-084E-4C67-B862-147417EF0B2A}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/12/2016 07:52:19 AM) (Source: MsiInstaller) (EventID: 1024) (User: Ben-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F104E4700}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/08/2016 06:39:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DivX Player.exe, Version: 11.3.10.75, Zeitstempel: 0x55ce1f99
Name des fehlerhaften Moduls: DMFContainer.dll, Version: 1.5.0.3, Zeitstempel: 0x55cd83fd
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0008cc21
ID des fehlerhaften Prozesses: 0x1d30
Startzeit der fehlerhaften Anwendung: 0xDivX Player.exe0
Pfad der fehlerhaften Anwendung: DivX Player.exe1
Pfad des fehlerhaften Moduls: DivX Player.exe2
Berichtskennung: DivX Player.exe3

Error: (05/08/2016 06:39:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DivX Player.exe, Version: 11.3.10.75, Zeitstempel: 0x55ce1f99
Name des fehlerhaften Moduls: DMFContainer.dll, Version: 1.5.0.3, Zeitstempel: 0x55cd83fd
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0008cc21
ID des fehlerhaften Prozesses: 0x990
Startzeit der fehlerhaften Anwendung: 0xDivX Player.exe0
Pfad der fehlerhaften Anwendung: DivX Player.exe1
Pfad des fehlerhaften Moduls: DivX Player.exe2
Berichtskennung: DivX Player.exe3

Error: (05/05/2016 07:40:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GTA5.exe, Version: 1.0.678.1, Zeitstempel: 0x56e2b38c
Name des fehlerhaften Moduls: GTA5.exe, Version: 1.0.678.1, Zeitstempel: 0x56e2b38c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000664856
ID des fehlerhaften Prozesses: 0x1f70
Startzeit der fehlerhaften Anwendung: 0xGTA5.exe0
Pfad der fehlerhaften Anwendung: GTA5.exe1
Pfad des fehlerhaften Moduls: GTA5.exe2
Berichtskennung: GTA5.exe3

Error: (04/04/2016 07:47:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Spotify.exe, Version 1.0.25.127 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e10

Startzeit: 01d18e99f23f6467

Endzeit: 0

Anwendungspfad: C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe

Berichts-ID: 4a812025-fa8d-11e5-92eb-bc5ff44945d9

Error: (03/28/2016 04:09:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm csgo.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15f4

Startzeit: 01d188fb213b5fbe

Endzeit: 121

Anwendungspfad: D:\Games\Counterstrike Source\steamapps\common\Counter-Strike Global Offensive\csgo.exe

Berichts-ID:

Error: (03/25/2016 02:57:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GTA5.exe, Version: 1.0.678.1, Zeitstempel: 0x56e2b38c
Name des fehlerhaften Moduls: GTA5.exe, Version: 1.0.678.1, Zeitstempel: 0x56e2b38c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000359135b
ID des fehlerhaften Prozesses: 0x141c
Startzeit der fehlerhaften Anwendung: 0xGTA5.exe0
Pfad der fehlerhaften Anwendung: GTA5.exe1
Pfad des fehlerhaften Moduls: GTA5.exe2
Berichtskennung: GTA5.exe3

Error: (03/19/2016 08:50:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm vlc.exe, Version 2.2.1.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1838

Startzeit: 01d1821010e13c8a

Endzeit: 5

Anwendungspfad: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Berichts-ID:

Error: (03/19/2016 03:17:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avant.exe, Version: 12.5.0.0, Zeitstempel: 0x5689f08e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19160, Zeitstempel: 0x56bcd51f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002f644
ID des fehlerhaften Prozesses: 0x1230
Startzeit der fehlerhaften Anwendung: 0xavant.exe0
Pfad der fehlerhaften Anwendung: avant.exe1
Pfad des fehlerhaften Moduls: avant.exe2
Berichtskennung: avant.exe3

Error: (03/09/2016 10:06:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm csgo.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2bc

Startzeit: 01d17a3f110dce49

Endzeit: 11

Anwendungspfad: D:\Games\Counterstrike Source\steamapps\common\Counter-Strike Global Offensive\csgo.exe

Berichts-ID:


Systemfehler:
=============
Error: (05/21/2016 12:13:22 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.

Error: (05/20/2016 11:19:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎05.‎2016 um 23:17:31 unerwartet heruntergefahren.

Error: (05/20/2016 08:56:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Search Protect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/20/2016 07:10:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DealPly Live-Dienst (dealplylive)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/20/2016 01:12:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DealPly Live-Dienst (dealplylive)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/20/2016 12:32:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DealPly Live-Dienst (dealplylive)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/20/2016 12:30:03 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎05.‎2016 um 00:28:27 unerwartet heruntergefahren.

Error: (05/19/2016 07:04:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DealPly Live-Dienst (dealplylive)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/18/2016 11:41:35 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/18/2016 10:57:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DealPly Live-Dienst (dealplylive)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


CodeIntegrity:
===================================
  Date: 2014-10-14 06:39:27.577
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 06:39:27.576
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 06:39:27.574
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 06:39:27.572
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 06:39:27.571
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 06:39:27.570
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:27:08.619
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:27:08.618
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:27:08.617
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:27:08.615
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 16279.03 MB
Verfügbarer physikalischer RAM: 11072.17 MB
Summe virtueller Speicher: 32556.25 MB
Verfügbarer virtueller Speicher: 26384.65 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:70.36 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:503.98 GB) NTFS
Drive f: (20141018_012547) (CDROM) (Total:5.36 GB) (Free:0 GB) UDF
Drive g: (Extern) (Fixed) (Total:1863.01 GB) (Free:646.34 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A357D397)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 038D8719)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 21.05.2016, 15:00   #5
HackedNoob
 
Trojaner "searchprotect" und "tmp00000be1" entfernen - Standard

Trojaner "searchprotect" und "tmp00000be1" entfernen



[CODE]
Code:
ATTFilter
00:22:30.0046 0x1248  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
00:22:36.0330 0x1248  ============================================================
00:22:36.0330 0x1248  Current date / time: 2016/05/21 00:22:36.0330
00:22:36.0330 0x1248  SystemInfo:
00:22:36.0330 0x1248  
00:22:36.0330 0x1248  OS Version: 6.1.7601 ServicePack: 1.0
00:22:36.0330 0x1248  Product type: Workstation
00:22:36.0330 0x1248  ComputerName: BEN-PC
00:22:36.0331 0x1248  UserName: Ben
00:22:36.0331 0x1248  Windows directory: C:\Windows
00:22:36.0331 0x1248  System windows directory: C:\Windows
00:22:36.0331 0x1248  Running under WOW64
00:22:36.0331 0x1248  Processor architecture: Intel x64
00:22:36.0331 0x1248  Number of processors: 8
00:22:36.0331 0x1248  Page size: 0x1000
00:22:36.0331 0x1248  Boot type: Normal boot
00:22:36.0331 0x1248  ============================================================
00:22:36.0792 0x1248  KLMD registered as C:\Windows\system32\drivers\26090604.sys
00:22:37.0051 0x1248  System UUID: {BF8E2337-2640-B207-E1C8-CFCF4EA1BC0F}
00:22:37.0529 0x1248  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:22:37.0530 0x1248  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:22:37.0533 0x1248  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C0F00000 ( 1863.01 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:22:37.0535 0x1248  ============================================================
00:22:37.0535 0x1248  \Device\Harddisk1\DR1:
00:22:37.0535 0x1248  MBR partitions:
00:22:37.0535 0x1248  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
00:22:37.0535 0x1248  \Device\Harddisk0\DR0:
00:22:37.0535 0x1248  MBR partitions:
00:22:37.0535 0x1248  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:22:37.0535 0x1248  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000
00:22:37.0535 0x1248  \Device\Harddisk2\DR2:
00:22:37.0535 0x1248  MBR partitions:
00:22:37.0535 0x1248  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
00:22:37.0535 0x1248  ============================================================
00:22:37.0537 0x1248  C: <-> \Device\Harddisk0\DR0\Partition2
00:22:37.0561 0x1248  D: <-> \Device\Harddisk1\DR1\Partition1
00:22:37.0994 0x1248  G: <-> \Device\Harddisk2\DR2\Partition1
00:22:37.0994 0x1248  ============================================================
00:22:37.0994 0x1248  Initialize success
00:22:37.0994 0x1248  ============================================================
00:26:53.0252 0x1050  ============================================================
00:26:53.0252 0x1050  Scan started
00:26:53.0252 0x1050  Mode: Manual; SigCheck; TDLFS; 
00:26:53.0252 0x1050  ============================================================
00:26:53.0252 0x1050  KSN ping started
00:26:56.0114 0x1050  KSN ping finished: true
00:26:56.0373 0x1050  ================ Scan system memory ========================
00:26:56.0373 0x1050  System memory - ok
00:26:56.0374 0x1050  ================ Scan services =============================
00:26:56.0399 0x1050  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
00:26:56.0443 0x1050  1394ohci - ok
00:26:56.0458 0x1050  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:26:56.0471 0x1050  ACPI - ok
00:26:56.0473 0x1050  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:26:56.0487 0x1050  AcpiPmi - ok
00:26:56.0494 0x1050  [ 36114214BF8D7C464D1E92E4EB6B2DD3, 8E7CB266D4ABCDF332A3D4D341753811D51B72985E36F24A7E757DCA11A65A2A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:26:56.0509 0x1050  AdobeARMservice - ok
00:26:56.0526 0x1050  [ 6A050671F2C76FB48131F12786802807, 71B37A9CEAE5AB1B069FB010BC547E14445461885B74FA879E63F9F2DAF644A5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:26:56.0550 0x1050  AdobeFlashPlayerUpdateSvc - ok
00:26:56.0560 0x1050  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:26:56.0575 0x1050  adp94xx - ok
00:26:56.0583 0x1050  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:26:56.0598 0x1050  adpahci - ok
00:26:56.0604 0x1050  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:26:56.0614 0x1050  adpu320 - ok
00:26:56.0618 0x1050  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:26:56.0628 0x1050  AeLookupSvc - ok
00:26:56.0639 0x1050  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
00:26:56.0654 0x1050  AFD - ok
00:26:56.0658 0x1050  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
00:26:56.0667 0x1050  agp440 - ok
00:26:56.0670 0x1050  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
00:26:56.0680 0x1050  ALG - ok
00:26:56.0683 0x1050  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:26:56.0691 0x1050  aliide - ok
00:26:56.0698 0x1050  [ 4220D92C6A757BF67C0E65D61D9F7BE8, E06104B89FB991C28FE212B7DAEAB20C42910E2AF77FD9379192DD881A0B5995 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:26:56.0713 0x1050  AMD External Events Utility - ok
00:26:56.0716 0x1050  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
00:26:56.0724 0x1050  amdide - ok
00:26:56.0727 0x1050  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
00:26:56.0737 0x1050  AmdK8 - ok
00:26:56.0740 0x1050  amdkmdag - ok
00:26:56.0754 0x1050  [ 1FE14B9C86B8C17F741BE4619CD2E421, 3036BCAE66661A8EBA7A902C0A4FC17CCF75FE5481714F11B72110B2E5F8B131 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
00:26:56.0773 0x1050  amdkmdap - ok
00:26:56.0777 0x1050  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
00:26:56.0787 0x1050  AmdPPM - ok
00:26:56.0791 0x1050  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:26:56.0800 0x1050  amdsata - ok
00:26:56.0806 0x1050  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
00:26:56.0817 0x1050  amdsbs - ok
00:26:56.0819 0x1050  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:26:56.0828 0x1050  amdxata - ok
00:26:56.0850 0x1050  [ 37CD9EB03B36D8329F96BA921470DB54, 0CD3BFBA51F84D83E3B208D2BED7CE8E91B447B2037014663EC7CB8E5A925201 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
00:26:56.0888 0x1050  AntiVirMailService - ok
00:26:56.0899 0x1050  [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:26:56.0919 0x1050  AntiVirSchedulerService - ok
00:26:56.0929 0x1050  [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:26:56.0949 0x1050  AntiVirService - ok
00:26:56.0973 0x1050  [ 1F5CC3C23E10290A3FF9CAA74AA30D07, A4F1F3465A5E0A914EE5A4FEF4A6B639956BA04B7145EF68820BC2A15DEE4162 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
00:26:57.0010 0x1050  AntiVirWebService - ok
00:26:57.0015 0x1050  [ 6474F8823C7188D2DA579F01FB6CED6B, 81D4E9D026CA60FB8840D520D151B8C2F4745A75DF90A4D6C80641F1A23AB605 ] AppID           C:\Windows\system32\drivers\appid.sys
00:26:57.0027 0x1050  AppID - ok
00:26:57.0030 0x1050  [ 8F58BA1F7772D6D7CE45F03309608001, CDB109E0DD241042C058F7D81A1BDEBC34435CB2DC4A7A7A3692193DD5806097 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:26:57.0040 0x1050  AppIDSvc - ok
00:26:57.0048 0x1050  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
00:26:57.0058 0x1050  Appinfo - ok
00:26:57.0062 0x1050  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
00:26:57.0071 0x1050  arc - ok
00:26:57.0075 0x1050  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:26:57.0085 0x1050  arcsas - ok
00:26:57.0093 0x1050  [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:26:57.0105 0x1050  aspnet_state - ok
00:26:57.0108 0x1050  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:26:57.0129 0x1050  AsyncMac - ok
00:26:57.0132 0x1050  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
00:26:57.0140 0x1050  atapi - ok
00:26:57.0145 0x1050  [ E265A0DFE19E601D604D469CC53076EE, B6142D9D550C2464336A67DA520C9E56C81ED20529A90A33C22704EE7518C137 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
00:26:57.0155 0x1050  AtiHDAudioService - ok
00:26:57.0168 0x1050  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:26:57.0187 0x1050  AudioEndpointBuilder - ok
00:26:57.0199 0x1050  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:26:57.0217 0x1050  AudioSrv - ok
00:26:57.0244 0x1050  [ 2E81F74AB70EDC4B14EB6F1EED7D4E9E, 829ACFA43743E757DE8907D1B111AE3B6030AF8C981AC7B3F3646B2180AF127E ] avc3            C:\Windows\system32\DRIVERS\avc3.sys
00:26:57.0278 0x1050  avc3 - ok
00:26:57.0296 0x1050  [ 32612167C1BF3F6B41BFF12FEF3E5E4C, 87E6BC09894CA005556F8759495AB5C62E33C8B104526A052681553A36AAE370 ] avckf           C:\Windows\system32\DRIVERS\avckf.sys
00:26:57.0317 0x1050  avckf - ok
00:26:57.0324 0x1050  [ 742D578C28F6F58B8B576F91A1D8EB4E, 6C49EC198E67CE40728F0C19CB2BDCB59310BA59324F58E4D456DA2C8CC28BA6 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
00:26:57.0333 0x1050  avgntflt - ok
00:26:57.0338 0x1050  [ FBC2483AD62FBC8BD76A4254C50874BA, 04398AB0221535DD5D0A1AF6CA107F815CD607E668E2E7887D061FCED7373728 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
00:26:57.0348 0x1050  avipbb - ok
00:26:57.0355 0x1050  [ 125DFFF37D51A45A72934C3BF89A64CD, 19208A6544DC822D5010C835A6FA5E8AC5406CBFB277C4C9E034EF6309B113EE ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
00:26:57.0371 0x1050  Avira.ServiceHost - ok
00:26:57.0375 0x1050  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
00:26:57.0382 0x1050  avkmgr - ok
00:26:57.0386 0x1050  [ 7FDC860B34BDFFDFCE98622F81F24FA9, 3EF774A7F2EB741633611400161B6D4F642F9357BF6E957E14E70D1645BE6466 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
00:26:57.0395 0x1050  avnetflt - ok
00:26:57.0399 0x1050  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:26:57.0415 0x1050  AxInstSV - ok
00:26:57.0417 0x1050  b06bdrv - ok
00:26:57.0424 0x1050  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:26:57.0437 0x1050  b57nd60a - ok
00:26:57.0442 0x1050  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:26:57.0453 0x1050  BDESVC - ok
00:26:57.0459 0x1050  [ F662FA5B57F6BAD1022814A49C6E3733, 8B0A9BF9AF18769BAC67138037F3D167F195AE932DD417A8393D0D8A760CA9B2 ] bdfwfpf         C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
00:26:57.0469 0x1050  bdfwfpf - ok
00:26:57.0473 0x1050  [ D8FAF7CFBC81E5E15CA7A7EC8EE1B409, 75E60DF2147DFB109E628FDF80EB1BFA5360E5935BB9237B67053588F906E1B1 ] BDVEDISK        C:\Windows\system32\DRIVERS\bdvedisk.sys
00:26:57.0482 0x1050  BDVEDISK - ok
00:26:57.0485 0x1050  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:26:57.0506 0x1050  Beep - ok
00:26:57.0519 0x1050  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
00:26:57.0538 0x1050  BFE - ok
00:26:57.0553 0x1050  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
00:26:57.0586 0x1050  BITS - ok
00:26:57.0590 0x1050  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:26:57.0599 0x1050  blbdrive - ok
00:26:57.0603 0x1050  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:26:57.0613 0x1050  bowser - ok
00:26:57.0616 0x1050  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
00:26:57.0626 0x1050  BrFiltLo - ok
00:26:57.0629 0x1050  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
00:26:57.0639 0x1050  BrFiltUp - ok
00:26:57.0643 0x1050  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
00:26:57.0655 0x1050  Browser - ok
00:26:57.0661 0x1050  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:26:57.0675 0x1050  Brserid - ok
00:26:57.0678 0x1050  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:26:57.0689 0x1050  BrSerWdm - ok
00:26:57.0691 0x1050  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:26:57.0702 0x1050  BrUsbMdm - ok
00:26:57.0705 0x1050  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:26:57.0714 0x1050  BrUsbSer - ok
00:26:57.0717 0x1050  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
00:26:57.0729 0x1050  BTHMODEM - ok
00:26:57.0733 0x1050  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
00:26:57.0756 0x1050  bthserv - ok
00:26:57.0761 0x1050  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:26:57.0784 0x1050  cdfs - ok
00:26:57.0788 0x1050  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:26:57.0799 0x1050  cdrom - ok
00:26:57.0804 0x1050  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
00:26:57.0826 0x1050  CertPropSvc - ok
00:26:57.0829 0x1050  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
00:26:57.0840 0x1050  circlass - ok
00:26:57.0848 0x1050  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
00:26:57.0862 0x1050  CLFS - ok
00:26:57.0866 0x1050  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:26:57.0881 0x1050  clr_optimization_v2.0.50727_32 - ok
00:26:57.0886 0x1050  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:26:57.0896 0x1050  clr_optimization_v2.0.50727_64 - ok
00:26:57.0903 0x1050  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:26:57.0926 0x1050  clr_optimization_v4.0.30319_32 - ok
00:26:57.0930 0x1050  [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:26:57.0948 0x1050  clr_optimization_v4.0.30319_64 - ok
00:26:57.0951 0x1050  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
00:26:57.0960 0x1050  CmBatt - ok
00:26:57.0963 0x1050  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:26:57.0971 0x1050  cmdide - ok
00:26:57.0981 0x1050  [ CA3FB5A6B626D8A00A89E049CF95954E, CD5E3E40972513195108BA46CEC1D0AEA6B09A67EEBDD17EB759BD1729B07C06 ] CNG             C:\Windows\system32\Drivers\cng.sys
00:26:57.0999 0x1050  CNG - ok
00:26:58.0002 0x1050  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
00:26:58.0010 0x1050  Compbatt - ok
00:26:58.0013 0x1050  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
00:26:58.0024 0x1050  CompositeBus - ok
00:26:58.0026 0x1050  COMSysApp - ok
00:26:58.0041 0x1050  [ F08C6020E57F5E5BF2FD034DB10BEDFB, 288EA64A57057EAD135685F2C46CA53BA0319EA28B7B7A2ECBE29E50ED807FCA ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
00:26:58.0064 0x1050  cphs - ok
00:26:58.0067 0x1050  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
00:26:58.0075 0x1050  crcdisk - ok
00:26:58.0080 0x1050  [ C8BD651E13895B93ED9EC5B4F1DF42BC, D86D6BF0BA3C09B49B3A52C86A7F3B3856A27F79EDD86A8FFA469D9A5F196E8D ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
00:26:58.0091 0x1050  Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
00:26:59.0678 0x07f4  Object required for P2P: [ 6A050671F2C76FB48131F12786802807 ] AdobeFlashPlayerUpdateSvc
00:27:00.0371 0x05a8  Object required for P2P: [ 2E81F74AB70EDC4B14EB6F1EED7D4E9E ] avc3
00:27:00.0800 0x1050  Detect skipped due to KSN trusted
00:27:00.0800 0x1050  Creative ALchemy AL6 Licensing Service - ok
00:27:00.0803 0x1050  [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
00:27:00.0814 0x1050  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
00:27:02.0380 0x07f4  Object send P2P result: true
00:27:02.0381 0x07f4  Object required for P2P: [ 1FE14B9C86B8C17F741BE4619CD2E421 ] amdkmdap
00:27:03.0073 0x05a8  Object send P2P result: true
00:27:03.0073 0x05a8  Object required for P2P: [ 32612167C1BF3F6B41BFF12FEF3E5E4C ] avckf
00:27:03.0411 0x1050  Detect skipped due to KSN trusted
00:27:03.0411 0x1050  Creative Audio Engine Licensing Service - ok
00:27:03.0417 0x1050  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:27:03.0430 0x1050  CryptSvc - ok
00:27:03.0440 0x1050  [ EDBA1382E5D7D1E71442B43E170CF8D4, 10E7A90FDC8498EBB8043A4B8BAD14104E68EBAE91149C5D1C1660E0D73995C9 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
00:27:03.0460 0x1050  CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
00:27:05.0069 0x07f4  Object send P2P result: true
00:27:05.0069 0x07f4  Object required for P2P: [ 37CD9EB03B36D8329F96BA921470DB54 ] AntiVirMailService
00:27:05.0769 0x05a8  Object send P2P result: true
00:27:05.0769 0x05a8  Object required for P2P: [ 125DFFF37D51A45A72934C3BF89A64CD ] Avira.ServiceHost
00:27:06.0153 0x1050  Detect skipped due to KSN trusted
00:27:06.0153 0x1050  CTAudSvcService - ok
00:27:06.0171 0x1050  [ CBACE8DFA420B78DD2225CAEA798612D, 392FD8BB32275B35C6706675C0C945566AFA47D7BDD2D7CC33092655D462F11B ] cthda           C:\Windows\system32\drivers\cthda.sys
00:27:06.0193 0x1050  cthda - ok
00:27:06.0198 0x1050  [ 3E43F0C5456ECA8A3F083804FAD1C405, BDFFDB61D90792C1C16407D72E9CC005A1A51B278AEAB438D7AB5562377634B8 ] CtHdaSvc        C:\Windows\sysWow64\CtHdaSvc.exe
00:27:06.0214 0x1050  CtHdaSvc - ok
00:27:06.0217 0x1050  [ D02C0CA5A3461CEDDD90B5CAE8FA4B6E, 3E1CFADADC1331474156F3099308E81062D9F7D39DBB413636473D919CBBBDD3 ] CTHDB           C:\Windows\system32\DRIVERS\CtHDb.sys
00:27:06.0225 0x1050  CTHDB - ok
00:27:06.0236 0x1050  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:27:06.0253 0x1050  DcomLaunch - ok
00:27:06.0260 0x1050  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
00:27:06.0286 0x1050  defragsvc - ok
00:27:06.0290 0x1050  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:27:06.0311 0x1050  DfsC - ok
00:27:06.0319 0x1050  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:27:06.0332 0x1050  Dhcp - ok
00:27:06.0356 0x1050  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
00:27:06.0384 0x1050  DiagTrack - ok
00:27:06.0387 0x1050  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
00:27:06.0409 0x1050  discache - ok
00:27:06.0413 0x1050  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
00:27:06.0422 0x1050  Disk - ok
00:27:06.0427 0x1050  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:27:06.0439 0x1050  Dnscache - ok
00:27:06.0445 0x1050  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:27:06.0469 0x1050  dot3svc - ok
00:27:06.0475 0x1050  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
00:27:06.0497 0x1050  DPS - ok
00:27:06.0500 0x1050  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:27:06.0508 0x1050  drmkaud - ok
00:27:06.0515 0x1050  [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:27:06.0526 0x1050  dtsoftbus01 - ok
00:27:06.0543 0x1050  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:27:06.0564 0x1050  DXGKrnl - ok
00:27:06.0569 0x1050  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
00:27:06.0591 0x1050  EapHost - ok
00:27:06.0637 0x1050  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
00:27:06.0689 0x1050  ebdrv - ok
00:27:06.0694 0x1050  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] EFS             C:\Windows\System32\lsass.exe
00:27:06.0704 0x1050  EFS - ok
00:27:06.0718 0x1050  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:27:06.0737 0x1050  ehRecvr - ok
00:27:06.0741 0x1050  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
00:27:06.0753 0x1050  ehSched - ok
00:27:06.0763 0x1050  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
00:27:06.0779 0x1050  elxstor - ok
00:27:06.0781 0x1050  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:27:06.0791 0x1050  ErrDev - ok
00:27:06.0803 0x1050  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
00:27:06.0830 0x1050  EventSystem - ok
00:27:06.0839 0x1050  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
00:27:06.0862 0x1050  exfat - ok
00:27:06.0868 0x1050  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:27:06.0892 0x1050  fastfat - ok
00:27:06.0905 0x1050  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
00:27:06.0924 0x1050  Fax - ok
00:27:06.0928 0x1050  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
00:27:06.0937 0x1050  fdc - ok
00:27:06.0940 0x1050  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
00:27:06.0962 0x1050  fdPHost - ok
00:27:06.0965 0x1050  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:27:06.0988 0x1050  FDResPub - ok
00:27:06.0991 0x1050  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:27:07.0001 0x1050  FileInfo - ok
00:27:07.0004 0x1050  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:27:07.0026 0x1050  Filetrace - ok
00:27:07.0028 0x1050  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
00:27:07.0038 0x1050  flpydisk - ok
00:27:07.0045 0x1050  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:27:07.0057 0x1050  FltMgr - ok
00:27:07.0077 0x1050  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
00:27:07.0103 0x1050  FontCache - ok
00:27:07.0107 0x1050  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:27:07.0119 0x1050  FontCache3.0.0.0 - ok
00:27:07.0122 0x1050  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:27:07.0132 0x1050  FsDepends - ok
00:27:07.0135 0x1050  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:27:07.0143 0x1050  Fs_Rec - ok
00:27:07.0149 0x1050  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:27:07.0162 0x1050  fvevol - ok
00:27:07.0165 0x1050  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
00:27:07.0174 0x1050  gagp30kx - ok
00:27:07.0189 0x1050  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
00:27:07.0222 0x1050  gpsvc - ok
00:27:07.0229 0x1050  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:27:07.0246 0x1050  gusvc - ok
00:27:07.0251 0x1050  [ E4B7F2553A127E86E11343ED15320A99, A4EA52DF5D24EF8210192669934D3D0DD1A0E4CCAAD014D52F58D58A9D3C886A ] gzflt           C:\Windows\system32\DRIVERS\gzflt.sys
00:27:07.0263 0x1050  gzflt - ok
00:27:07.0266 0x1050  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:27:07.0274 0x1050  hcw85cir - ok
00:27:07.0282 0x1050  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:27:07.0296 0x1050  HdAudAddService - ok
00:27:07.0301 0x1050  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
00:27:07.0313 0x1050  HDAudBus - ok
00:27:07.0316 0x1050  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
00:27:07.0327 0x1050  HidBatt - ok
00:27:07.0335 0x1050  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
00:27:07.0347 0x1050  HidBth - ok
00:27:07.0350 0x1050  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
00:27:07.0360 0x1050  HidIr - ok
00:27:07.0363 0x1050  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
00:27:07.0385 0x1050  hidserv - ok
00:27:07.0388 0x1050  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:27:07.0397 0x1050  HidUsb - ok
00:27:07.0401 0x1050  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:27:07.0424 0x1050  hkmsvc - ok
00:27:07.0430 0x1050  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:27:07.0443 0x1050  HomeGroupListener - ok
00:27:07.0448 0x1050  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:27:07.0461 0x1050  HomeGroupProvider - ok
00:27:07.0465 0x1050  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:27:07.0474 0x1050  HpSAMD - ok
00:27:07.0488 0x1050  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:27:07.0508 0x1050  HTTP - ok
00:27:07.0510 0x1050  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:27:07.0518 0x1050  hwpolicy - ok
00:27:07.0522 0x1050  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
00:27:07.0533 0x1050  i8042prt - ok
00:27:07.0542 0x1050  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:27:07.0556 0x1050  iaStorV - ok
00:27:07.0560 0x1050  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:27:07.0624 0x1050  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
00:27:07.0782 0x07f4  Object send P2P result: true
00:27:08.0481 0x05a8  Object send P2P result: true
00:27:10.0221 0x1050  Detect skipped due to KSN trusted
00:27:10.0221 0x1050  IDriverT - ok
00:27:10.0247 0x1050  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:27:10.0279 0x1050  idsvc - ok
00:27:10.0284 0x1050  IEEtwCollectorService - ok
00:27:10.0498 0x1050  [ 371D7F91C0D2314EB984A4A6CBEABC92, DD4B04308596C1E6C75B8772D4421137F3A83285DBCFD4DF54166D2B0B45A317 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
00:27:10.0712 0x1050  igfx - ok
00:27:10.0730 0x1050  [ 357FCAD00EF02194519D54270849B032, ED2ACF63DD8A1F5C4B846C6F51336CA3B2170BA15A4E95739CCEFD8D6FEA3522 ] ignis           C:\Windows\system32\DRIVERS\ignis.sys
00:27:10.0745 0x1050  ignis - ok
00:27:10.0748 0x1050  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
00:27:10.0757 0x1050  iirsp - ok
00:27:10.0773 0x1050  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
00:27:10.0794 0x1050  IKEEXT - ok
00:27:10.0798 0x1050  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
00:27:10.0806 0x1050  intelide - ok
00:27:10.0809 0x1050  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:27:10.0819 0x1050  intelppm - ok
00:27:10.0823 0x1050  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:27:10.0846 0x1050  IPBusEnum - ok
00:27:10.0849 0x1050  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:27:10.0871 0x1050  IpFilterDriver - ok
00:27:10.0882 0x1050  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:27:10.0899 0x1050  iphlpsvc - ok
00:27:10.0903 0x1050  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:27:10.0913 0x1050  IPMIDRV - ok
00:27:10.0917 0x1050  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:27:10.0940 0x1050  IPNAT - ok
00:27:10.0943 0x1050  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:27:10.0954 0x1050  IRENUM - ok
00:27:10.0957 0x1050  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:27:10.0965 0x1050  isapnp - ok
00:27:10.0972 0x1050  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:27:10.0983 0x1050  iScsiPrt - ok
00:27:10.0986 0x1050  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:27:10.0995 0x1050  kbdclass - ok
00:27:10.0998 0x1050  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:27:11.0007 0x1050  kbdhid - ok
00:27:11.0010 0x1050  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] KeyIso          C:\Windows\system32\lsass.exe
00:27:11.0020 0x1050  KeyIso - ok
00:27:11.0024 0x1050  [ 0878723427BA190E5ABA5AA0112FA4D4, E332C83D3F4DF71761AA3DAC2C721FC2029F71ECC88A66E175BA56510855C4D4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:27:11.0033 0x1050  KSecDD - ok
00:27:11.0038 0x1050  [ C08CCCE2BE68D04E6C142614736959DA, AEC0AFC5C28DDC14DD6918BB6E236FA1C85CC30D69DA9AE40F9962D88248040F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:27:11.0048 0x1050  KSecPkg - ok
00:27:11.0051 0x1050  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:27:11.0071 0x1050  ksthunk - ok
00:27:11.0079 0x1050  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:27:11.0106 0x1050  KtmRm - ok
00:27:11.0112 0x1050  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:27:11.0136 0x1050  LanmanServer - ok
00:27:11.0141 0x1050  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:27:11.0164 0x1050  LanmanWorkstation - ok
00:27:11.0168 0x1050  [ 17325C9B9ADB2BB99049936D0C9812C8, 70ADDC85FD5757BC9C4B97F382B25A19851FF8275021FFC04A81E208A604F83E ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
00:27:11.0181 0x1050  LGBusEnum - ok
00:27:11.0193 0x1050  [ 2D7F1C02B94D6F0F3E10107E5EA8E141, 93B266F38C3C3EAAB475D81597ABBD7CC07943035068BB6FD670DBBE15DE0131 ] LGCoreTemp      C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
00:27:11.0201 0x1050  LGCoreTemp - ok
00:27:11.0205 0x1050  [ C7AF05942E041D4B1F345ACF79993BB3, E8FAAE356C99A11F6CF17640FD9C67F87AFBFEFB70C458CB85178F2AD94DF848 ] LGJoyXlCore     C:\Windows\system32\drivers\LGJoyXlCore.sys
00:27:11.0217 0x1050  LGJoyXlCore - ok
00:27:11.0219 0x1050  [ 1DDB8DE3D6EEF31EDCF4977B2D2FAACC, 24291B522A596E2D9A1CDAC192DB1C7422D5DD0E87E5C8A5F5E2CAA90296BF23 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
00:27:11.0230 0x1050  LGVirHid - ok
00:27:11.0233 0x1050  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:27:11.0255 0x1050  lltdio - ok
00:27:11.0262 0x1050  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:27:11.0288 0x1050  lltdsvc - ok
00:27:11.0292 0x1050  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:27:11.0314 0x1050  lmhosts - ok
00:27:11.0320 0x1050  [ 6A854F3F93AAE34005A3C2EB21B2256C, 71FF43EEFAB7FD9E79C75E5E78F813FEF6F4E906CC52A8A7EFEF3E64C3D96A1F ] LogiRegistryService C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
00:27:11.0331 0x1050  LogiRegistryService - ok
00:27:11.0336 0x1050  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
00:27:11.0346 0x1050  LSI_FC - ok
00:27:11.0349 0x1050  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
00:27:11.0359 0x1050  LSI_SAS - ok
00:27:11.0362 0x1050  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
00:27:11.0370 0x1050  LSI_SAS2 - ok
00:27:11.0375 0x1050  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
00:27:11.0384 0x1050  LSI_SCSI - ok
00:27:11.0388 0x1050  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
00:27:11.0410 0x1050  luafv - ok
00:27:11.0414 0x1050  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
00:27:11.0422 0x1050  MBAMProtector - ok
00:27:11.0447 0x1050  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
00:27:11.0481 0x1050  MBAMScheduler - ok
00:27:11.0502 0x1050  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
00:27:11.0532 0x1050  MBAMService - ok
00:27:11.0536 0x1050  [ 452ACB7A9914398D9E18CCCFFCF92208, 754AF45C19731C356E7E84497B04E0333759AC86DC553BA275EFC09845E43E4D ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
00:27:11.0547 0x1050  MBAMWebAccessControl - ok
00:27:11.0551 0x1050  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:27:11.0562 0x1050  Mcx2Svc - ok
00:27:11.0565 0x1050  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
00:27:11.0574 0x1050  megasas - ok
00:27:11.0581 0x1050  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
00:27:11.0594 0x1050  MegaSR - ok
00:27:11.0598 0x1050  [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
00:27:11.0606 0x1050  MEIx64 - ok
00:27:11.0611 0x1050  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:27:11.0624 0x1050  Microsoft Office Groove Audit Service - ok
00:27:11.0627 0x1050  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
00:27:11.0650 0x1050  MMCSS - ok
00:27:11.0653 0x1050  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
00:27:11.0675 0x1050  Modem - ok
00:27:11.0678 0x1050  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:27:11.0690 0x1050  monitor - ok
00:27:11.0693 0x1050  [ CBF48C75743F9A2E027410C49FF64F07, BA170C4264BC6E3D2C3C0F883ED7E612136CF93BD402915F6F42EA28BF9A07F3 ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
00:27:11.0704 0x1050  motccgp - ok
00:27:11.0706 0x1050  [ D3D91686ADE9E75CD749E1C0757D9245, 3089A004BE9A4DE10FF077BFE702A6CF6A4C2BED4B5A15C722F26E6FCDF60DA7 ] motccgpfl       C:\Windows\system32\DRIVERS\motccgpfl.sys
00:27:11.0716 0x1050  motccgpfl - ok
00:27:11.0719 0x1050  [ 940F4DA752E28E6C4B1090D21AEB7B80, D775B926F32B0A014C234DD703281AD71FD0ECEABA35AC5B354077BFEFC17497 ] motmodem        C:\Windows\system32\DRIVERS\motmodem.sys
00:27:11.0729 0x1050  motmodem - ok
00:27:11.0732 0x1050  [ EBD05F60CAFC5BBA2602B8D7101082D3, 9144E1E7C4DD6150C0E97B4C628DE0216ED372062F5F0FB216C81CAF93DBBF07 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
00:27:11.0742 0x1050  MotoSwitchService - ok
00:27:11.0745 0x1050  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:27:11.0753 0x1050  mouclass - ok
00:27:11.0757 0x1050  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:27:11.0766 0x1050  mouhid - ok
00:27:11.0770 0x1050  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:27:11.0779 0x1050  mountmgr - ok
00:27:11.0784 0x1050  [ FC9A9C09B35A93F76A03D5E355FA862C, B7ED57B9D39D547BA2927FC5F02C2475BF131FDB8AD40FFDE72C966506756B56 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:27:11.0800 0x1050  MozillaMaintenance - ok
00:27:11.0805 0x1050  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:27:11.0815 0x1050  mpio - ok
00:27:11.0819 0x1050  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:27:11.0841 0x1050  mpsdrv - ok
00:27:11.0856 0x1050  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:27:11.0888 0x1050  MpsSvc - ok
00:27:11.0893 0x1050  [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:27:11.0905 0x1050  MRxDAV - ok
00:27:11.0910 0x1050  [ 035C0A9A63DF3F3A52B90D8F6BF0F166, F409C8A31156E31A6D16D2B34EEE3098CE0D76A4DB7B49810EDDA2E2E19B2E26 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:27:11.0921 0x1050  mrxsmb - ok
00:27:11.0928 0x1050  [ 8308FC2E9147D7632221E3279BB14660, 3051FF91493FD03B7EDD4EDB23B2DE8DD7E03D46E231BC5925502BE98E78B1CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:27:11.0941 0x1050  mrxsmb10 - ok
00:27:11.0945 0x1050  [ 1F8DA4ECAEA7E2BCD97E738795817431, FBEF64C7067F5AFF864EF7E220C8A47AC43EB0BFD9A4E4C908F9D9D159AC5139 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:27:11.0956 0x1050  mrxsmb20 - ok
00:27:11.0959 0x1050  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:27:11.0967 0x1050  msahci - ok
00:27:11.0972 0x1050  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:27:11.0982 0x1050  msdsm - ok
00:27:11.0986 0x1050  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
00:27:11.0998 0x1050  MSDTC - ok
00:27:12.0003 0x1050  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:27:12.0025 0x1050  Msfs - ok
00:27:12.0028 0x1050  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:27:12.0049 0x1050  mshidkmdf - ok
00:27:12.0051 0x1050  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:27:12.0059 0x1050  msisadrv - ok
00:27:12.0064 0x1050  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:27:12.0088 0x1050  MSiSCSI - ok
00:27:12.0090 0x1050  msiserver - ok
00:27:12.0093 0x1050  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:27:12.0114 0x1050  MSKSSRV - ok
00:27:12.0117 0x1050  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:27:12.0137 0x1050  MSPCLOCK - ok
00:27:12.0140 0x1050  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:27:12.0161 0x1050  MSPQM - ok
00:27:12.0168 0x1050  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:27:12.0182 0x1050  MsRPC - ok
00:27:12.0186 0x1050  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
00:27:12.0195 0x1050  mssmbios - ok
00:27:12.0197 0x1050  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:27:12.0218 0x1050  MSTEE - ok
00:27:12.0221 0x1050  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
00:27:12.0230 0x1050  MTConfig - ok
00:27:12.0233 0x1050  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
00:27:12.0242 0x1050  Mup - ok
00:27:12.0251 0x1050  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
00:27:12.0278 0x1050  napagent - ok
00:27:12.0285 0x1050  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:27:12.0301 0x1050  NativeWifiP - ok
00:27:12.0317 0x1050  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:27:12.0338 0x1050  NDIS - ok
00:27:12.0342 0x1050  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:27:12.0363 0x1050  NdisCap - ok
00:27:12.0365 0x1050  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:27:12.0387 0x1050  NdisTapi - ok
00:27:12.0390 0x1050  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:27:12.0411 0x1050  Ndisuio - ok
00:27:12.0416 0x1050  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:27:12.0438 0x1050  NdisWan - ok
00:27:12.0441 0x1050  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:27:12.0462 0x1050  NDProxy - ok
00:27:12.0466 0x1050  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:27:12.0487 0x1050  NetBIOS - ok
00:27:12.0494 0x1050  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:27:12.0518 0x1050  NetBT - ok
00:27:12.0521 0x1050  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] Netlogon        C:\Windows\system32\lsass.exe
00:27:12.0531 0x1050  Netlogon - ok
00:27:12.0540 0x1050  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
00:27:12.0566 0x1050  Netman - ok
00:27:12.0573 0x1050  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:27:12.0591 0x1050  NetMsmqActivator - ok
00:27:12.0595 0x1050  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:27:12.0608 0x1050  NetPipeActivator - ok
00:27:12.0618 0x1050  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
00:27:12.0645 0x1050  netprofm - ok
00:27:12.0650 0x1050  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:27:12.0664 0x1050  NetTcpActivator - ok
00:27:12.0668 0x1050  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:27:12.0682 0x1050  NetTcpPortSharing - ok
00:27:12.0685 0x1050  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
00:27:12.0693 0x1050  nfrd960 - ok
00:27:12.0700 0x1050  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:27:12.0714 0x1050  NlaSvc - ok
00:27:12.0717 0x1050  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:27:12.0738 0x1050  Npfs - ok
00:27:12.0741 0x1050  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
00:27:12.0763 0x1050  nsi - ok
00:27:12.0765 0x1050  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:27:12.0786 0x1050  nsiproxy - ok
00:27:12.0812 0x1050  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:27:12.0846 0x1050  Ntfs - ok
00:27:12.0850 0x1050  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
00:27:12.0870 0x1050  Null - ok
00:27:12.0875 0x1050  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:27:12.0886 0x1050  nvraid - ok
00:27:12.0891 0x1050  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:27:12.0901 0x1050  nvstor - ok
00:27:12.0905 0x1050  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:27:12.0915 0x1050  nv_agp - ok
00:27:12.0925 0x1050  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:27:12.0946 0x1050  odserv - ok
00:27:12.0950 0x1050  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:27:12.0961 0x1050  ohci1394 - ok
00:27:12.0965 0x1050  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:27:12.0980 0x1050  ose - ok
00:27:12.0988 0x1050  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:27:13.0002 0x1050  p2pimsvc - ok
00:27:13.0011 0x1050  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
00:27:13.0027 0x1050  p2psvc - ok
00:27:13.0031 0x1050  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
00:27:13.0042 0x1050  Parport - ok
00:27:13.0045 0x1050  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:27:13.0054 0x1050  partmgr - ok
00:27:13.0059 0x1050  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:27:13.0072 0x1050  PcaSvc - ok
00:27:13.0077 0x1050  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
00:27:13.0088 0x1050  pci - ok
00:27:13.0095 0x1050  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
00:27:13.0102 0x1050  pciide - ok
00:27:13.0108 0x1050  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
00:27:13.0119 0x1050  pcmcia - ok
00:27:13.0122 0x1050  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:27:13.0131 0x1050  pcw - ok
00:27:13.0143 0x1050  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:27:13.0161 0x1050  PEAUTH - ok
00:27:13.0176 0x1050  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:27:13.0188 0x1050  PerfHost - ok
00:27:13.0213 0x1050  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
00:27:13.0252 0x1050  pla - ok
00:27:13.0262 0x1050  [ BDBD132ECB9FC08F8E2490BB8F62F9ED, F1574179393D1408568EC463311679E702BDAC904FAB85B47983AF3544C96064 ] PlaysService    C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
00:27:13.0274 0x1050  PlaysService - ok
00:27:13.0282 0x1050  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:27:13.0297 0x1050  PlugPlay - ok
00:27:13.0300 0x1050  PnkBstrA - ok
00:27:13.0303 0x1050  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:27:13.0312 0x1050  PNRPAutoReg - ok
00:27:13.0320 0x1050  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:27:13.0334 0x1050  PNRPsvc - ok
00:27:13.0344 0x1050  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:27:13.0370 0x1050  PolicyAgent - ok
00:27:13.0376 0x1050  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
00:27:13.0401 0x1050  Power - ok
00:27:13.0406 0x1050  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:27:13.0427 0x1050  PptpMiniport - ok
00:27:13.0431 0x1050  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
00:27:13.0440 0x1050  Processor - ok
00:27:13.0459 0x1050  [ 2DC4BE7BA723BC70D22597A3CF061125, 31013F2F51E1FD1B66403EF1BED6FC2E6722C3737F274E88A4660CF35A40192D ] ProductAgentService C:\Program Files\Bitdefender Agent\ProductAgentService.exe
00:27:13.0487 0x1050  ProductAgentService - ok
00:27:13.0493 0x1050  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:27:13.0506 0x1050  ProfSvc - ok
00:27:13.0509 0x1050  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:27:13.0518 0x1050  ProtectedStorage - ok
00:27:13.0522 0x1050  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:27:13.0544 0x1050  Psched - ok
00:27:13.0570 0x1050  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
00:27:13.0598 0x1050  ql2300 - ok
00:27:13.0603 0x1050  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
00:27:13.0612 0x1050  ql40xx - ok
00:27:13.0618 0x1050  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
00:27:13.0633 0x1050  QWAVE - ok
00:27:13.0637 0x1050  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:27:13.0649 0x1050  QWAVEdrv - ok
00:27:13.0652 0x1050  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:27:13.0673 0x1050  RasAcd - ok
00:27:13.0677 0x1050  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:27:13.0698 0x1050  RasAgileVpn - ok
00:27:13.0702 0x1050  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
00:27:13.0725 0x1050  RasAuto - ok
00:27:13.0729 0x1050  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:27:13.0751 0x1050  Rasl2tp - ok
00:27:13.0759 0x1050  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
00:27:13.0784 0x1050  RasMan - ok
00:27:13.0789 0x1050  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:27:13.0810 0x1050  RasPppoe - ok
00:27:13.0814 0x1050  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:27:13.0836 0x1050  RasSstp - ok
00:27:13.0843 0x1050  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:27:13.0866 0x1050  rdbss - ok
00:27:13.0869 0x1050  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
00:27:13.0880 0x1050  rdpbus - ok
00:27:13.0882 0x1050  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:27:13.0903 0x1050  RDPCDD - ok
00:27:13.0906 0x1050  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:27:13.0927 0x1050  RDPENCDD - ok
00:27:13.0930 0x1050  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:27:13.0951 0x1050  RDPREFMP - ok
00:27:13.0957 0x1050  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:27:13.0969 0x1050  RDPWD - ok
00:27:13.0975 0x1050  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:27:13.0985 0x1050  rdyboost - ok
00:27:13.0990 0x1050  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:27:14.0012 0x1050  RemoteAccess - ok
00:27:14.0017 0x1050  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:27:14.0041 0x1050  RemoteRegistry - ok
00:27:14.0045 0x1050  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:27:14.0067 0x1050  RpcEptMapper - ok
00:27:14.0070 0x1050  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
00:27:14.0080 0x1050  RpcLocator - ok
00:27:14.0090 0x1050  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
00:27:14.0106 0x1050  RpcSs - ok
00:27:14.0110 0x1050  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:27:14.0132 0x1050  rspndr - ok
00:27:14.0143 0x1050  [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
00:27:14.0158 0x1050  RTL8167 - ok
00:27:14.0161 0x1050  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] SamSs           C:\Windows\system32\lsass.exe
00:27:14.0170 0x1050  SamSs - ok
00:27:14.0174 0x1050  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:27:14.0184 0x1050  sbp2port - ok
00:27:14.0194 0x1050  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:27:14.0218 0x1050  SCardSvr - ok
00:27:14.0221 0x1050  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:27:14.0241 0x1050  scfilter - ok
00:27:14.0261 0x1050  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
00:27:14.0286 0x1050  Schedule - ok
00:27:14.0290 0x1050  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:27:14.0311 0x1050  SCPolicySvc - ok
00:27:14.0316 0x1050  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:27:14.0328 0x1050  SDRSVC - ok
00:27:14.0331 0x1050  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:27:14.0342 0x1050  secdrv - ok
00:27:14.0345 0x1050  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
00:27:14.0355 0x1050  seclogon - ok
00:27:14.0359 0x1050  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
00:27:14.0381 0x1050  SENS - ok
00:27:14.0384 0x1050  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:27:14.0394 0x1050  SensrSvc - ok
00:27:14.0397 0x1050  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:27:14.0406 0x1050  Serenum - ok
00:27:14.0409 0x1050  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:27:14.0419 0x1050  Serial - ok
00:27:14.0422 0x1050  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
00:27:14.0431 0x1050  sermouse - ok
00:27:14.0439 0x1050  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
00:27:14.0461 0x1050  SessionEnv - ok
00:27:14.0464 0x1050  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:27:14.0475 0x1050  sffdisk - ok
00:27:14.0477 0x1050  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:27:14.0488 0x1050  sffp_mmc - ok
00:27:14.0491 0x1050  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:27:14.0502 0x1050  sffp_sd - ok
00:27:14.0506 0x1050  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
00:27:14.0515 0x1050  sfloppy - ok
00:27:14.0523 0x1050  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:27:14.0549 0x1050  SharedAccess - ok
00:27:14.0557 0x1050  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:27:14.0583 0x1050  ShellHWDetection - ok
00:27:14.0587 0x1050  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
00:27:14.0596 0x1050  SiSRaid2 - ok
00:27:14.0599 0x1050  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:27:14.0610 0x1050  SiSRaid4 - ok
00:27:14.0617 0x1050  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
00:27:14.0639 0x1050  SkypeUpdate - ok
00:27:14.0643 0x1050  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:27:14.0665 0x1050  Smb - ok
00:27:14.0670 0x1050  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:27:14.0680 0x1050  SNMPTRAP - ok
00:27:14.0683 0x1050  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:27:14.0691 0x1050  spldr - ok
00:27:14.0702 0x1050  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
00:27:14.0720 0x1050  Spooler - ok
00:27:14.0772 0x1050  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
00:27:14.0839 0x1050  sppsvc - ok
00:27:14.0845 0x1050  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:27:14.0867 0x1050  sppuinotify - ok
00:27:14.0876 0x1050  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:27:14.0891 0x1050  srv - ok
00:27:14.0900 0x1050  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:27:14.0914 0x1050  srv2 - ok
00:27:14.0920 0x1050  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:27:14.0931 0x1050  srvnet - ok
00:27:14.0937 0x1050  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:27:14.0961 0x1050  SSDPSRV - ok
00:27:14.0965 0x1050  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:27:14.0988 0x1050  SstpSvc - ok
00:27:15.0004 0x1050  [ BE826A247D22F2FDF24B92AD40049F89, 06996ECCE5A694DEFDC99DB56F45DD0ABD9A2150581F1FD132FBBD863C474DE3 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
00:27:15.0032 0x1050  Steam Client Service - ok
00:27:15.0036 0x1050  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
00:27:15.0044 0x1050  stexstor - ok
00:27:15.0056 0x1050  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
00:27:15.0076 0x1050  stisvc - ok
00:27:15.0080 0x1050  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:27:15.0088 0x1050  swenum - ok
00:27:15.0098 0x1050  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
00:27:15.0126 0x1050  swprv - ok
00:27:15.0153 0x1050  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
00:27:15.0186 0x1050  SysMain - ok
00:27:15.0191 0x1050  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:27:15.0205 0x1050  TabletInputService - ok
00:27:15.0212 0x1050  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:27:15.0237 0x1050  TapiSrv - ok
00:27:15.0267 0x1050  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:27:15.0299 0x1050  Tcpip - ok
00:27:15.0329 0x1050  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:27:15.0361 0x1050  TCPIP6 - ok
00:27:15.0367 0x1050  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:27:15.0375 0x1050  tcpipreg - ok
00:27:15.0379 0x1050  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:27:15.0387 0x1050  TDPIPE - ok
00:27:15.0389 0x1050  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:27:15.0397 0x1050  TDTCP - ok
00:27:15.0401 0x1050  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:27:15.0410 0x1050  tdx - ok
00:27:15.0413 0x1050  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:27:15.0421 0x1050  TermDD - ok
00:27:15.0434 0x1050  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
00:27:15.0451 0x1050  TermService - ok
00:27:15.0454 0x1050  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
00:27:15.0466 0x1050  Themes - ok
00:27:15.0470 0x1050  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
00:27:15.0491 0x1050  THREADORDER - ok
00:27:15.0496 0x1050  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
00:27:15.0518 0x1050  TrkWks - ok
00:27:15.0529 0x1050  [ 879694CD080FAA9193C704DB42852A98, 272B087E8C4E9A106950801DE1EEED63C859EA66382A7F35790AEA6E595526B9 ] trufos          C:\Windows\system32\DRIVERS\trufos.sys
00:27:15.0544 0x1050  trufos - ok
00:27:15.0551 0x1050  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:27:15.0572 0x1050  TrustedInstaller - ok
00:27:15.0576 0x1050  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:27:15.0585 0x1050  tssecsrv - ok
00:27:15.0588 0x1050  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:27:15.0596 0x1050  TsUsbFlt - ok
00:27:15.0599 0x1050  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
00:27:15.0607 0x1050  TsUsbGD - ok
00:27:15.0611 0x1050  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:27:15.0631 0x1050  tunnel - ok
00:27:15.0635 0x1050  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:27:15.0642 0x1050  uagp35 - ok
00:27:15.0650 0x1050  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:27:15.0673 0x1050  udfs - ok
00:27:15.0678 0x1050  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:27:15.0688 0x1050  UI0Detect - ok
00:27:15.0691 0x1050  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:27:15.0698 0x1050  uliagpkx - ok
00:27:15.0702 0x1050  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:27:15.0710 0x1050  umbus - ok
00:27:15.0712 0x1050  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
00:27:15.0720 0x1050  UmPass - ok
00:27:15.0724 0x1050  [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
00:27:15.0730 0x1050  UnlockerDriver5 - ok
00:27:15.0739 0x1050  [ 019EA723AE8288231C602F41343735DC, F3A2FE6FAD9BF2FD5A683F08C71CB5993CE450AB7D3FB488F6DCED573E2C4373 ] UPDATESRV       C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
00:27:15.0748 0x1050  UPDATESRV - ok
00:27:15.0757 0x1050  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
00:27:15.0782 0x1050  upnphost - ok
00:27:15.0786 0x1050  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:27:15.0795 0x1050  usbccgp - ok
00:27:15.0799 0x1050  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:27:15.0808 0x1050  usbcir - ok
00:27:15.0811 0x1050  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:27:15.0819 0x1050  usbehci - ok
00:27:15.0827 0x1050  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:27:15.0839 0x1050  usbhub - ok
00:27:15.0842 0x1050  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:27:15.0850 0x1050  usbohci - ok
00:27:15.0853 0x1050  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:27:15.0863 0x1050  usbprint - ok
00:27:15.0866 0x1050  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:27:15.0874 0x1050  usbscan - ok
00:27:15.0878 0x1050  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:27:15.0887 0x1050  USBSTOR - ok
00:27:15.0890 0x1050  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
00:27:15.0898 0x1050  usbuhci - ok
00:27:15.0901 0x1050  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
00:27:15.0922 0x1050  UxSms - ok
00:27:15.0924 0x1050  [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] VaultSvc        C:\Windows\system32\lsass.exe
00:27:15.0933 0x1050  VaultSvc - ok
00:27:15.0936 0x1050  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:27:15.0943 0x1050  vdrvroot - ok
00:27:15.0953 0x1050  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
00:27:15.0980 0x1050  vds - ok
00:27:15.0983 0x1050  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:27:15.0993 0x1050  vga - ok
00:27:15.0995 0x1050  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:27:16.0016 0x1050  VgaSave - ok
00:27:16.0021 0x1050  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:27:16.0031 0x1050  vhdmp - ok
00:27:16.0034 0x1050  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:27:16.0042 0x1050  viaide - ok
00:27:16.0045 0x1050  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:27:16.0053 0x1050  volmgr - ok
00:27:16.0060 0x1050  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:27:16.0072 0x1050  volmgrx - ok
00:27:16.0079 0x1050  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:27:16.0090 0x1050  volsnap - ok
00:27:16.0095 0x1050  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
00:27:16.0104 0x1050  vsmraid - ok
00:27:16.0130 0x1050  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
00:27:16.0172 0x1050  VSS - ok
00:27:16.0201 0x1050  [ 242BEF3CDCB8A707676C06A83E2F8ABB, BCBA394FC5B67BFFB28A5DB67AB96EDCF2F40143A48574AFFB7C7AD0365B134B ] VSSERV          C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
00:27:16.0233 0x1050  VSSERV - ok
00:27:16.0237 0x1050  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
00:27:16.0246 0x1050  vwifibus - ok
00:27:16.0254 0x1050  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
00:27:16.0280 0x1050  W32Time - ok
00:27:16.0284 0x1050  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
00:27:16.0292 0x1050  WacomPen - ok
00:27:16.0296 0x1050  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:27:16.0317 0x1050  WANARP - ok
00:27:16.0319 0x1050  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:27:16.0339 0x1050  Wanarpv6 - ok
00:27:16.0364 0x1050  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
00:27:16.0392 0x1050  wbengine - ok
00:27:16.0399 0x1050  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:27:16.0413 0x1050  WbioSrvc - ok
00:27:16.0421 0x1050  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:27:16.0437 0x1050  wcncsvc - ok
00:27:16.0440 0x1050  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:27:16.0450 0x1050  WcsPlugInService - ok
00:27:16.0452 0x1050  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
00:27:16.0460 0x1050  Wd - ok
00:27:16.0474 0x1050  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:27:16.0492 0x1050  Wdf01000 - ok
00:27:16.0496 0x1050  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:27:16.0506 0x1050  WdiServiceHost - ok
00:27:16.0509 0x1050  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:27:16.0518 0x1050  WdiSystemHost - ok
00:27:16.0524 0x1050  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
00:27:16.0536 0x1050  WebClient - ok
00:27:16.0542 0x1050  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:27:16.0565 0x1050  Wecsvc - ok
00:27:16.0569 0x1050  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:27:16.0591 0x1050  wercplsupport - ok
00:27:16.0594 0x1050  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:27:16.0615 0x1050  WerSvc - ok
00:27:16.0619 0x1050  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:27:16.0638 0x1050  WfpLwf - ok
00:27:16.0641 0x1050  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:27:16.0648 0x1050  WIMMount - ok
00:27:16.0650 0x1050  WinDefend - ok
00:27:16.0654 0x1050  WinHttpAutoProxySvc - ok
00:27:16.0662 0x1050  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:27:16.0685 0x1050  Winmgmt - ok
00:27:16.0717 0x1050  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
00:27:16.0752 0x1050  WinRM - ok
00:27:16.0760 0x1050  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
00:27:16.0769 0x1050  WinUsb - ok
00:27:16.0786 0x1050  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:27:16.0808 0x1050  Wlansvc - ok
00:27:16.0846 0x1050  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:27:16.0883 0x1050  wlidsvc - ok
00:27:16.0886 0x1050  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:27:16.0895 0x1050  WmiAcpi - ok
00:27:16.0901 0x1050  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:27:16.0912 0x1050  wmiApSrv - ok
00:27:16.0914 0x1050  WMPNetworkSvc - ok
00:27:16.0917 0x1050  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:27:16.0926 0x1050  WPCSvc - ok
00:27:16.0930 0x1050  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:27:16.0941 0x1050  WPDBusEnum - ok
00:27:16.0943 0x1050  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:27:16.0963 0x1050  ws2ifsl - ok
00:27:16.0967 0x1050  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
00:27:16.0980 0x1050  wscsvc - ok
00:27:16.0982 0x1050  WSearch - ok
00:27:17.0024 0x1050  [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:27:17.0068 0x1050  wuauserv - ok
00:27:17.0073 0x1050  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:27:17.0083 0x1050  WudfPf - ok
00:27:17.0089 0x1050  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:27:17.0100 0x1050  WUDFRd - ok
00:27:17.0104 0x1050  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:27:17.0114 0x1050  wudfsvc - ok
00:27:17.0120 0x1050  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:27:17.0133 0x1050  WwanSvc - ok
00:27:17.0135 0x1050  ================ Scan global ===============================
00:27:17.0138 0x1050  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
00:27:17.0144 0x1050  [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
00:27:17.0153 0x1050  [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
00:27:17.0159 0x1050  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
00:27:17.0167 0x1050  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
00:27:17.0173 0x1050  [ Global ] - ok
00:27:17.0173 0x1050  ================ Scan MBR ==================================
00:27:17.0174 0x1050  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
00:27:17.0221 0x1050  \Device\Harddisk1\DR1 - ok
00:27:17.0223 0x1050  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:27:17.0317 0x1050  \Device\Harddisk0\DR0 - ok
00:27:17.0322 0x1050  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
00:27:17.0922 0x1050  \Device\Harddisk2\DR2 - ok
00:27:17.0922 0x1050  ================ Scan VBR ==================================
00:27:17.0923 0x1050  [ 2C6670263E348F9788F10F0E3ACC1D44 ] \Device\Harddisk1\DR1\Partition1
00:27:17.0960 0x1050  \Device\Harddisk1\DR1\Partition1 - ok
00:27:17.0964 0x1050  [ CCF002C3D859C36AC5E2646F0EA6FB0B ] \Device\Harddisk0\DR0\Partition1
00:27:17.0966 0x1050  \Device\Harddisk0\DR0\Partition1 - ok
00:27:17.0969 0x1050  [ 4874B9FDDF2D22B2D9D50913D70AAEC5 ] \Device\Harddisk0\DR0\Partition2
00:27:17.0970 0x1050  \Device\Harddisk0\DR0\Partition2 - ok
00:27:17.0974 0x1050  [ 8269DDDEC0B9761CA1580BB48F3EF7AE ] \Device\Harddisk2\DR2\Partition1
00:27:18.0044 0x1050  \Device\Harddisk2\DR2\Partition1 - ok
00:27:18.0045 0x1050  ================ Scan generic autorun ======================
00:27:18.0049 0x1050  [ ABAEEE966953092F013902849495E588, C1760F10AFCDF9F510A35508DD7DFB52FAE4BEB1C2F422C714E2587917CB8312 ] C:\Windows\system32\igfxtray.exe
00:27:18.0058 0x1050  IgfxTray - ok
00:27:18.0067 0x1050  [ 6200A37004340CBC2BA7BD585285513D, 44102F31F0223DA8633A9E44C4C15780D0CFDD9FD7D33F23F128C523087AB330 ] C:\Windows\system32\hkcmd.exe
00:27:18.0079 0x1050  HotKeysCmds - ok
00:27:18.0088 0x1050  [ C0798E90F54A10E37001CE26E51D3793, 58FCA9D3562138CF177E000DB1839FAF479F3A40139ABD366F4328F8D51FB917 ] C:\Windows\system32\igfxpers.exe
00:27:18.0101 0x1050  Persistence - ok
00:27:18.0110 0x1050  [ 320681DF28D82CDCA7E3EED0846625DB, 7F709ADFB0FE36BEC857A928E9CB29BB5B6C0BAD98824D0302C7BB7185100CB9 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
00:27:18.0123 0x1050  AdobeAAMUpdater-1.0 - ok
00:27:18.0376 0x1050  [ 222A34C1E04D3A8DAF9BA6A0414958FB, 5B32621DD9CAAC79CA798E7E6CA0D9EDD3B36CA87734FB37034B3B451EC9DECC ] C:\Program Files\Logitech Gaming Software\LCore.exe
00:27:18.0577 0x1050  Launch LCore - ok
00:27:18.0657 0x1050  [ E41245791F9B6F4022F8C46154C358E8, 3E1597352DC9DBBAD8262B8271FC532F38C39EBB2D7461DE6839880A0D099E2F ] C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
00:27:18.0728 0x1050  StartCN - ok
00:27:18.0757 0x1050  [ AAA919E2177D09C18603AFEB2809D667, 79F5DDCF0EFF39437AA460B9314B7DFAE057372CF8515A6C76C96D95DC99DBCE ] C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
00:27:18.0789 0x1050  Bdagent - ok
00:27:18.0793 0x1050  [ C419DF63E0121D72411285780C2FC6CC, F47F854D327C589D174D3BB5B55D5C05F5ACA73DF52A6BEF47596B9010190291 ] C:\Windows\UpdReg.EXE
00:27:18.0798 0x1050  UpdReg - detected UnsignedFile.Multi.Generic ( 1 )
00:27:18.0914 0x12bc  Object required for P2P: [ E4B7F2553A127E86E11343ED15320A99 ] gzflt
00:27:21.0408 0x1050  Detect skipped due to KSN trusted
00:27:21.0408 0x1050  UpdReg - ok
00:27:21.0437 0x1050  [ 055DFCD94924AE9DC8A6D1F2F1FB9687, DEA7A5336026DF55AE831B269C5E6005F30280C7EC4DEDA8ED012D77335A14E3 ] C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
00:27:21.0468 0x1050  Sound Blaster Recon3D PCIe Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
00:27:21.0592 0x12bc  Object send P2P result: true
00:27:21.0612 0x12bc  Object required for P2P: [ 879694CD080FAA9193C704DB42852A98 ] trufos
00:27:24.0070 0x1050  Detect skipped due to KSN trusted
00:27:24.0070 0x1050  Sound Blaster Recon3D PCIe Control Panel - ok
00:27:24.0076 0x1050  [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
00:27:24.0091 0x1050  APSDaemon - ok
00:27:24.0096 0x1050  [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
00:27:24.0106 0x1050  GrooveMonitor - ok
00:27:24.0109 0x1050  [ D3ABDD76CBE85440451202A130286E21, 62B37BDA6DEBFC3D56D310004BCD60E507E117E86540C43C92AAA95EE3CC8F02 ] C:\Windows\Dit.exe
00:27:24.0114 0x1050  Dit - detected UnsignedFile.Multi.Generic ( 1 )
00:27:24.0299 0x12bc  Object send P2P result: true
00:27:25.0052 0x1a58  Object required for P2P: [ E41245791F9B6F4022F8C46154C358E8 ] C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
00:27:26.0731 0x1050  Detect skipped due to KSN trusted
00:27:26.0731 0x1050  Dit - ok
00:27:26.0747 0x1050  [ 1F02F97238874324C4E371A41EFAE235, 0D546E150C1ADED852DD71762EB45CEF3799F7BA660EAF066E0B7B521EADA8CE ] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
00:27:26.0775 0x1050  DivXMediaServer - ok
00:27:26.0780 0x1050  [ 2199723879C9F75A709680E2935C052F, DDD5B5CC86463284D9137372CB8541D1258AC020EA811F1AD3735809F314B086 ] C:\Program Files (x86)\PDF24\pdf24.exe
00:27:26.0794 0x1050  PDFPrint - ok
00:27:26.0803 0x1050  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
00:27:26.0812 0x1050  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
00:27:27.0752 0x1a58  Object send P2P result: true
00:27:29.0418 0x1050  Detect skipped due to KSN trusted
00:27:29.0418 0x1050  QuickTime Task - ok
00:27:29.0475 0x1050  [ 73C583DC51E6279EF9DBFE2B75D3BEEF, BD6AFDAB29E511DD01B772AB0BEA9717290D8E1151553DC1CC263D5628AC0BE7 ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
00:27:29.0506 0x1050  DivXUpdate - ok
00:27:29.0514 0x1050  [ 5B157E747F5C6A98D7AC64597D10B3C5, D1CC7FB409A289BDBEAAD7ADD96D32A0F83014BE4D43CD81696898B067A3E047 ] C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe
00:27:29.0521 0x1050  PlaysTV - ok
00:27:29.0526 0x1050  [ F183BA59384CC417239A1A7194AEFA62, EBEBAE9F4609704CBD14E1C3099940C28EFE6E96CA7E77FCA3B26A671844B426 ] C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe
00:27:29.0534 0x1050  Raptr - ok
00:27:29.0553 0x1050  [ 1CE11C53E562D5F7EAFCF47E0E696516, 4E8264DB3CA9B2344905BC2CAE6A9E73190A3CCF3D154B3CBDAF4F73F8FCD64B ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
00:27:29.0571 0x1050  avgnt - ok
00:27:29.0575 0x1050  [ 62634246BADBB538F78309510CAAEFDA, 74AEF5CA769BF72AC64D22A5C8CFA84438DD7611011987D10DFD81D447B65F5D ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
00:27:29.0583 0x1050  Avira SystrayStartTrigger - ok
00:27:29.0603 0x1050  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
00:27:29.0655 0x1050  Sidebar - ok
00:27:29.0659 0x1050  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
00:27:29.0671 0x1050  mctadmin - ok
00:27:29.0692 0x1050  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
00:27:29.0716 0x1050  Sidebar - ok
00:27:29.0720 0x1050  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
00:27:29.0733 0x1050  mctadmin - ok
00:27:29.0789 0x1050  [ AFE3883FB37A5567C913E7DFCF2924A5, 3CA38EE302E0FF343DB87AE90DA868DCE5B7B490C2AA32164AF8DD4773482265 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
00:27:29.0843 0x1050  DAEMON Tools Lite - ok
00:27:29.0853 0x1050  [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe
00:27:29.0861 0x1050  Dropbox Update - ok
00:27:29.0995 0x1050  [ 96C06D6C65559D1B7D6C5A62288725EE, 61CCCA9248742414AAE8973DF121CE2E7EC1385D219E3F3D306EAA3A2989C28C ] C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
00:27:30.0091 0x1050  Spotify - ok
00:27:30.0119 0x1050  [ 8E3A4D64A060C5CAA90F3B0C15A7DFE9, 62CEE1449AF368A5FA16DDF9690526965C32979564CF66BD8B3BB534110A910C ] C:\Users\Ben\AppData\Roaming\Spotify\SpotifyWebHelper.exe
00:27:30.0146 0x1050  Spotify Web Helper - ok
00:27:30.0147 0x1050  Waiting for KSN requests completion. In queue: 15
00:27:31.0147 0x1050  Waiting for KSN requests completion. In queue: 15
00:27:32.0147 0x1050  Waiting for KSN requests completion. In queue: 15
00:27:32.0751 0x170c  Object required for P2P: [ 96C06D6C65559D1B7D6C5A62288725EE ] C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
00:27:33.0147 0x1050  Waiting for KSN requests completion. In queue: 2
00:27:34.0147 0x1050  Waiting for KSN requests completion. In queue: 2
00:27:35.0147 0x1050  Waiting for KSN requests completion. In queue: 2
00:27:35.0468 0x170c  Object send P2P result: true
00:27:35.0468 0x170c  Object required for P2P: [ 8E3A4D64A060C5CAA90F3B0C15A7DFE9 ] C:\Users\Ben\AppData\Roaming\Spotify\SpotifyWebHelper.exe
00:27:36.0147 0x1050  Waiting for KSN requests completion. In queue: 1
00:27:37.0147 0x1050  Waiting for KSN requests completion. In queue: 1
00:27:38.0147 0x1050  Waiting for KSN requests completion. In queue: 1
00:27:38.0162 0x170c  Object send P2P result: true
00:27:39.0214 0x1050  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.16.273 ), 0x41000 ( enabled : updated )
00:27:39.0221 0x1050  AV detected via SS2: Bitdefender Antivirus, C:\Program Files\Bitdefender\Bitdefender 2016\wscfix.exe ( 20.0.26.1443 ), 0x41000 ( enabled : updated )
00:27:39.0226 0x1050  FW detected via SS2: Bitdefender Firewall, C:\Program Files\Bitdefender\Bitdefender 2016\wscfix.exe ( 20.0.26.1443 ), 0x41010 ( enabled )
00:27:41.0869 0x1050  ============================================================
00:27:41.0869 0x1050  Scan finished
00:27:41.0869 0x1050  ============================================================
00:27:41.0880 0x177c  Detected object count: 0
00:27:41.0881 0x177c  Actual detected object count: 0
         
Seitdem ich mit diverser Antivierensoftware hantiere, habe ich aktuell dauernd bluescreen-Abstürtze...


Alt 21.05.2016, 22:35   #6
M-K-D-B
/// TB-Ausbilder
 
Trojaner "searchprotect" und "tmp00000be1" entfernen - Standard

Trojaner "searchprotect" und "tmp00000be1" entfernen



Zitat:
Zitat von HackedNoob Beitrag anzeigen
Seitdem ich mit diverser Antivierensoftware hantiere, habe ich aktuell dauernd bluescreen-Abstürtze...
Und das wundert dich?





Zitat:
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
Mehrere Anti-Virus-Programme

Code:
ATTFilter
Bitdefender
Avira
         
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Außerdem bremst es auch das System aus und kann unter Umständen zu schweren Systemabstürzen führen.






Zukünftig bitte beachten:
Zitat:
Gestartet von C:\Users\Ben\Downloads
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.











Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.
__________________
--> Trojaner "searchprotect" und "tmp00000be1" entfernen

Alt 22.05.2016, 19:15   #7
HackedNoob
 
Trojaner "searchprotect" und "tmp00000be1" entfernen - Standard

Trojaner "searchprotect" und "tmp00000be1" entfernen



Code:
ATTFilter
# AdwCleaner v5.117 - Bericht erstellt am 22/05/2016 um 18:48:05
# Aktualisiert am 15/05/2016 von Xplode
# Datenbank : 2016-05-15.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : Ben - BEN-PC
# Gestartet von : C:\Users\Ben\Desktop\AdwCleaner_5.117.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner gelöscht : C:\ProgramData\Babylon
[#] Ordner gelöscht : C:\ProgramData\Application Data\Babylon
[-] Ordner gelöscht : C:\Users\Ben\AppData\Local\bvyvavay
[-] Ordner gelöscht : C:\Users\Ben\AppData\LocalLow\SimplyTech
[-] Ordner gelöscht : C:\Users\Ben\AppData\Roaming\BitLord
[-] Ordner gelöscht : C:\Users\Ben\AppData\Roaming\RHEng
[-] Ordner gelöscht : C:\Users\Ben\Documents\BitLord
[-] Ordner gelöscht : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac
[#] Ordner gelöscht : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac

***** [ Dateien ] *****

[-] Datei gelöscht : C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\jid0-1kqApO5BUHwjBQft5BEUXHXZjCA@jetpack.xpi

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****

[-] Geplante Aufgabe gelöscht : Browser Updater\Browser Updater

***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C98BE86-CF79-4484-A2B2-DFE1EE126592}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6F7E26D7-C6AD-49BE-B48E-A5FCEE221C82}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B21E5B2D-2AF6-4182-9E8E-1FF00EE3EFD0}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
[-] Wert gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Wert gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Wert gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Schlüssel gelöscht : HKCU\Software\BABSOLUTION
[-] Schlüssel gelöscht : HKCU\Software\OCS
[-] Schlüssel gelöscht : HKCU\Software\Softonic
[-] Schlüssel gelöscht : HKCU\Software\UpdaterEX
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2410925410-2808068811-915591143-1000\Software\Softonic
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Daten wiederhergestellt : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Daten wiederhergestellt : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar]
[-] Daten wiederhergestellt : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Daten wiederhergestellt : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Daten wiederhergestellt : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
[-] Daten wiederhergestellt : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
[-] Daten wiederhergestellt : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI [(Default)]
[-] Daten wiederhergestellt : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
[-] Wert gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{73212083-FF94-47C4-8E36-3440751A49BC}D:\programme\bitlord 2\bitlord files\bitlord.exe]
[-] Wert gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{D6D56F54-6194-46B0-ACA7-2E4B12A0F787}D:\programme\bitlord 2\bitlord files\bitlord.exe]
[-] Wert gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{14C97613-0E21-4D44-9852-CF90EC1611D7}D:\programme\bitlord 2\bitlord files\bitlord.exe]
[-] Wert gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{2BA87064-65EA-4D89-8EB7-DA85FFB26328}D:\programme\bitlord 2\bitlord files\bitlord.exe]
[-] Wert gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C5E1FB36-5032-4614-AEE7-111A4A869A4D}]
[-] Wert gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{87AA13B1-170B-4425-A1D4-2301676480F2}]
[-] Wert gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{473BC8D5-B3DC-4067-BCEC-857EE4923E13}]
[-] Wert gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C298F8E5-CEA7-43A9-B81E-137211018874}]
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0C3286BA-7A37-4E59-A3F5-F4E06A97F97B}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{38C82963-9229-4D88-99F7-221997DB985B}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{94ABC068-6097-46F0-8AC3-5EBFF0AD0703}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F280C5F1-262E-4024-AC35-47BEAEBFA6CF}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F4ED6660-A91F-481D-A5DF-7DAC3E9994E2}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FD4E9F80-5AC9-44A3-8722-78CA6D2DC141}
[-] Wert gelöscht : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DisplayName]
[-] Wert gelöscht : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes 
[-] Wert gelöscht : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [TopResultURLFallback]
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71588120-FC17-4463-B07D-2C71FE6E057B}
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\searchgol.com
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\watch4.com
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\watch4.de
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.searchgol.com
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.watch4.com
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.watch4.de
[-] Schlüssel gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

***** [ Internetbrowser ] *****

[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("HomeTab_6787.global.ClearSearchHistoryOnClose", "false");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("HomeTab_6787.global.CurrentLanguageSelection", "English");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("HomeTab_6787.global.CurrentNavigationSelection", "Current window");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("HomeTab_6787.global.CurrentSearchEngineSelection", "US: United States of America");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("HomeTab_6787.global.DisplayRecentSearches", "true");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("HomeTab_6787.global.ShowButtonText2", "true");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("HomeTab_6787.global.UpdateTime", "1382593909575");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("HomeTab_6787.global.setupExtension", "true");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("HomeTab_6787.global.userEnable", true);
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("HomeTab_6787.global.userID", "34235206784bd80dacfe4a29062a1903");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("extensions.cliqz.backup.homepage", "hxxp://search.conduit.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MA62C3147-8AE0-40E0-918E-AEDF8799F4C5&SearchSource=55&CUI=&UM=5&UP=SP62D14C1F-E[...]
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("extensions.dealply.channel", "_candoc1");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("extensions.dealply.installId", "_v24873208591066528344302013101614460524");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("extensions.dealply.installIdSource", "_inst");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("extensions.dealply.lastHeartBitDate", "2013_9_24");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("extensions.dealply.partner", "_cand");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("extensions.dealply.sampleGroup", "4");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1363041758071");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1363041761000");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent122", "1363041758074");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1363047512328");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent134", "1363048334704");
[-] [C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js] gelöscht : user_pref("wtbg.global.storedbrowserversion", "24.0");

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [13879 Bytes] - [22/05/2016 18:48:05]
C:\AdwCleaner\AdwCleaner[R0].txt - [34641 Bytes] - [12/10/2013 19:29:03]
C:\AdwCleaner\AdwCleaner[S0].txt - [31788 Bytes] - [12/10/2013 19:29:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [15392 Bytes] - [22/05/2016 18:47:02]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [14175 Bytes] ##########
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 22.05.2016
Suchlaufzeit: 18:53
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.05.22.04
Rootkit-Datenbank: v2016.05.20.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Ben

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333187
Abgelaufene Zeit: 6 Min., 19 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 4
PUP.Optional.Iminent, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\prefs.js, Gut: (), Schlecht: (user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1363041761000");), Ersetzt,[44a835a39603b0861931fc72976df20e]
PUP.Optional.Iminent, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\prefs.js, Gut: (), Schlecht: (", "false");
user_pref("HomeTab_6787.global.CurrentLanguageSelection", "English");
user), Ersetzt,[a745c6120990989e0446f37b887cf60a]
PUP.Optional.Iminent, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\prefs.js, Gut: (), Schlecht: (", "false");
user_pref("HomeTab_6787.global.CurrentLanguageSelection", "E), Ersetzt,[a4489b3d5c3dbe78bc8ecaa4ce36b749]
PUP.Optional.Iminent, C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\prefs.js, Gut: (), Schlecht: (ill be overwrit", "false");
user_pref("HomeTab_6787.global.CurrentLanguageSelection", "Engl), Ersetzt,[21cbba1eabee5adcd575a5c9aa5a916f]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Ben (Administrator) on 22.05.2016 at 19:06:21,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 31 

Successfully deleted: C:\ProgramData\1463281564.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1463281683.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1463281764.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1463322708.bdinstall.bin (File) 
Successfully deleted: C:\Users\Ben\AppData\Local\Tempdivxa6f9 (File) 
Successfully deleted: C:\Users\Ben\AppData\Local\Tempdivxfe74 (File) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07CI8I18 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5TMMV0XF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\691O05RJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7P8LRZXC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AG8KETMM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8M8VYL1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNF2C9SO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6FW3YQ8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KCU10S (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZ5O224E (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEQC1DEY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8W0DCZV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07CI8I18 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5TMMV0XF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\691O05RJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7P8LRZXC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AG8KETMM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8M8VYL1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNF2C9SO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6FW3YQ8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KCU10S (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZ5O224E (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YEQC1DEY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8W0DCZV (Temporary Internet Files Folder) 

Deleted the following from C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\prefs.js
user_pref(extensions.AMAZONNEW_NS_PH.toolbarXMLText, <?xml version=\1.0\ encoding=\utf-8\?>\n<toolbar>\n  <replacements>\n    <replacement>\n      <key><![CDATA[__REGIO
user_pref(extensions.ae180d6e852cd41d990029e43f22d4c917466a5f305bd4c4da0e99442a8ea8a0ecom32000.32000.internaldb.cache/286965653b415f505622ea74d2bd3bbe_DE.value, %22var%20ca
user_pref(extensions.ae180d6e852cd41d990029e43f22d4c917466a5f305bd4c4da0e99442a8ea8a0ecom32000.32000.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value, %22var%20adsDe
user_pref(extensions.ae180d6e852cd41d990029e43f22d4c917466a5f305bd4c4da0e99442a8ea8a0ecom32000.32000.internaldb.cache/833447eaff04548ccb80787286a7cad9_DE.value, %22var%20ca



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.05.2016 at 19:08:54,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:22-05-2016 01
durchgeführt von Ben (Administrator) auf BEN-PC (22-05-2016 19:13:31)
Gestartet von C:\Users\Ben\Desktop
Geladene Profile: Ben (Verfügbare Profile: Ben)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-06] (Logitech Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1651600 2016-04-25] (Bitdefender)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [885760 2012-02-22] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dit] => C:\Windows\Dit.exe [90112 2004-08-05] (ICSI Technology Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-27] (DivX, LLC)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-05-09] (Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-27] (Raptr, Inc)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [Dropbox Update] => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [Spotify] => C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-28] (Spotify Ltd)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [Spotify Web Helper] => C:\Users\Ben\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-28] (Spotify Ltd)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\MountPoints2: F - F:\Setup.exe autorun
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\MountPoints2: {0cffc0e7-918d-11e2-ba83-bc5ff44945d9} - F:\setup.exe
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-21]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-05-21]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 80.69.96.12 81.210.129.4
Tcpip\..\Interfaces\{93459425-DE5C-4808-9F97-6026C69CD4BC}: [DhcpNameServer] 80.69.96.12 81.210.129.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2410925410-2808068811-915591143-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Keine Datei
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Keine Datei
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default
FF NewTab: about:home
FF Homepage: about:home
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-08-05] (DivX, LLC)
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Photoshop CS6\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-22] (Apple Inc.)
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\google-images.xml [2014-12-18]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\google-maps.xml [2014-12-18]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\youtube.xml [2015-11-12]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\{58827B9B-1E67-4411-915F-922793B7986B}.xml [2012-08-26]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\{A31C05CC-0B97-428B-80B9-224FF9550200}.xml [2012-08-26]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\{D3ED56D7-F8F1-4998-87F7-9D409CB38784}.xml [2012-08-26]
FF Extension: NoScript - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-07]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\artur.dubovoy@gmail.com [2016-05-17]
FF Extension: Cliqz - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\cliqz@cliqz.com.xpi [2016-04-19]
FF Extension: Blur - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\donottrackplus@abine.com.xpi [2015-12-17]
FF Extension: TopLine - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\jid0-uIWxKlEIWnV1103pH2C8N6RsUe0@jetpack.xpi [2012-10-28] [ist nicht signiert]
FF Extension: Mailvelope - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-12-08]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\vdpure@link64.xpi [2016-01-22]
FF Extension: Video DownloadHelper - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-09]
FF Extension: Adblock Plus - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-05-12]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\cliqz@cliqz.com => nicht gefunden

Chrome: 
=======
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]
CHR Extension: (Google-Suche) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-17]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-07-03]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-07-03]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-07-03]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-07-03]
CHR Extension: (Google Wallet) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-03]
CHR Extension: (Google Mail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-07-03]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-08-16] (Creative Labs) [Datei ist nicht signiert]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-08-16] (Creative Labs) [Datei ist nicht signiert]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [Datei ist nicht signiert]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-02-14] (Creative Technology Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-05-09] (Plays.tv, LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-11] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [118608 2016-02-09] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-02-14] (Creative Technology Ltd)
R3 CTHDB; C:\Windows\System32\DRIVERS\CtHDb.sys [23640 2012-02-29] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-20] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-22 19:12 - 2016-05-22 19:12 - 00000000 ____D C:\Users\Ben\Desktop\FRST-OlderVersion
2016-05-22 19:08 - 2016-05-22 19:08 - 00005747 _____ C:\Users\Ben\Desktop\JRT.txt
2016-05-22 19:05 - 2016-05-22 19:05 - 01610816 _____ (Malwarebytes) C:\Users\Ben\Desktop\JRT.exe
2016-05-22 19:04 - 2016-05-22 19:04 - 00002160 _____ C:\Users\Ben\Desktop\mbam.txt
2016-05-22 18:53 - 2016-05-22 18:53 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-22 18:52 - 2016-05-22 18:52 - 22851472 _____ (Malwarebytes ) C:\Users\Ben\Desktop\mbam-setup-2.2.1.1043(1).exe
2016-05-22 18:50 - 2016-05-22 18:50 - 00014306 _____ C:\Users\Ben\Desktop\AdwCleaner[C1].txt
2016-05-22 18:24 - 2016-05-22 18:24 - 00001229 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2016-05-22 18:24 - 2016-05-22 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2016-05-22 16:39 - 2016-05-22 19:13 - 00025332 _____ C:\Users\Ben\Desktop\FRST.txt
2016-05-22 16:39 - 2016-05-22 19:12 - 02383360 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2016-05-22 16:39 - 2016-05-22 16:39 - 03651136 _____ C:\Users\Ben\Desktop\AdwCleaner_5.117.exe
2016-05-22 16:39 - 2016-05-21 00:25 - 00071121 _____ C:\Users\Ben\Desktop\Addition.txt
2016-05-22 16:39 - 2016-05-21 00:22 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Ben\Desktop\tdsskiller.exe
2016-05-22 16:39 - 2016-05-21 00:14 - 00001132 _____ C:\Users\Ben\Desktop\Avira Launcher.lnk
2016-05-21 00:22 - 2016-05-21 00:33 - 00220424 _____ C:\TDSSKiller.3.1.0.9_21.05.2016_00.22.30_log.txt
2016-05-21 00:22 - 2016-05-21 00:22 - 00071121 _____ C:\Users\Ben\Downloads\Addition.txt
2016-05-21 00:21 - 2016-05-22 19:13 - 00000000 ____D C:\FRST
2016-05-21 00:21 - 2016-05-21 00:22 - 00077166 _____ C:\Users\Ben\Downloads\FRST.txt
2016-05-20 22:59 - 2016-05-20 22:59 - 22851472 _____ (Malwarebytes ) C:\Users\Ben\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-20 20:40 - 2016-05-21 00:45 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Avira
2016-05-20 20:38 - 2016-05-21 00:48 - 00000000 ____D C:\ProgramData\Avira
2016-05-15 16:33 - 2016-05-15 16:33 - 00003640 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-05-15 05:09 - 2016-05-21 00:14 - 00002116 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-05-15 05:09 - 2016-05-15 05:09 - 00253404 ____H C:\bdr-ld02
2016-05-15 05:09 - 2016-05-15 05:09 - 00009216 ____H C:\bdr-ld02.mbr
2016-05-15 05:09 - 2016-05-15 05:09 - 00000684 ____H C:\bdr-cf02
2016-05-15 05:09 - 2016-05-15 05:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-05-15 05:09 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2016-05-15 05:09 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-05-15 05:09 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-05-15 05:09 - 2015-12-15 21:35 - 49760229 ____H C:\bdr-im02.gz
2016-05-15 05:09 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz02
2016-05-15 05:07 - 2016-05-15 05:10 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Bitdefender
2016-05-15 05:07 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-05-15 05:07 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-05-15 05:07 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2016-05-15 05:06 - 2016-05-15 05:26 - 00000000 ____D C:\ProgramData\Bitdefender
2016-05-15 05:05 - 2016-05-22 18:50 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-05-14 18:18 - 2016-05-14 18:18 - 00000000 ____D C:\Users\Ben\Desktop\AST Fahrwerk
2016-05-13 21:20 - 2016-05-15 03:45 - 00000000 ____D C:\Users\Ben\AppData\Local\AMD
2016-05-13 21:19 - 2016-05-13 21:19 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-05-13 21:18 - 2016-05-13 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2016-05-13 21:17 - 2016-05-13 21:18 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-05-13 21:17 - 2016-05-13 21:17 - 00000000 ____D C:\Program Files (x86)\AMD
2016-05-13 21:10 - 2016-05-13 21:10 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\Ben\Downloads\autodetectutility.exe
2016-05-13 20:04 - 2016-05-13 20:04 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-13 07:13 - 2016-05-22 18:50 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Raptr
2016-05-12 22:32 - 2016-05-12 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV
2016-05-12 07:36 - 2016-05-22 18:50 - 00000000 ____D C:\Users\Ben\AppData\Roaming\PlaysTV
2016-05-12 07:35 - 2016-05-12 07:35 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-05-11 16:52 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 16:52 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 16:52 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 16:52 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 16:52 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 16:52 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 16:52 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 16:52 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 16:52 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 16:52 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 16:52 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 16:52 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 16:52 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 16:52 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 16:52 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 16:52 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 16:52 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 16:52 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 16:52 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 16:52 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 16:52 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 16:52 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 16:52 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 16:52 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 16:52 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 16:52 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 16:52 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 16:52 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 16:52 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 16:52 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 16:52 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 16:52 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 16:52 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 16:52 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 16:52 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 16:52 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 16:52 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 16:52 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 16:52 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 16:52 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 16:52 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 16:52 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 16:52 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 16:52 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 16:52 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 16:52 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 16:52 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 16:52 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 16:52 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 16:52 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 16:52 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 16:52 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 16:52 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 16:52 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 16:52 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 16:52 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 16:52 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 16:52 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 16:52 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 16:52 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 16:52 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 16:52 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 16:52 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 16:52 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 16:52 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 16:52 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 16:52 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 16:52 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 16:52 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 16:52 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 16:52 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 16:52 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 16:52 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 16:52 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 16:52 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 16:52 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 16:52 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 16:52 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 16:52 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 16:52 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 16:52 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 16:52 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 16:52 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 16:52 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 16:52 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 16:52 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 16:52 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 16:52 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 16:52 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 16:52 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 16:52 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 16:52 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 16:52 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 16:52 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 16:52 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 16:52 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-05 14:35 - 2016-05-05 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-04 18:30 - 2016-05-04 19:39 - 00000000 ____D C:\Users\Public\CineForm
2016-05-04 18:30 - 2016-05-04 19:29 - 00000000 ____D C:\Users\Ben\AppData\Roaming\GoPro
2016-05-04 18:30 - 2016-05-04 18:30 - 00000000 ____D C:\Users\Ben\AppData\Local\GoPro
2016-05-04 18:29 - 2016-05-04 18:29 - 00000000 ____D C:\Program Files (x86)\OpenAL
2016-04-27 21:28 - 2016-04-27 21:28 - 08306382 _____ C:\Users\Ben\Desktop\Infiltrate template.rar
2016-04-25 20:04 - 2014-12-29 21:16 - 00000000 ____D C:\Users\Ben\Desktop\Template

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-22 19:11 - 2012-09-21 01:34 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Spotify
2016-05-22 19:11 - 2012-09-21 01:34 - 00000000 ____D C:\Users\Ben\AppData\Local\Spotify
2016-05-22 18:57 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-22 18:57 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-22 18:54 - 2011-04-12 09:43 - 00699432 _____ C:\Windows\system32\perfh007.dat
2016-05-22 18:54 - 2011-04-12 09:43 - 00149572 _____ C:\Windows\system32\perfc007.dat
2016-05-22 18:54 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-22 18:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-22 18:53 - 2015-03-11 20:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-22 18:53 - 2015-03-11 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-22 18:53 - 2015-03-11 20:43 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-05-22 18:50 - 2015-03-04 23:19 - 00000000 ___RD C:\Users\Ben\Dropbox
2016-05-22 18:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-22 18:48 - 2015-12-26 07:38 - 00296592 _____ C:\bdlog.txt
2016-05-22 18:48 - 2013-10-12 19:28 - 00000000 ____D C:\AdwCleaner
2016-05-22 18:38 - 2015-08-15 12:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-22 18:38 - 2015-06-18 18:28 - 00001216 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000UA.job
2016-05-22 18:26 - 2014-04-06 17:25 - 00000000 ____D C:\ProgramData\elsterformular
2016-05-22 18:24 - 2014-04-06 17:25 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2016-05-22 18:24 - 2012-08-16 20:37 - 00000000 ____D C:\Users\Ben
2016-05-22 07:00 - 2012-08-17 03:18 - 00000000 ____D C:\Users\Ben\AppData\Roaming\vlc
2016-05-22 06:26 - 2015-11-02 20:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-22 06:01 - 2015-04-14 01:51 - 00000080 _____ C:\Users\Ben\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2016-05-22 05:27 - 2015-05-02 22:15 - 00005536 _____ C:\Users\Ben\Desktop\Kosten.txt
2016-05-21 19:38 - 2015-06-18 18:28 - 00001164 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000Core.job
2016-05-21 17:56 - 2012-08-19 16:49 - 00000000 _____ C:\Users\Ben\AppData\Roaming\bitlord_log.txt
2016-05-21 16:50 - 2014-02-01 17:31 - 00000201 _____ C:\Users\Ben\Desktop\TO DO! BICHT!!!.txt
2016-05-21 14:51 - 2015-03-04 23:19 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Dropbox
2016-05-21 00:48 - 2013-08-26 11:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-21 00:15 - 2014-09-13 14:31 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-05-21 00:15 - 2013-11-27 20:47 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-05-21 00:15 - 2013-09-13 21:51 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-21 00:15 - 2012-08-17 03:21 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-21 00:15 - 2012-08-16 20:34 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-05-21 00:15 - 2012-08-16 20:34 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-05-21 00:15 - 2009-07-14 06:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-05-21 00:14 - 2016-03-28 20:56 - 00002165 _____ C:\Users\Public\Desktop\Preset Manager 1.0.lnk
2016-05-21 00:14 - 2016-01-12 00:56 - 00001831 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-05-21 00:14 - 2015-03-21 03:54 - 00002168 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-05-21 00:14 - 2014-11-30 20:11 - 00000761 _____ C:\Users\Public\Desktop\Assetto Corsa.lnk
2016-05-21 00:14 - 2014-08-31 01:09 - 00000953 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2016-05-21 00:14 - 2014-04-20 21:02 - 00001101 _____ C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk
2016-05-21 00:14 - 2014-04-13 19:36 - 00001100 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2016-05-21 00:14 - 2013-09-13 21:51 - 00001141 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-21 00:14 - 2013-08-23 01:01 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-21 00:14 - 2013-03-20 21:54 - 00001944 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-05-21 00:14 - 2012-12-25 18:54 - 00000704 _____ C:\Users\Public\Desktop\Winamp.lnk
2016-05-21 00:14 - 2012-09-21 01:34 - 00001779 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-05-21 00:14 - 2012-08-17 00:39 - 00001923 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Avant Browser.lnk
2016-05-21 00:14 - 2012-08-17 00:39 - 00001911 _____ C:\Users\Public\Desktop\Avant Browser.lnk
2016-05-21 00:14 - 2012-08-16 20:38 - 00001321 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-21 00:14 - 2009-07-14 07:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-05-21 00:14 - 2009-07-14 06:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-05-21 00:13 - 2015-10-13 23:16 - 00000941 _____ C:\Users\Ben\Desktop\Magic Bullet Looks.lnk
2016-05-21 00:13 - 2015-03-04 23:19 - 00001009 _____ C:\Users\Ben\Desktop\Drobox.lnk
2016-05-21 00:13 - 2014-12-17 22:53 - 00001827 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Tunatic.lnk
2016-05-21 00:13 - 2014-10-19 19:41 - 00000905 _____ C:\Users\Ben\Desktop\GTR2.lnk
2016-05-21 00:13 - 2014-09-13 15:19 - 00001038 _____ C:\Users\Ben\Desktop\Vegas Pro 13.0 (64-bit).lnk
2016-05-21 00:13 - 2014-07-10 01:26 - 00000783 _____ C:\Users\Ben\Desktop\Zeug vom Desktop.lnk
2016-05-21 00:13 - 2013-11-27 23:49 - 00000924 _____ C:\Users\Ben\Desktop\GIMP.lnk
2016-05-21 00:13 - 2013-03-20 22:03 - 00000763 _____ C:\Users\Ben\Desktop\GTR Evolution.lnk
2016-05-21 00:13 - 2012-12-30 04:03 - 00001563 _____ C:\Users\Ben\Desktop\Counter-Strike Source.lnk
2016-05-21 00:13 - 2012-11-06 22:55 - 00000961 _____ C:\Users\Ben\Desktop\TeamSpeak 3 Client.lnk
2016-05-21 00:13 - 2012-10-03 14:32 - 00000684 _____ C:\Users\Ben\Desktop\Free PDF to Word Doc Converter.lnk
2016-05-21 00:13 - 2012-09-21 01:34 - 00001793 _____ C:\Users\Ben\Desktop\Spotify.lnk
2016-05-21 00:13 - 2012-08-19 16:49 - 00000842 _____ C:\Users\Ben\Desktop\BitLord.lnk
2016-05-21 00:13 - 2012-08-16 21:17 - 00000355 _____ C:\Users\Ben\Desktop\Arbeitsplatz.lnk
2016-05-21 00:05 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-20 21:00 - 2012-11-06 22:56 - 00000000 ____D C:\Users\Ben\AppData\Roaming\TS3Client
2016-05-20 19:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-16 20:18 - 2012-09-01 01:53 - 00000371 _____ C:\Users\Ben\Desktop\TO DO.txt
2016-05-15 05:09 - 2016-02-14 19:14 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-05-15 05:06 - 2016-02-14 19:14 - 00000000 ____D C:\Program Files\Bitdefender
2016-05-15 03:51 - 2014-11-12 01:50 - 00000000 ____D C:\Users\Ben\AppData\LocalLow\boost_interprocess
2016-05-14 04:13 - 2014-04-05 20:01 - 00000000 ____D C:\Users\Ben\Desktop\CS 2014
2016-05-13 21:19 - 2016-03-29 01:26 - 00004230 _____ C:\Windows\System32\Tasks\AMD Updater
2016-05-13 21:17 - 2016-03-29 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-05-13 21:17 - 2013-12-29 21:05 - 00000000 ____D C:\Program Files\AMD
2016-05-13 07:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-05-13 07:38 - 2015-08-15 12:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-13 07:38 - 2015-07-23 00:54 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 07:38 - 2015-07-23 00:54 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 22:29 - 2012-08-16 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-05-12 22:29 - 2012-08-16 20:56 - 00000000 ____D C:\Program Files (x86)\Creative
2016-05-12 08:09 - 2015-04-15 19:16 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 08:04 - 2014-12-23 18:11 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-12 02:19 - 2014-08-20 22:58 - 00000000 ____D C:\Users\Ben\AppData\Local\Adobe
2016-05-11 23:25 - 2012-08-16 20:50 - 00000000 ____D C:\AMD
2016-05-11 22:53 - 2013-07-11 11:30 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 21:51 - 2009-07-14 06:45 - 05050848 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-11 21:50 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 18:01 - 2012-08-16 21:20 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-10 21:58 - 2012-08-16 20:47 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Adobe
2016-05-08 18:39 - 2012-10-28 19:22 - 00000000 ____D C:\Users\Ben\AppData\Local\CrashDumps
2016-05-06 17:46 - 2015-04-04 22:48 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-06 17:46 - 2015-04-04 22:48 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-05 22:28 - 2013-09-13 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-27 21:43 - 2012-08-16 20:53 - 00120496 _____ C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-01-12 00:56 - 2016-01-12 00:56 - 15566737 _____ () C:\Program Files\FileZilla3141.zip
2012-08-19 16:49 - 2016-05-21 17:56 - 0000000 _____ () C:\Users\Ben\AppData\Roaming\bitlord_log.txt
2012-10-13 19:23 - 2013-12-12 01:51 - 0005632 _____ () C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-17 22:30 - 2015-11-17 22:30 - 0000842 _____ () C:\Users\Ben\AppData\Local\recently-used.xbel
2012-09-12 20:33 - 2013-04-21 19:02 - 0007605 _____ () C:\Users\Ben\AppData\Local\resmon.resmoncfg

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Public\AlexaNSISPlugin.6936.dll


Einige Dateien in TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\$avantbrowser$.update.exe
C:\Users\Ben\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Ben\AppData\Local\Temp\avgnt.exe
C:\Users\Ben\AppData\Local\Temp\cdo1138856251.dll
C:\Users\Ben\AppData\Local\Temp\cdo1148406675.dll
C:\Users\Ben\AppData\Local\Temp\cdo1190206193.dll
C:\Users\Ben\AppData\Local\Temp\cdo1268291816.dll
C:\Users\Ben\AppData\Local\Temp\cdo1594728973.dll
C:\Users\Ben\AppData\Local\Temp\cdo1630582100.dll
C:\Users\Ben\AppData\Local\Temp\cdo1650198476.dll
C:\Users\Ben\AppData\Local\Temp\cdo1680738936.dll
C:\Users\Ben\AppData\Local\Temp\cdo2299574333.dll
C:\Users\Ben\AppData\Local\Temp\cdo2334430240.dll
C:\Users\Ben\AppData\Local\Temp\cdo2434732372.dll
C:\Users\Ben\AppData\Local\Temp\cdo2445184739.dll
C:\Users\Ben\AppData\Local\Temp\cdo262939885.dll
C:\Users\Ben\AppData\Local\Temp\cdo272904227.dll
C:\Users\Ben\AppData\Local\Temp\cdo2742429460.dll
C:\Users\Ben\AppData\Local\Temp\cdo2816061061.dll
C:\Users\Ben\AppData\Local\Temp\cdo3019167050.dll
C:\Users\Ben\AppData\Local\Temp\cdo3268099613.dll
C:\Users\Ben\AppData\Local\Temp\cdo340310218.dll
C:\Users\Ben\AppData\Local\Temp\cdo3432201221.dll
C:\Users\Ben\AppData\Local\Temp\cdo3453013635.dll
C:\Users\Ben\AppData\Local\Temp\cdo3505807980.dll
C:\Users\Ben\AppData\Local\Temp\cdo3608878176.dll
C:\Users\Ben\AppData\Local\Temp\cdo374867413.dll
C:\Users\Ben\AppData\Local\Temp\cdo3932243946.dll
C:\Users\Ben\AppData\Local\Temp\cdo3967037980.dll
C:\Users\Ben\AppData\Local\Temp\cdo4045656951.dll
C:\Users\Ben\AppData\Local\Temp\cdo4072745525.dll
C:\Users\Ben\AppData\Local\Temp\cdo521549086.dll
C:\Users\Ben\AppData\Local\Temp\cdo561457612.dll
C:\Users\Ben\AppData\Local\Temp\cdo759103143.dll
C:\Users\Ben\AppData\Local\Temp\cdo865636502.dll
C:\Users\Ben\AppData\Local\Temp\cdo973371756.dll
C:\Users\Ben\AppData\Local\Temp\Cleanup.dll
C:\Users\Ben\AppData\Local\Temp\ddu.exe
C:\Users\Ben\AppData\Local\Temp\difxapi.dll
C:\Users\Ben\AppData\Local\Temp\DivXSetup.exe
C:\Users\Ben\AppData\Local\Temp\libeay32.dll
C:\Users\Ben\AppData\Local\Temp\msvcm80.dll
C:\Users\Ben\AppData\Local\Temp\msvcp80.dll
C:\Users\Ben\AppData\Local\Temp\msvcr120.dll
C:\Users\Ben\AppData\Local\Temp\msvcr80.dll
C:\Users\Ben\AppData\Local\Temp\playstv_patch.exe
C:\Users\Ben\AppData\Local\Temp\radeon-crimson-16.3.2-minimalsetup.exe
C:\Users\Ben\AppData\Local\Temp\raptrpatch.exe
C:\Users\Ben\AppData\Local\Temp\raptr_stub.exe
C:\Users\Ben\AppData\Local\Temp\sqlite3.dll
C:\Users\Ben\AppData\Local\Temp\tmp4FE3.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-18 07:54

==================== Ende von FRST.txt ============================
         

Alt 22.05.2016, 19:16   #8
HackedNoob
 
Trojaner "searchprotect" und "tmp00000be1" entfernen - Standard

Trojaner "searchprotect" und "tmp00000be1" entfernen



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:22-05-2016 01
durchgeführt von Ben (2016-05-22 19:13:47)
Gestartet von C:\Users\Ben\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-16 18:37:21)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2410925410-2808068811-915591143-500 - Administrator - Disabled)
Ben (S-1-5-21-2410925410-2808068811-915591143-1000 - Administrator - Enabled) => C:\Users\Ben
Gast (S-1-5-21-2410925410-2808068811-915591143-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2410925410-2808068811-915591143-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avant Browser (remove only) (HKLM-x32\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.17.1000 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender)
BitLord 2.1 (HKLM-x32\...\BitLord) (Version: 2.1.1-91 - House of Life)
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Creative Music Server (HKLM-x32\...\Music Server) (Version: 1.01 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.3.19290 - Landesfinanzdirektion Thüringen)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
FilmConvert Pro 2.1 AE (HKLM\...\{CC62E726-2E52-4E16-9AF5-8991119A3667}) (Version: 2.12 - Rubber Monkey Software)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Pdf Perfect Prereq (HKLM-x32\...\{8a8f0ec0-a24b-4eb8-b811-2cf05c4d1c85}) (Version: 1.1.0.80 - Covus Freemium GmbH)
Free Pdf Perfect Prereq (x32 Version: 1.1.0.80 - Covus Freemium GmbH) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks)
Logitech Gaming Software 8.78 (HKLM\...\Logitech Gaming Software) (Version: 8.78.129 - Logitech Inc.)
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{E7676EF4-3896-4B7E-B030-1356EEC477CE}) (Version: 11.4.4 - Red Giant)
Magic Bullet Suite 64-bit (Version: 11.4.4 - Red Giant) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Motorola Driver Installation 3.2.0 (HKLM\...\{A7B9041E-9635-4AFF-BB1E-EFAF490A231B}) (Version: 3.2.0 - Motorola Inc.)
Motorola Phone Tools (HKLM-x32\...\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}) (Version: 4.60 - Avanquest Software)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi-Card Reader & Flash Disk (HKLM-x32\...\{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC9}) (Version: 1.00.0000 - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Pinnacle VideoSpin (HKLM-x32\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.10.1-r112682-release - Plays.tv, LLC)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.0-r112326-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Sonic Foundry Preset Manager 1.0 (HKLM-x32\...\{7266C898-F9CB-4122-9452-2AA1DACE245E}) (Version: 1.0.73 - Sonic Foundry)
Sound Blaster Recon3D PCIe (HKLM-x32\...\{F380C602-98E8-49AB-8C3F-8A73BACA45DD}) (Version: 1.00.22 - Creative Technology Limited)
Sound Blaster Recon3D PCIe Extras (HKLM-x32\...\{204FCF73-1450-407D-BCF9-1233EC5F5787}) (Version: 1.0 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Steam(TM) (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Test Drive Unlimited (HKLM-x32\...\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}) (Version: 1.00.0000 - Atari)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{CE92F061-BFBC-11E3-8FF3-F04DA23A5C58}) (Version: 13.0.290 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1-3) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (Version: 1.0.3.1 - LunarG, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {047D8A27-C9C0-4509-B54B-0DAAE60A46CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {108EC6FD-E65D-4308-A188-EAC5ABBB8E77} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {1D70820A-630E-4F59-82B4-BF7CF33CECF1} - \ProtectedSearch\Protected Search -> Keine Datei <==== ACHTUNG
Task: {2439EA23-D503-4688-8E37-FBFA8EB9AD95} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-30] (Bitdefender)
Task: {3169177F-2AA2-4BEF-BCC6-B0D125EB68A2} - System32\Tasks\{A9CE6C82-5B6C-4C81-9C82-F507E1E7B46A} => c:\program files (x86)\avant browser\avant.exe [2016-01-04] (Avant Force)
Task: {5E002749-4D84-4067-A8DF-04F377230DC6} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {5E7983E5-5405-40E6-AE09-95A1217116F8} - System32\Tasks\{3AAAF176-F7EF-41D0-AFD3-9F269021114C} => pcalua.exe -a C:\Users\Ben\Downloads\winessentials2012-all.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {8D528501-7480-4A00-86D1-D12981FF9E0B} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {96E7E24E-45B0-4A1A-8C08-D03C85F54B46} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000Core => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {C9D881A2-1624-42AF-9730-0C1C0E03AA6D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000UA => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {DB598486-F771-4C91-BDF3-6B16D26723ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {E3D8DC2C-B845-49CA-85F1-FE7A92BE57E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000Core.job => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000UA.job => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-05-15 05:09 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-05-15 05:09 - 2016-05-09 11:29 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
2016-05-15 05:09 - 2016-05-09 11:29 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
2016-05-15 05:09 - 2016-05-09 11:29 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
2016-05-15 05:09 - 2016-05-09 11:29 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
2015-10-16 12:02 - 2015-10-16 12:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-08-19 01:01 - 2014-06-28 22:53 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-11-24 22:48 - 2015-11-24 22:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 22:46 - 2015-11-24 22:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 22:46 - 2015-11-24 22:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 22:57 - 2015-12-07 22:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2015-03-12 13:39 - 2016-04-28 00:44 - 47503472 _____ () C:\Users\Ben\AppData\Roaming\Spotify\libcef.dll
2015-03-12 13:39 - 2016-04-28 00:44 - 01584240 _____ () C:\Users\Ben\AppData\Roaming\Spotify\libglesv2.dll
2015-03-12 13:39 - 2016-04-28 00:44 - 00082032 _____ () C:\Users\Ben\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Ben\Desktop\AdwCleaner_5.117.exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Desktop\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Desktop\mbam-setup-2.2.1.1043(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Desktop\tdsskiller.exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Downloads\autodetectutility.exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Downloads\LGS_8.78.129_x64_Logitech.exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Downloads\mbam-setup-2.2.1.1043.exe:BDU [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-05-22 18:50 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2410925410-2808068811-915591143-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 80.69.96.12 - 81.210.129.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{82260939-98DA-4CF5-9C00-9AFA5E95AA50}] => (Allow) C:\Users\Ben\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{25154B17-4D55-4FE8-8E67-FCD87680A227}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{628A90DC-41D2-444F-A67F-E1BD8E4F0E41}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8F23AC69-6661-4809-9743-AF44604219F2}] => (Allow) LPort=2869
FirewallRules: [{4832E087-A6A2-4E70-B1A2-E0B398DACAFE}] => (Allow) LPort=1900
FirewallRules: [{1922A093-3790-4EC7-A53A-6CADAE8A44C5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E99B4A98-D497-414D-9FD1-5884C0234449}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{206CF8F8-DC43-4B9D-9704-95CB89DFA822}C:\games\gta 4\gta 4eflc\eflc.exe] => (Allow) C:\games\gta 4\gta 4eflc\eflc.exe
FirewallRules: [UDP Query User{CF287F40-8FC9-4BE4-A0F1-CB8931BA45FD}C:\games\gta 4\gta 4eflc\eflc.exe] => (Allow) C:\games\gta 4\gta 4eflc\eflc.exe
FirewallRules: [{393B2B65-7498-446E-9454-31AF969079A6}] => (Allow) C:\Games\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{2A4F1161-4EAB-445E-B3B0-83FCEE695245}] => (Allow) C:\Games\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{45AC98BB-E418-4060-979A-CC8CDECBFFAC}] => (Allow) C:\Games\GTA 4\EFLC\LaunchEFLC.exe
FirewallRules: [{541DBC10-74B6-4AD2-AE3F-C380AE5A2C9F}] => (Allow) C:\Games\GTA 4\EFLC\LaunchEFLC.exe
FirewallRules: [{11A821F3-0F61-4472-835D-D3252B192DA2}] => (Allow) C:\Games\Battlefield 3\Battlefield 3\bf3.exe
FirewallRules: [{5F3835D6-4C80-4333-BC5A-08C34ED914EB}] => (Allow) C:\Games\Battlefield 3\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{41B15344-3A5A-4636-9C3F-35DA75AF76B3}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A8AE8963-A576-47D4-98F6-DEDB80BC85B8}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6FB41EF5-9FAB-4581-B977-1689EC9AA7EF}D:\games\testdriveunlimited.exe] => (Allow) D:\games\testdriveunlimited.exe
FirewallRules: [UDP Query User{64387FEB-814E-4783-B293-7A5B606EECF7}D:\games\testdriveunlimited.exe] => (Allow) D:\games\testdriveunlimited.exe
FirewallRules: [TCP Query User{FEEE3324-D95D-467A-9D64-BCFEB5CDE67A}C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe] => (Allow) C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe
FirewallRules: [UDP Query User{FF0A685C-670E-438D-9F26-DD577A62366E}C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe] => (Allow) C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe
FirewallRules: [TCP Query User{AEFFE17A-1F00-4847-A1EF-F493A03005F5}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3AE65D60-5D1B-47CE-9586-7C55D5EC00D2}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5BB8176F-A8A6-4DE3-B257-D8C3F3A80DC0}] => (Allow) D:\Games\Counterstrike Source\Steam.exe
FirewallRules: [{3087D8F2-2770-4EB3-93FA-1CB8D9EBE2BA}] => (Allow) D:\Games\Counterstrike Source\Steam.exe
FirewallRules: [{7910C34F-3285-45AA-BFD7-FAD0D88395F3}] => (Allow) D:\Games\Counterstrike Source\SteamApps\benda88\counter-strike source\hl2.exe
FirewallRules: [{94D2A57D-B23E-4A9C-AAB7-8C1D21B4D964}] => (Allow) D:\Games\Counterstrike Source\SteamApps\benda88\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{04BD9203-48D0-43FB-ADB5-3B4BEEFAC68D}D:\programme\winamp\winamp.exe] => (Allow) D:\programme\winamp\winamp.exe
FirewallRules: [UDP Query User{97B7F389-B7F6-4E29-816C-B6AFF4B0851F}D:\programme\winamp\winamp.exe] => (Allow) D:\programme\winamp\winamp.exe
FirewallRules: [{5E377E07-10F7-4290-834F-BE58812E6F76}] => (Block) D:\programme\winamp\winamp.exe
FirewallRules: [{FE01EF9E-1888-4F86-816C-13FEC81B8906}] => (Block) D:\programme\winamp\winamp.exe
FirewallRules: [{9EB42E62-BF36-468A-AD79-7BFA198420FB}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{0E8F294B-AA4C-4C0C-A89A-8DCB2B379F97}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [TCP Query User{AD4C25ED-3062-4A43-972C-A164F892CA4A}D:\games\testdrive unlimited\testdriveunlimited.exe] => (Allow) D:\games\testdrive unlimited\testdriveunlimited.exe
FirewallRules: [UDP Query User{03D42D7C-D749-47C3-A115-92052FC7BA6C}D:\games\testdrive unlimited\testdriveunlimited.exe] => (Allow) D:\games\testdrive unlimited\testdriveunlimited.exe
FirewallRules: [{DDFA1555-97C2-46B0-9EA2-F23A325CBE60}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{16B8A47D-851E-4B3B-B421-09DE3FBAF84A}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{0BABDB57-3DB9-4296-8910-3C3A458E26C3}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{C42BDDA3-6536-4111-B58A-A4DC604596D4}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{2E552CE9-5D38-4D4B-9261-9D0479D260E6}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{EA72BB57-06FA-43A8-809F-A8E0BD324793}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{85327394-1EA3-41C3-8295-882DA9AABA80}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{59E3AD89-526E-4CE5-A319-A0FD621B228B}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{E024DEBB-03E5-47CA-B70E-92766CED54DE}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{3ABAA23A-8BFB-4EB2-8DA1-82123A967CF1}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [TCP Query User{5874D941-0FC7-42EF-8050-2C2DCC96B2D0}D:\games\driver by r.g recoding\driver san francisco\driver.exe] => (Allow) D:\games\driver by r.g recoding\driver san francisco\driver.exe
FirewallRules: [UDP Query User{68DB7F72-1DD4-4DCF-91BE-72184861371D}D:\games\driver by r.g recoding\driver san francisco\driver.exe] => (Allow) D:\games\driver by r.g recoding\driver san francisco\driver.exe
FirewallRules: [{9ACC3141-D46C-4D44-A2DB-1BD3E96D978C}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{885550AC-3588-4E68-B087-C790349D8D90}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{2BE45B6C-8AD5-44E9-81D1-AF5402FBF669}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DADD3DCA-1071-472C-92A9-E64CA531B2C9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F917194D-DDAD-4861-95EA-9DEFC1FEDE99}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{094439D1-78A6-4465-BA4F-0AF00A70C56A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E528D144-291B-47AE-B1A7-438F69209663}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{9414D52A-356D-4445-AF87-65B2F30D3EDB}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{47DAECFD-815F-49A6-8F87-D70715039F47}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{C06619D5-7B86-42D5-AE32-FC84F9C87B28}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{7A120E79-F033-4AA1-A9FF-615F241D0D66}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\RM.exe
FirewallRules: [{8A374DED-2F2B-4F9E-AF22-9C454D7F1CCE}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\RM.exe
FirewallRules: [{EDCCE99B-1EA3-47CE-A180-32C6A54CB100}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\umi.exe
FirewallRules: [{25280AF1-DB85-4D61-A3EB-2666FEE353F6}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\umi.exe
FirewallRules: [{DAFA6341-541B-4258-89DC-21E508D66D0C}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe
FirewallRules: [{1B92803D-78EE-4CA3-917A-54A56465E2D7}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe
FirewallRules: [{197BADFC-8B73-4AEC-B698-81FB4A986367}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4BB326BF-F30F-473A-B678-121F376A2CAC}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A6405B9B-8E9C-4C96-B865-ED3BB17D5B35}] => (Allow) D:\Games\Counterstrike Source\bin\steamwebhelper.exe
FirewallRules: [{15F40517-A2A2-417E-A022-14C5740432A3}] => (Allow) D:\Games\Counterstrike Source\bin\steamwebhelper.exe
FirewallRules: [{81E16F13-F192-4E70-A1C3-997E8C7EBFC2}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{2BBE5E67-77A6-4186-9DF8-FBC55AE854AC}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{3C063478-BCEF-4476-9EBC-2A5E4FE4E773}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{5CC72709-3E1A-4EB0-B840-F286F819C1D5}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{DD965C84-3B6D-4725-B883-4324E8C77DC9}] => (Allow) C:\Program Files (x86)\Lightworks\Lightworks.exe
FirewallRules: [{9DB1D22C-05A8-4712-A437-9B0B47EB855D}] => (Allow) C:\Program Files (x86)\Lightworks\Lightworks.exe
FirewallRules: [{6913B43D-9873-4FBB-B769-1A82F9F15375}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{691A9809-E0E6-443C-B66D-3F95929112B8}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{3C5FFFA2-1690-4AF5-923A-3455D97B987D}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{C81672B3-E8B7-4F92-B618-BA3F20058B0B}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{28FE4EA2-EC33-4F6A-9C64-412962B618BA}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{1C26F5D9-7121-4C1D-97DD-B5F8D311F2B9}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [TCP Query User{5FB64045-55F3-4905-9CFE-2BC184BEAD15}G:\games\assetto corsa\acs.exe] => (Allow) G:\games\assetto corsa\acs.exe
FirewallRules: [UDP Query User{0A3FA8DF-6667-4D0F-B51B-D5A10AA30E69}G:\games\assetto corsa\acs.exe] => (Allow) G:\games\assetto corsa\acs.exe
FirewallRules: [{237FCB0F-7306-470C-9EF6-FB3973916181}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E0450BC-05C4-483E-8F71-31642CD5145F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B94E786B-2B31-4018-A9E2-CABDE7FA9381}] => (Allow) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F39379B5-8A6C-4A8F-AF86-FB60705DEB9F}] => (Allow) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{692FB58F-7447-47AF-AFBE-468926958B4C}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{EDA28318-E5DF-4C2C-B95D-CEB4B21AF016}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{21D44B44-2146-4C8D-952B-F032F505A26E}D:\games\counterstrike source\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\counterstrike source\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{27E6EA01-198F-4D61-A04F-8CCEF56F6594}D:\games\counterstrike source\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\counterstrike source\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{01F55C7A-CE01-4CD8-B34D-66EE1F235B3C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{BEC734A2-5A94-47DB-9023-6865E154C06F}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{772F2A32-23D0-4CF1-9990-26E68FB7AF1D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{3F46ADF1-FC33-442F-83B3-ADFFA3655183}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{D4AC49EE-A302-441E-944B-DFBB845C72D3}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{AC5B96E9-3181-45A3-8DC9-866DFF01A97C}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{BFBFE7AD-DC80-4191-A1A1-FE127D60855A}] => (Block) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{0A3F3D33-B641-4E8C-8939-0AA423B31C71}] => (Block) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{495B296D-931F-4890-8686-77CC51E21F4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7B108BE5-D3BB-4FCC-A009-DAC30E3A342A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{24B5DB29-7B0B-4004-A38B-6E91FB5403F0}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{A23EC090-1F9D-44E5-8AFC-FC1E787F5764}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{2D753C63-80CC-420A-9EA7-0EEB52A36DBD}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{BEB9B362-B23E-41B7-9F83-584EAAB333FC}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{27B604C1-5D3C-4A20-8B24-E73A3D26D894}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{361501C3-EF2F-4CA3-BA08-CA1F0B1F4703}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B4D90F43-B272-4298-98BF-D2790D44E0B3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{B2187E78-48B7-4D95-9904-D50A4B212B83}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{3B402AEC-BC41-41D3-AB15-E5F484850458}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{C347660E-084E-4C67-B862-147417EF0B2A}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe

==================== Wiederherstellungspunkte =========================

21-05-2016 18:30:45 Geplanter Prüfpunkt
22-05-2016 19:06:22 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/12/2016 07:52:19 AM) (Source: MsiInstaller) (EventID: 1024) (User: Ben-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F104E4700}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/08/2016 06:39:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DivX Player.exe, Version: 11.3.10.75, Zeitstempel: 0x55ce1f99
Name des fehlerhaften Moduls: DMFContainer.dll, Version: 1.5.0.3, Zeitstempel: 0x55cd83fd
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0008cc21
ID des fehlerhaften Prozesses: 0x1d30
Startzeit der fehlerhaften Anwendung: 0xDivX Player.exe0
Pfad der fehlerhaften Anwendung: DivX Player.exe1
Pfad des fehlerhaften Moduls: DivX Player.exe2
Berichtskennung: DivX Player.exe3

Error: (05/08/2016 06:39:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DivX Player.exe, Version: 11.3.10.75, Zeitstempel: 0x55ce1f99
Name des fehlerhaften Moduls: DMFContainer.dll, Version: 1.5.0.3, Zeitstempel: 0x55cd83fd
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0008cc21
ID des fehlerhaften Prozesses: 0x990
Startzeit der fehlerhaften Anwendung: 0xDivX Player.exe0
Pfad der fehlerhaften Anwendung: DivX Player.exe1
Pfad des fehlerhaften Moduls: DivX Player.exe2
Berichtskennung: DivX Player.exe3

Error: (05/05/2016 07:40:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GTA5.exe, Version: 1.0.678.1, Zeitstempel: 0x56e2b38c
Name des fehlerhaften Moduls: GTA5.exe, Version: 1.0.678.1, Zeitstempel: 0x56e2b38c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000664856
ID des fehlerhaften Prozesses: 0x1f70
Startzeit der fehlerhaften Anwendung: 0xGTA5.exe0
Pfad der fehlerhaften Anwendung: GTA5.exe1
Pfad des fehlerhaften Moduls: GTA5.exe2
Berichtskennung: GTA5.exe3

Error: (04/04/2016 07:47:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Spotify.exe, Version 1.0.25.127 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e10

Startzeit: 01d18e99f23f6467

Endzeit: 0

Anwendungspfad: C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe

Berichts-ID: 4a812025-fa8d-11e5-92eb-bc5ff44945d9

Error: (03/28/2016 04:09:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm csgo.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15f4

Startzeit: 01d188fb213b5fbe

Endzeit: 121

Anwendungspfad: D:\Games\Counterstrike Source\steamapps\common\Counter-Strike Global Offensive\csgo.exe

Berichts-ID:

Error: (03/25/2016 02:57:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GTA5.exe, Version: 1.0.678.1, Zeitstempel: 0x56e2b38c
Name des fehlerhaften Moduls: GTA5.exe, Version: 1.0.678.1, Zeitstempel: 0x56e2b38c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000359135b
ID des fehlerhaften Prozesses: 0x141c
Startzeit der fehlerhaften Anwendung: 0xGTA5.exe0
Pfad der fehlerhaften Anwendung: GTA5.exe1
Pfad des fehlerhaften Moduls: GTA5.exe2
Berichtskennung: GTA5.exe3

Error: (03/19/2016 08:50:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm vlc.exe, Version 2.2.1.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1838

Startzeit: 01d1821010e13c8a

Endzeit: 5

Anwendungspfad: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Berichts-ID:

Error: (03/19/2016 03:17:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avant.exe, Version: 12.5.0.0, Zeitstempel: 0x5689f08e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19160, Zeitstempel: 0x56bcd51f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002f644
ID des fehlerhaften Prozesses: 0x1230
Startzeit der fehlerhaften Anwendung: 0xavant.exe0
Pfad der fehlerhaften Anwendung: avant.exe1
Pfad des fehlerhaften Moduls: avant.exe2
Berichtskennung: avant.exe3

Error: (03/09/2016 10:06:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm csgo.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2bc

Startzeit: 01d17a3f110dce49

Endzeit: 11

Anwendungspfad: D:\Games\Counterstrike Source\steamapps\common\Counter-Strike Global Offensive\csgo.exe

Berichts-ID:


Systemfehler:
=============
Error: (05/22/2016 06:48:34 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (05/22/2016 06:48:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/22/2016 06:48:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/22/2016 06:48:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/22/2016 06:48:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/22/2016 06:48:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ProductAgentService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/22/2016 06:48:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/22/2016 06:48:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Plays.tv Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/22/2016 06:48:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/22/2016 06:48:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2014-10-14 06:39:27.577
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 06:39:27.576
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 06:39:27.574
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 06:39:27.572
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 06:39:27.571
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 06:39:27.570
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:27:08.619
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:27:08.618
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:27:08.617
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:27:08.615
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 22%
Installierter physikalischer RAM: 16279.03 MB
Verfügbarer physikalischer RAM: 12631.7 MB
Summe virtueller Speicher: 32556.25 MB
Verfügbarer virtueller Speicher: 29025.22 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:68.02 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:503.98 GB) NTFS
Drive f: (20141018_012547) (CDROM) (Total:5.36 GB) (Free:0 GB) UDF
Drive g: (Extern) (Fixed) (Total:1863.01 GB) (Free:646.23 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A357D397)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 038D8719)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00273BB2)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 23.05.2016, 10:55   #9
M-K-D-B
/// TB-Ausbilder
 
Trojaner "searchprotect" und "tmp00000be1" entfernen - Standard

Trojaner "searchprotect" und "tmp00000be1" entfernen



Servus,



gut gemacht.






Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2410925410-2808068811-915591143-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
FF NewTab: about:home
FF Homepage: about:home
C:\Users\Public\AlexaNSISPlugin.6936.dll
Task: {1D70820A-630E-4F59-82B4-BF7CF33CECF1} - \ProtectedSearch\Protected Search -> Keine Datei <==== ACHTUNG
Task: {5E7983E5-5405-40E6-AE09-95A1217116F8} - System32\Tasks\{3AAAF176-F7EF-41D0-AFD3-9F269021114C} => pcalua.exe -a C:\Users\Ben\Downloads\winessentials2012-all.exe -d "C:\Program Files (x86)\Mozilla Firefox"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :regfind
    Babylon
    bvyvavay
    SimplyTech
    HomeTab
    Browser Updater
    ProtectedSearch
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von SystemLook,
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 24.05.2016, 07:47   #10
HackedNoob
 
Trojaner "searchprotect" und "tmp00000be1" entfernen - Standard

Trojaner "searchprotect" und "tmp00000be1" entfernen



Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:22-05-2016 01
durchgeführt von Ben (2016-05-24 07:38:53) Run:1
Gestartet von C:\Users\Ben\Desktop
Geladene Profile: Ben (Verfügbare Profile: Ben)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-2410925410-2808068811-915591143-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
FF NewTab: about:home
FF Homepage: about:home
C:\Users\Public\AlexaNSISPlugin.6936.dll
Task: {1D70820A-630E-4F59-82B4-BF7CF33CECF1} - \ProtectedSearch\Protected Search -> Keine Datei <==== ACHTUNG
Task: {5E7983E5-5405-40E6-AE09-95A1217116F8} - System32\Tasks\{3AAAF176-F7EF-41D0-AFD3-9F269021114C} => pcalua.exe -a C:\Users\Ben\Downloads\winessentials2012-all.exe -d "C:\Program Files (x86)\Mozilla Firefox"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************

Prozess erfolgreich geschlossen.
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
Firefox "newtab" erfolgreich entfernt
Firefox "homepage" erfolgreich entfernt
C:\Users\Public\AlexaNSISPlugin.6936.dll => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D70820A-630E-4F59-82B4-BF7CF33CECF1}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D70820A-630E-4F59-82B4-BF7CF33CECF1}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E7983E5-5405-40E6-AE09-95A1217116F8}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E7983E5-5405-40E6-AE09-95A1217116F8}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{3AAAF176-F7EF-41D0-AFD3-9F269021114C} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3AAAF176-F7EF-41D0-AFD3-9F269021114C}" => Schlüssel erfolgreich entfernt

========= RemoveProxy: =========

HKU\S-1-5-21-2410925410-2808068811-915591143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= Ende von CMD: =========


=========  netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= Ende von CMD: =========

EmptyTemp: => 3.1 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 07:40:30 ====
         
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 07:44 on 24/05/2016 by Ben
Administrator - Elevation successful

========== regfind ==========

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "bvyvavay"
No data found.

Searching for "SimplyTech"
No data found.

Searching for "HomeTab"
No data found.

Searching for "Browser Updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater]

Searching for "ProtectedSearch"
No data found.

-= EOF =-
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:22-05-2016 01
durchgeführt von Ben (Administrator) auf BEN-PC (24-05-2016 07:46:18)
Gestartet von C:\Users\Ben\Desktop
Geladene Profile: Ben (Verfügbare Profile: Ben)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
(ICSI Technology Ltd.) C:\Windows\Dit.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(ICSI) C:\Windows\DitExp.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avant Force) C:\Program Files (x86)\Avant Browser\avant.exe
(Avant Force) C:\Program Files (x86)\Avant Browser\avantvw.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-06] (Logitech Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1651600 2016-04-25] (Bitdefender)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [885760 2012-02-22] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dit] => C:\Windows\Dit.exe [90112 2004-08-05] (ICSI Technology Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-27] (DivX, LLC)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-05-09] (Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-27] (Raptr, Inc)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [Dropbox Update] => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [Spotify] => C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-28] (Spotify Ltd)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [Spotify Web Helper] => C:\Users\Ben\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-28] (Spotify Ltd)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\MountPoints2: F - F:\Setup.exe autorun
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\MountPoints2: {0cffc0e7-918d-11e2-ba83-bc5ff44945d9} - F:\setup.exe
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-21]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-05-21]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 80.69.96.12 81.210.129.4
Tcpip\..\Interfaces\{93459425-DE5C-4808-9F97-6026C69CD4BC}: [DhcpNameServer] 80.69.96.12 81.210.129.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Keine Datei
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Keine Datei
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-08-05] (DivX, LLC)
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Photoshop CS6\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-22] (Apple Inc.)
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\google-images.xml [2014-12-18]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\google-maps.xml [2014-12-18]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\youtube.xml [2015-11-12]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\{58827B9B-1E67-4411-915F-922793B7986B}.xml [2012-08-26]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\{A31C05CC-0B97-428B-80B9-224FF9550200}.xml [2012-08-26]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\{D3ED56D7-F8F1-4998-87F7-9D409CB38784}.xml [2012-08-26]
FF Extension: NoScript - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-07]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\artur.dubovoy@gmail.com [2016-05-17]
FF Extension: Cliqz - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\cliqz@cliqz.com.xpi [2016-04-19]
FF Extension: Blur - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\donottrackplus@abine.com.xpi [2015-12-17]
FF Extension: TopLine - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\jid0-uIWxKlEIWnV1103pH2C8N6RsUe0@jetpack.xpi [2012-10-28] [ist nicht signiert]
FF Extension: Mailvelope - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-12-08]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\vdpure@link64.xpi [2016-01-22]
FF Extension: Video DownloadHelper - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-09]
FF Extension: Adblock Plus - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-05-12]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\cliqz@cliqz.com => nicht gefunden

Chrome: 
=======
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]
CHR Extension: (Google-Suche) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-17]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-07-03]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-07-03]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-07-03]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-07-03]
CHR Extension: (Google Wallet) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-03]
CHR Extension: (Google Mail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-07-03]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-08-16] (Creative Labs) [Datei ist nicht signiert]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-08-16] (Creative Labs) [Datei ist nicht signiert]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [Datei ist nicht signiert]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-02-14] (Creative Technology Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-05-09] (Plays.tv, LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-11] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [118608 2016-02-09] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-02-14] (Creative Technology Ltd)
R3 CTHDB; C:\Windows\System32\DRIVERS\CtHDb.sys [23640 2012-02-29] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-20] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-24 07:44 - 2016-05-24 07:45 - 00002966 _____ C:\Users\Ben\Desktop\SystemLook.txt
2016-05-24 07:43 - 2016-05-24 07:43 - 00165376 _____ C:\Users\Ben\Desktop\SystemLook_x64.exe
2016-05-24 07:38 - 2016-05-24 07:40 - 00003232 _____ C:\Users\Ben\Desktop\Fixlog.txt
2016-05-23 21:03 - 2016-05-23 22:10 - 00000000 ____D C:\Users\Ben\Documents\BitLord
2016-05-23 21:03 - 2016-05-23 21:18 - 00000000 ____D C:\Users\Ben\AppData\Roaming\BitLord
2016-05-22 20:59 - 2016-05-22 20:59 - 00006386 _____ C:\Users\Ben\Desktop\ESt2015_Hassenzahl_Benedict.elfo
2016-05-22 19:12 - 2016-05-22 19:12 - 00000000 ____D C:\Users\Ben\Desktop\FRST-OlderVersion
2016-05-22 19:08 - 2016-05-22 19:08 - 00005747 _____ C:\Users\Ben\Desktop\JRT.txt
2016-05-22 19:05 - 2016-05-22 19:05 - 01610816 _____ (Malwarebytes) C:\Users\Ben\Desktop\JRT.exe
2016-05-22 19:04 - 2016-05-22 19:04 - 00002160 _____ C:\Users\Ben\Desktop\mbam.txt
2016-05-22 18:53 - 2016-05-22 18:53 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-22 18:52 - 2016-05-22 18:52 - 22851472 _____ (Malwarebytes ) C:\Users\Ben\Desktop\mbam-setup-2.2.1.1043(1).exe
2016-05-22 18:50 - 2016-05-22 18:50 - 00014306 _____ C:\Users\Ben\Desktop\AdwCleaner[C1].txt
2016-05-22 18:24 - 2016-05-22 18:24 - 00001229 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2016-05-22 18:24 - 2016-05-22 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2016-05-22 16:39 - 2016-05-24 07:46 - 00027151 _____ C:\Users\Ben\Desktop\FRST.txt
2016-05-22 16:39 - 2016-05-22 19:14 - 00055221 _____ C:\Users\Ben\Desktop\Addition.txt
2016-05-22 16:39 - 2016-05-22 19:12 - 02383360 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2016-05-22 16:39 - 2016-05-22 16:39 - 03651136 _____ C:\Users\Ben\Desktop\AdwCleaner_5.117.exe
2016-05-22 16:39 - 2016-05-21 00:22 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Ben\Desktop\tdsskiller.exe
2016-05-22 16:39 - 2016-05-21 00:14 - 00001132 _____ C:\Users\Ben\Desktop\Avira Launcher.lnk
2016-05-21 00:22 - 2016-05-21 00:33 - 00220424 _____ C:\TDSSKiller.3.1.0.9_21.05.2016_00.22.30_log.txt
2016-05-21 00:22 - 2016-05-21 00:22 - 00071121 _____ C:\Users\Ben\Downloads\Addition.txt
2016-05-21 00:21 - 2016-05-24 07:46 - 00000000 ____D C:\FRST
2016-05-21 00:21 - 2016-05-21 00:22 - 00077166 _____ C:\Users\Ben\Downloads\FRST.txt
2016-05-20 22:59 - 2016-05-20 22:59 - 22851472 _____ (Malwarebytes ) C:\Users\Ben\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-20 20:40 - 2016-05-21 00:45 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Avira
2016-05-20 20:38 - 2016-05-21 00:48 - 00000000 ____D C:\ProgramData\Avira
2016-05-15 16:33 - 2016-05-15 16:33 - 00003640 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-05-15 05:09 - 2016-05-21 00:14 - 00002116 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-05-15 05:09 - 2016-05-15 05:09 - 00253404 ____H C:\bdr-ld02
2016-05-15 05:09 - 2016-05-15 05:09 - 00009216 ____H C:\bdr-ld02.mbr
2016-05-15 05:09 - 2016-05-15 05:09 - 00000684 ____H C:\bdr-cf02
2016-05-15 05:09 - 2016-05-15 05:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-05-15 05:09 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2016-05-15 05:09 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-05-15 05:09 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-05-15 05:09 - 2015-12-15 21:35 - 49760229 ____H C:\bdr-im02.gz
2016-05-15 05:09 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz02
2016-05-15 05:07 - 2016-05-15 05:10 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Bitdefender
2016-05-15 05:07 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-05-15 05:07 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-05-15 05:07 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2016-05-15 05:06 - 2016-05-15 05:26 - 00000000 ____D C:\ProgramData\Bitdefender
2016-05-15 05:05 - 2016-05-24 07:41 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-05-14 18:18 - 2016-05-14 18:18 - 00000000 ____D C:\Users\Ben\Desktop\AST Fahrwerk
2016-05-13 21:20 - 2016-05-15 03:45 - 00000000 ____D C:\Users\Ben\AppData\Local\AMD
2016-05-13 21:19 - 2016-05-13 21:19 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-05-13 21:18 - 2016-05-13 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2016-05-13 21:17 - 2016-05-13 21:18 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-05-13 21:17 - 2016-05-13 21:17 - 00000000 ____D C:\Program Files (x86)\AMD
2016-05-13 21:10 - 2016-05-13 21:10 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\Ben\Downloads\autodetectutility.exe
2016-05-13 20:04 - 2016-05-13 20:04 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-13 07:13 - 2016-05-24 07:41 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Raptr
2016-05-12 22:32 - 2016-05-12 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV
2016-05-12 07:36 - 2016-05-24 07:41 - 00000000 ____D C:\Users\Ben\AppData\Roaming\PlaysTV
2016-05-12 07:35 - 2016-05-12 07:35 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-05-11 16:52 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 16:52 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 16:52 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 16:52 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 16:52 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 16:52 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 16:52 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 16:52 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 16:52 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 16:52 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 16:52 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 16:52 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 16:52 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 16:52 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 16:52 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 16:52 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 16:52 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 16:52 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 16:52 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 16:52 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 16:52 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 16:52 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 16:52 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 16:52 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 16:52 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 16:52 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 16:52 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 16:52 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 16:52 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 16:52 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 16:52 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 16:52 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 16:52 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 16:52 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 16:52 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 16:52 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 16:52 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 16:52 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 16:52 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 16:52 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 16:52 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 16:52 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 16:52 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 16:52 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 16:52 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 16:52 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 16:52 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 16:52 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 16:52 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 16:52 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 16:52 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 16:52 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 16:52 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 16:52 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 16:52 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 16:52 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 16:52 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 16:52 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 16:52 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 16:52 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 16:52 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 16:52 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 16:52 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 16:52 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 16:52 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 16:52 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 16:52 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 16:52 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 16:52 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 16:52 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 16:52 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 16:52 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 16:52 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 16:52 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 16:52 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 16:52 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 16:52 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 16:52 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 16:52 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 16:52 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 16:52 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 16:52 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 16:52 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 16:52 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 16:52 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 16:52 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 16:52 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 16:52 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 16:52 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 16:52 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 16:52 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 16:52 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 16:52 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 16:52 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 16:52 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 16:52 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-05 14:35 - 2016-05-05 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-04 18:30 - 2016-05-04 19:39 - 00000000 ____D C:\Users\Public\CineForm
2016-05-04 18:30 - 2016-05-04 19:29 - 00000000 ____D C:\Users\Ben\AppData\Roaming\GoPro
2016-05-04 18:30 - 2016-05-04 18:30 - 00000000 ____D C:\Users\Ben\AppData\Local\GoPro
2016-05-04 18:29 - 2016-05-04 18:29 - 00000000 ____D C:\Program Files (x86)\OpenAL
2016-04-27 21:28 - 2016-04-27 21:28 - 08306382 _____ C:\Users\Ben\Desktop\Infiltrate template.rar
2016-04-25 20:04 - 2014-12-29 21:16 - 00000000 ____D C:\Users\Ben\Desktop\Template

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-24 07:46 - 2012-09-21 01:34 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Spotify
2016-05-24 07:45 - 2011-04-12 09:43 - 00699432 _____ C:\Windows\system32\perfh007.dat
2016-05-24 07:45 - 2011-04-12 09:43 - 00149572 _____ C:\Windows\system32\perfc007.dat
2016-05-24 07:45 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-24 07:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-24 07:41 - 2015-03-11 20:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-24 07:41 - 2015-03-04 23:19 - 00000000 ___RD C:\Users\Ben\Dropbox
2016-05-24 07:41 - 2012-09-21 01:34 - 00000000 ____D C:\Users\Ben\AppData\Local\Spotify
2016-05-24 07:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-24 07:40 - 2015-12-26 07:38 - 00301283 _____ C:\bdlog.txt
2016-05-24 07:38 - 2015-08-15 12:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-24 07:38 - 2015-06-18 18:28 - 00001216 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000UA.job
2016-05-24 07:30 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-24 07:30 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-23 23:25 - 2012-08-17 03:18 - 00000000 ____D C:\Users\Ben\AppData\Roaming\vlc
2016-05-23 21:19 - 2015-04-14 01:51 - 00000080 _____ C:\Users\Ben\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2016-05-23 21:08 - 2012-08-19 16:49 - 00000000 _____ C:\Users\Ben\AppData\Roaming\bitlord_log.txt
2016-05-23 19:38 - 2015-06-18 18:28 - 00001164 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000Core.job
2016-05-22 18:53 - 2015-03-11 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-22 18:53 - 2015-03-11 20:43 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-05-22 18:48 - 2013-10-12 19:28 - 00000000 ____D C:\AdwCleaner
2016-05-22 18:26 - 2014-04-06 17:25 - 00000000 ____D C:\ProgramData\elsterformular
2016-05-22 18:24 - 2014-04-06 17:25 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2016-05-22 18:24 - 2012-08-16 20:37 - 00000000 ____D C:\Users\Ben
2016-05-22 06:26 - 2015-11-02 20:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-22 05:27 - 2015-05-02 22:15 - 00005536 _____ C:\Users\Ben\Desktop\Kosten.txt
2016-05-21 16:50 - 2014-02-01 17:31 - 00000201 _____ C:\Users\Ben\Desktop\TO DO! BICHT!!!.txt
2016-05-21 14:51 - 2015-03-04 23:19 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Dropbox
2016-05-21 00:48 - 2013-08-26 11:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-21 00:15 - 2014-09-13 14:31 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-05-21 00:15 - 2013-11-27 20:47 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-05-21 00:15 - 2013-09-13 21:51 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-21 00:15 - 2012-08-17 03:21 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-21 00:15 - 2012-08-16 20:34 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-05-21 00:15 - 2012-08-16 20:34 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-05-21 00:15 - 2009-07-14 06:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-05-21 00:14 - 2016-03-28 20:56 - 00002165 _____ C:\Users\Public\Desktop\Preset Manager 1.0.lnk
2016-05-21 00:14 - 2016-01-12 00:56 - 00001831 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-05-21 00:14 - 2015-03-21 03:54 - 00002168 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-05-21 00:14 - 2014-11-30 20:11 - 00000761 _____ C:\Users\Public\Desktop\Assetto Corsa.lnk
2016-05-21 00:14 - 2014-08-31 01:09 - 00000953 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2016-05-21 00:14 - 2014-04-20 21:02 - 00001101 _____ C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk
2016-05-21 00:14 - 2014-04-13 19:36 - 00001100 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2016-05-21 00:14 - 2013-09-13 21:51 - 00001141 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-21 00:14 - 2013-08-23 01:01 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-21 00:14 - 2013-03-20 21:54 - 00001944 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-05-21 00:14 - 2012-12-25 18:54 - 00000704 _____ C:\Users\Public\Desktop\Winamp.lnk
2016-05-21 00:14 - 2012-09-21 01:34 - 00001779 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-05-21 00:14 - 2012-08-17 00:39 - 00001923 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Avant Browser.lnk
2016-05-21 00:14 - 2012-08-17 00:39 - 00001911 _____ C:\Users\Public\Desktop\Avant Browser.lnk
2016-05-21 00:14 - 2012-08-16 20:38 - 00001321 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-21 00:14 - 2009-07-14 07:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-05-21 00:14 - 2009-07-14 06:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-05-21 00:13 - 2015-10-13 23:16 - 00000941 _____ C:\Users\Ben\Desktop\Magic Bullet Looks.lnk
2016-05-21 00:13 - 2015-03-04 23:19 - 00001009 _____ C:\Users\Ben\Desktop\Drobox.lnk
2016-05-21 00:13 - 2014-12-17 22:53 - 00001827 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Tunatic.lnk
2016-05-21 00:13 - 2014-10-19 19:41 - 00000905 _____ C:\Users\Ben\Desktop\GTR2.lnk
2016-05-21 00:13 - 2014-09-13 15:19 - 00001038 _____ C:\Users\Ben\Desktop\Vegas Pro 13.0 (64-bit).lnk
2016-05-21 00:13 - 2014-07-10 01:26 - 00000783 _____ C:\Users\Ben\Desktop\Zeug vom Desktop.lnk
2016-05-21 00:13 - 2013-11-27 23:49 - 00000924 _____ C:\Users\Ben\Desktop\GIMP.lnk
2016-05-21 00:13 - 2013-03-20 22:03 - 00000763 _____ C:\Users\Ben\Desktop\GTR Evolution.lnk
2016-05-21 00:13 - 2012-12-30 04:03 - 00001563 _____ C:\Users\Ben\Desktop\Counter-Strike Source.lnk
2016-05-21 00:13 - 2012-11-06 22:55 - 00000961 _____ C:\Users\Ben\Desktop\TeamSpeak 3 Client.lnk
2016-05-21 00:13 - 2012-10-03 14:32 - 00000684 _____ C:\Users\Ben\Desktop\Free PDF to Word Doc Converter.lnk
2016-05-21 00:13 - 2012-09-21 01:34 - 00001793 _____ C:\Users\Ben\Desktop\Spotify.lnk
2016-05-21 00:13 - 2012-08-19 16:49 - 00000842 _____ C:\Users\Ben\Desktop\BitLord.lnk
2016-05-21 00:13 - 2012-08-16 21:17 - 00000355 _____ C:\Users\Ben\Desktop\Arbeitsplatz.lnk
2016-05-21 00:05 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-20 21:00 - 2012-11-06 22:56 - 00000000 ____D C:\Users\Ben\AppData\Roaming\TS3Client
2016-05-20 19:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-16 20:18 - 2012-09-01 01:53 - 00000371 _____ C:\Users\Ben\Desktop\TO DO.txt
2016-05-15 05:09 - 2016-02-14 19:14 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-05-15 05:06 - 2016-02-14 19:14 - 00000000 ____D C:\Program Files\Bitdefender
2016-05-15 03:51 - 2014-11-12 01:50 - 00000000 ____D C:\Users\Ben\AppData\LocalLow\boost_interprocess
2016-05-14 04:13 - 2014-04-05 20:01 - 00000000 ____D C:\Users\Ben\Desktop\CS 2014
2016-05-13 21:19 - 2016-03-29 01:26 - 00004230 _____ C:\Windows\System32\Tasks\AMD Updater
2016-05-13 21:17 - 2016-03-29 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-05-13 21:17 - 2013-12-29 21:05 - 00000000 ____D C:\Program Files\AMD
2016-05-13 07:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-05-13 07:38 - 2015-08-15 12:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-13 07:38 - 2015-07-23 00:54 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 07:38 - 2015-07-23 00:54 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 22:29 - 2012-08-16 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-05-12 22:29 - 2012-08-16 20:56 - 00000000 ____D C:\Program Files (x86)\Creative
2016-05-12 08:09 - 2015-04-15 19:16 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 08:04 - 2014-12-23 18:11 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-12 02:19 - 2014-08-20 22:58 - 00000000 ____D C:\Users\Ben\AppData\Local\Adobe
2016-05-11 23:25 - 2012-08-16 20:50 - 00000000 ____D C:\AMD
2016-05-11 22:53 - 2013-07-11 11:30 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 21:51 - 2009-07-14 06:45 - 05050848 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-11 21:50 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 18:01 - 2012-08-16 21:20 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-10 21:58 - 2012-08-16 20:47 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Adobe
2016-05-08 18:39 - 2012-10-28 19:22 - 00000000 ____D C:\Users\Ben\AppData\Local\CrashDumps
2016-05-06 17:46 - 2015-04-04 22:48 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-06 17:46 - 2015-04-04 22:48 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-05 22:28 - 2013-09-13 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-27 21:43 - 2012-08-16 20:53 - 00120496 _____ C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-01-12 00:56 - 2016-01-12 00:56 - 15566737 _____ () C:\Program Files\FileZilla3141.zip
2012-08-19 16:49 - 2016-05-23 21:08 - 0000000 _____ () C:\Users\Ben\AppData\Roaming\bitlord_log.txt
2012-10-13 19:23 - 2013-12-12 01:51 - 0005632 _____ () C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-17 22:30 - 2015-11-17 22:30 - 0000842 _____ () C:\Users\Ben\AppData\Local\recently-used.xbel
2012-09-12 20:33 - 2013-04-21 19:02 - 0007605 _____ () C:\Users\Ben\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-18 07:54

==================== Ende von FRST.txt ============================
         

Alt 24.05.2016, 07:48   #11
HackedNoob
 
Trojaner "searchprotect" und "tmp00000be1" entfernen - Standard

Trojaner "searchprotect" und "tmp00000be1" entfernen



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:22-05-2016 01
durchgeführt von Ben (2016-05-24 07:46:40)
Gestartet von C:\Users\Ben\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-16 18:37:21)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2410925410-2808068811-915591143-500 - Administrator - Disabled)
Ben (S-1-5-21-2410925410-2808068811-915591143-1000 - Administrator - Enabled) => C:\Users\Ben
Gast (S-1-5-21-2410925410-2808068811-915591143-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2410925410-2808068811-915591143-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avant Browser (remove only) (HKLM-x32\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.17.1000 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender)
BitLord 2.1 (HKLM-x32\...\BitLord) (Version: 2.1.1-91 - House of Life)
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Creative Music Server (HKLM-x32\...\Music Server) (Version: 1.01 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.3.19290 - Landesfinanzdirektion Thüringen)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
FilmConvert Pro 2.1 AE (HKLM\...\{CC62E726-2E52-4E16-9AF5-8991119A3667}) (Version: 2.12 - Rubber Monkey Software)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Pdf Perfect Prereq (HKLM-x32\...\{8a8f0ec0-a24b-4eb8-b811-2cf05c4d1c85}) (Version: 1.1.0.80 - Covus Freemium GmbH)
Free Pdf Perfect Prereq (x32 Version: 1.1.0.80 - Covus Freemium GmbH) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks)
Logitech Gaming Software 8.78 (HKLM\...\Logitech Gaming Software) (Version: 8.78.129 - Logitech Inc.)
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{E7676EF4-3896-4B7E-B030-1356EEC477CE}) (Version: 11.4.4 - Red Giant)
Magic Bullet Suite 64-bit (Version: 11.4.4 - Red Giant) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Motorola Driver Installation 3.2.0 (HKLM\...\{A7B9041E-9635-4AFF-BB1E-EFAF490A231B}) (Version: 3.2.0 - Motorola Inc.)
Motorola Phone Tools (HKLM-x32\...\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}) (Version: 4.60 - Avanquest Software)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi-Card Reader & Flash Disk (HKLM-x32\...\{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC9}) (Version: 1.00.0000 - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Pinnacle VideoSpin (HKLM-x32\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.10.1-r112682-release - Plays.tv, LLC)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.0-r112326-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Sonic Foundry Preset Manager 1.0 (HKLM-x32\...\{7266C898-F9CB-4122-9452-2AA1DACE245E}) (Version: 1.0.73 - Sonic Foundry)
Sound Blaster Recon3D PCIe (HKLM-x32\...\{F380C602-98E8-49AB-8C3F-8A73BACA45DD}) (Version: 1.00.22 - Creative Technology Limited)
Sound Blaster Recon3D PCIe Extras (HKLM-x32\...\{204FCF73-1450-407D-BCF9-1233EC5F5787}) (Version: 1.0 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Steam(TM) (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Test Drive Unlimited (HKLM-x32\...\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}) (Version: 1.00.0000 - Atari)
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{CE92F061-BFBC-11E3-8FF3-F04DA23A5C58}) (Version: 13.0.290 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1-3) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (Version: 1.0.3.1 - LunarG, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2410925410-2808068811-915591143-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {047D8A27-C9C0-4509-B54B-0DAAE60A46CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {108EC6FD-E65D-4308-A188-EAC5ABBB8E77} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {2439EA23-D503-4688-8E37-FBFA8EB9AD95} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-30] (Bitdefender)
Task: {3169177F-2AA2-4BEF-BCC6-B0D125EB68A2} - System32\Tasks\{A9CE6C82-5B6C-4C81-9C82-F507E1E7B46A} => c:\program files (x86)\avant browser\avant.exe [2016-01-04] (Avant Force)
Task: {5E002749-4D84-4067-A8DF-04F377230DC6} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {8D528501-7480-4A00-86D1-D12981FF9E0B} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {96E7E24E-45B0-4A1A-8C08-D03C85F54B46} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000Core => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {C9D881A2-1624-42AF-9730-0C1C0E03AA6D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000UA => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {DB598486-F771-4C91-BDF3-6B16D26723ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {E3D8DC2C-B845-49CA-85F1-FE7A92BE57E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000Core.job => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000UA.job => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-05-15 05:09 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-05-15 05:09 - 2016-05-09 11:29 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
2016-05-15 05:09 - 2016-05-09 11:29 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
2016-05-15 05:09 - 2016-05-09 11:29 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
2016-05-15 05:09 - 2016-05-09 11:29 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl
2012-08-19 01:01 - 2014-06-28 22:53 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-03-19 22:09 - 2012-03-19 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-01-06 21:43 - 2016-01-06 21:43 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-01-06 21:43 - 2016-01-06 21:43 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 22:46 - 2015-11-24 22:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 22:46 - 2015-11-24 22:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 22:57 - 2015-12-07 22:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2015-03-12 13:39 - 2016-04-28 00:44 - 47503472 _____ () C:\Users\Ben\AppData\Roaming\Spotify\libcef.dll
2015-12-12 13:39 - 2016-04-19 21:47 - 00034768 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-05-13 20:04 - 2016-04-19 21:48 - 00019408 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-05-13 20:04 - 2016-04-19 21:47 - 00116688 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 13:39 - 2016-04-19 21:47 - 00093640 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 13:39 - 2016-04-19 21:47 - 00018376 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 13:39 - 2016-05-07 00:35 - 00019760 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00105928 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-05-13 20:04 - 2016-04-19 21:47 - 00392144 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 13:39 - 2016-05-07 00:35 - 00381752 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 13:39 - 2016-04-19 21:47 - 00692688 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00020816 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 13:39 - 2016-04-19 21:48 - 00121296 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 01682760 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00020808 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 13:39 - 2016-05-07 00:35 - 00021840 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00038696 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-05-13 20:04 - 2016-04-19 21:49 - 00020936 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00024528 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00114640 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00124880 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-19 21:39 - 2016-05-07 00:35 - 00021832 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00024016 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00175560 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00030160 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00043472 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00028616 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00048592 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00026456 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00057808 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00024016 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00117056 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00052024 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-12 13:39 - 2016-04-19 21:47 - 00134608 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-05-13 20:04 - 2016-04-19 21:47 - 00134088 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-05-13 20:04 - 2016-04-19 21:48 - 00240584 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-02-19 21:39 - 2016-05-07 00:35 - 00020800 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-19 21:39 - 2016-05-07 00:35 - 00021824 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-19 21:39 - 2016-05-07 00:35 - 00019776 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-19 21:39 - 2016-05-07 00:35 - 00020800 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00024392 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-05-13 20:04 - 2016-04-19 21:50 - 00036296 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\librsync.dll
2016-05-13 20:04 - 2016-05-07 00:34 - 00020280 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 13:39 - 2016-05-07 00:35 - 00023376 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00350152 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-19 21:39 - 2016-05-07 00:35 - 00022352 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00084280 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-05-13 20:04 - 2016-05-07 00:34 - 01826096 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 13:39 - 2016-04-19 21:48 - 00083912 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\sip.pyd
2016-05-13 20:04 - 2016-05-07 00:35 - 03928880 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 01971504 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00531248 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-05-13 20:04 - 2016-05-07 00:35 - 00132912 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-05-13 20:04 - 2016-05-07 00:35 - 00223544 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-05-13 20:04 - 2016-05-07 00:34 - 00207672 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-12 13:39 - 2016-04-19 21:49 - 00060880 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\win32print.pyd
2015-12-12 13:39 - 2016-05-07 00:35 - 00024904 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-05-13 20:04 - 2016-05-07 00:35 - 00546096 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-05-13 20:04 - 2016-05-07 00:35 - 00357680 _____ () C:\Users\Ben\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2012-02-23 12:56 - 2012-02-23 12:56 - 00593920 _____ () C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\de-DE\SBRnPCIe.resources.dll
2015-03-12 13:39 - 2016-04-28 00:44 - 01584240 _____ () C:\Users\Ben\AppData\Roaming\Spotify\libglesv2.dll
2015-03-12 13:39 - 2016-04-28 00:44 - 00082032 _____ () C:\Users\Ben\AppData\Roaming\Spotify\libegl.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-10-21 22:29 - 2015-10-21 22:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-10-21 22:29 - 2015-10-21 22:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd
2011-05-10 21:01 - 2011-05-10 21:01 - 00030208 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\simplejson._speedups.pyd
2015-06-27 01:09 - 2015-06-27 01:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pythoncom26.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32com.shell.shell.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_sqlite3.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00387072 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sqlite3.dll
2015-10-21 22:29 - 2015-10-21 22:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlc.dll
2015-10-21 22:29 - 2015-10-21 22:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlccore.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32file.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 00216064 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKitWidgets.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 00118784 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKit.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 00199680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtPrintSupport.pyd
2015-06-27 01:09 - 2015-06-27 01:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\amd_ags.dll
2015-11-24 22:47 - 2015-11-24 22:47 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32com.shell.shell.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\unicodedata.pyd
2015-10-21 22:29 - 2015-10-21 22:29 - 00027667 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libdirectsound_plugin.dll
2015-10-21 22:29 - 2015-10-21 22:29 - 00031251 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libwaveout_plugin.dll
2015-10-21 22:29 - 2015-10-21 22:29 - 00066579 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\video_output\libdirectdraw_plugin.dll
2016-05-09 23:02 - 2016-05-09 23:02 - 02619144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\ltc_host_ex.DLL
2010-11-23 00:57 - 2010-11-23 00:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2016-04-19 19:08 - 2016-04-19 19:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2010-11-23 01:06 - 2010-11-23 01:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
2014-06-26 06:00 - 2016-01-04 06:26 - 00677376 _____ () C:\Program Files (x86)\Avant Browser\_sqlite3.dll
2012-08-17 00:39 - 2016-01-04 06:26 - 01453056 _____ () C:\Program Files (x86)\Avant Browser\avantshell.dll
2015-10-16 12:02 - 2015-10-16 12:02 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2016-01-25 22:09 - 2016-01-04 06:26 - 01576960 _____ () C:\Program Files (x86)\Avant Browser\webkit\libglesv2.dll
2016-01-25 22:09 - 2016-01-04 06:26 - 00074752 _____ () C:\Program Files (x86)\Avant Browser\webkit\libegl.dll
2016-01-25 22:09 - 2016-01-04 06:26 - 16573256 _____ () C:\Program Files (x86)\Avant Browser\webkit\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Ben\Desktop\AdwCleaner_5.117.exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Desktop\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Desktop\mbam-setup-2.2.1.1043(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Desktop\SystemLook_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Desktop\tdsskiller.exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Downloads\autodetectutility.exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Downloads\LGS_8.78.129_x64_Logitech.exe:BDU [0]
AlternateDataStreams: C:\Users\Ben\Downloads\mbam-setup-2.2.1.1043.exe:BDU [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-05-24 07:41 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2410925410-2808068811-915591143-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 80.69.96.12 - 81.210.129.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{82260939-98DA-4CF5-9C00-9AFA5E95AA50}] => (Allow) C:\Users\Ben\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{25154B17-4D55-4FE8-8E67-FCD87680A227}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{628A90DC-41D2-444F-A67F-E1BD8E4F0E41}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8F23AC69-6661-4809-9743-AF44604219F2}] => (Allow) LPort=2869
FirewallRules: [{4832E087-A6A2-4E70-B1A2-E0B398DACAFE}] => (Allow) LPort=1900
FirewallRules: [{1922A093-3790-4EC7-A53A-6CADAE8A44C5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E99B4A98-D497-414D-9FD1-5884C0234449}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{206CF8F8-DC43-4B9D-9704-95CB89DFA822}C:\games\gta 4\gta 4eflc\eflc.exe] => (Allow) C:\games\gta 4\gta 4eflc\eflc.exe
FirewallRules: [UDP Query User{CF287F40-8FC9-4BE4-A0F1-CB8931BA45FD}C:\games\gta 4\gta 4eflc\eflc.exe] => (Allow) C:\games\gta 4\gta 4eflc\eflc.exe
FirewallRules: [{393B2B65-7498-446E-9454-31AF969079A6}] => (Allow) C:\Games\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{2A4F1161-4EAB-445E-B3B0-83FCEE695245}] => (Allow) C:\Games\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{45AC98BB-E418-4060-979A-CC8CDECBFFAC}] => (Allow) C:\Games\GTA 4\EFLC\LaunchEFLC.exe
FirewallRules: [{541DBC10-74B6-4AD2-AE3F-C380AE5A2C9F}] => (Allow) C:\Games\GTA 4\EFLC\LaunchEFLC.exe
FirewallRules: [{11A821F3-0F61-4472-835D-D3252B192DA2}] => (Allow) C:\Games\Battlefield 3\Battlefield 3\bf3.exe
FirewallRules: [{5F3835D6-4C80-4333-BC5A-08C34ED914EB}] => (Allow) C:\Games\Battlefield 3\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{41B15344-3A5A-4636-9C3F-35DA75AF76B3}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A8AE8963-A576-47D4-98F6-DEDB80BC85B8}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6FB41EF5-9FAB-4581-B977-1689EC9AA7EF}D:\games\testdriveunlimited.exe] => (Allow) D:\games\testdriveunlimited.exe
FirewallRules: [UDP Query User{64387FEB-814E-4783-B293-7A5B606EECF7}D:\games\testdriveunlimited.exe] => (Allow) D:\games\testdriveunlimited.exe
FirewallRules: [TCP Query User{FEEE3324-D95D-467A-9D64-BCFEB5CDE67A}C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe] => (Allow) C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe
FirewallRules: [UDP Query User{FF0A685C-670E-438D-9F26-DD577A62366E}C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe] => (Allow) C:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe
FirewallRules: [TCP Query User{AEFFE17A-1F00-4847-A1EF-F493A03005F5}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3AE65D60-5D1B-47CE-9586-7C55D5EC00D2}C:\users\ben\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ben\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5BB8176F-A8A6-4DE3-B257-D8C3F3A80DC0}] => (Allow) D:\Games\Counterstrike Source\Steam.exe
FirewallRules: [{3087D8F2-2770-4EB3-93FA-1CB8D9EBE2BA}] => (Allow) D:\Games\Counterstrike Source\Steam.exe
FirewallRules: [{7910C34F-3285-45AA-BFD7-FAD0D88395F3}] => (Allow) D:\Games\Counterstrike Source\SteamApps\benda88\counter-strike source\hl2.exe
FirewallRules: [{94D2A57D-B23E-4A9C-AAB7-8C1D21B4D964}] => (Allow) D:\Games\Counterstrike Source\SteamApps\benda88\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{04BD9203-48D0-43FB-ADB5-3B4BEEFAC68D}D:\programme\winamp\winamp.exe] => (Allow) D:\programme\winamp\winamp.exe
FirewallRules: [UDP Query User{97B7F389-B7F6-4E29-816C-B6AFF4B0851F}D:\programme\winamp\winamp.exe] => (Allow) D:\programme\winamp\winamp.exe
FirewallRules: [{5E377E07-10F7-4290-834F-BE58812E6F76}] => (Block) D:\programme\winamp\winamp.exe
FirewallRules: [{FE01EF9E-1888-4F86-816C-13FEC81B8906}] => (Block) D:\programme\winamp\winamp.exe
FirewallRules: [{9EB42E62-BF36-468A-AD79-7BFA198420FB}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{0E8F294B-AA4C-4C0C-A89A-8DCB2B379F97}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [TCP Query User{AD4C25ED-3062-4A43-972C-A164F892CA4A}D:\games\testdrive unlimited\testdriveunlimited.exe] => (Allow) D:\games\testdrive unlimited\testdriveunlimited.exe
FirewallRules: [UDP Query User{03D42D7C-D749-47C3-A115-92052FC7BA6C}D:\games\testdrive unlimited\testdriveunlimited.exe] => (Allow) D:\games\testdrive unlimited\testdriveunlimited.exe
FirewallRules: [{DDFA1555-97C2-46B0-9EA2-F23A325CBE60}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{16B8A47D-851E-4B3B-B421-09DE3FBAF84A}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{0BABDB57-3DB9-4296-8910-3C3A458E26C3}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{C42BDDA3-6536-4111-B58A-A4DC604596D4}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{2E552CE9-5D38-4D4B-9261-9D0479D260E6}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{EA72BB57-06FA-43A8-809F-A8E0BD324793}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{85327394-1EA3-41C3-8295-882DA9AABA80}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{59E3AD89-526E-4CE5-A319-A0FD621B228B}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{E024DEBB-03E5-47CA-B70E-92766CED54DE}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{3ABAA23A-8BFB-4EB2-8DA1-82123A967CF1}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [TCP Query User{5874D941-0FC7-42EF-8050-2C2DCC96B2D0}D:\games\driver by r.g recoding\driver san francisco\driver.exe] => (Allow) D:\games\driver by r.g recoding\driver san francisco\driver.exe
FirewallRules: [UDP Query User{68DB7F72-1DD4-4DCF-91BE-72184861371D}D:\games\driver by r.g recoding\driver san francisco\driver.exe] => (Allow) D:\games\driver by r.g recoding\driver san francisco\driver.exe
FirewallRules: [{9ACC3141-D46C-4D44-A2DB-1BD3E96D978C}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{885550AC-3588-4E68-B087-C790349D8D90}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{2BE45B6C-8AD5-44E9-81D1-AF5402FBF669}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DADD3DCA-1071-472C-92A9-E64CA531B2C9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F917194D-DDAD-4861-95EA-9DEFC1FEDE99}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{094439D1-78A6-4465-BA4F-0AF00A70C56A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E528D144-291B-47AE-B1A7-438F69209663}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{9414D52A-356D-4445-AF87-65B2F30D3EDB}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{47DAECFD-815F-49A6-8F87-D70715039F47}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{C06619D5-7B86-42D5-AE32-FC84F9C87B28}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{7A120E79-F033-4AA1-A9FF-615F241D0D66}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\RM.exe
FirewallRules: [{8A374DED-2F2B-4F9E-AF22-9C454D7F1CCE}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\RM.exe
FirewallRules: [{EDCCE99B-1EA3-47CE-A180-32C6A54CB100}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\umi.exe
FirewallRules: [{25280AF1-DB85-4D61-A3EB-2666FEE353F6}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\umi.exe
FirewallRules: [{DAFA6341-541B-4258-89DC-21E508D66D0C}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe
FirewallRules: [{1B92803D-78EE-4CA3-917A-54A56465E2D7}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe
FirewallRules: [{197BADFC-8B73-4AEC-B698-81FB4A986367}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4BB326BF-F30F-473A-B678-121F376A2CAC}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A6405B9B-8E9C-4C96-B865-ED3BB17D5B35}] => (Allow) D:\Games\Counterstrike Source\bin\steamwebhelper.exe
FirewallRules: [{15F40517-A2A2-417E-A022-14C5740432A3}] => (Allow) D:\Games\Counterstrike Source\bin\steamwebhelper.exe
FirewallRules: [{81E16F13-F192-4E70-A1C3-997E8C7EBFC2}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{2BBE5E67-77A6-4186-9DF8-FBC55AE854AC}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{3C063478-BCEF-4476-9EBC-2A5E4FE4E773}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{5CC72709-3E1A-4EB0-B840-F286F819C1D5}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{DD965C84-3B6D-4725-B883-4324E8C77DC9}] => (Allow) C:\Program Files (x86)\Lightworks\Lightworks.exe
FirewallRules: [{9DB1D22C-05A8-4712-A437-9B0B47EB855D}] => (Allow) C:\Program Files (x86)\Lightworks\Lightworks.exe
FirewallRules: [{6913B43D-9873-4FBB-B769-1A82F9F15375}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{691A9809-E0E6-443C-B66D-3F95929112B8}] => (Allow) C:\Program Files (x86)\Lightworks\ntcardvt.exe
FirewallRules: [{3C5FFFA2-1690-4AF5-923A-3455D97B987D}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{C81672B3-E8B7-4F92-B618-BA3F20058B0B}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe
FirewallRules: [{28FE4EA2-EC33-4F6A-9C64-412962B618BA}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{1C26F5D9-7121-4C1D-97DD-B5F8D311F2B9}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [TCP Query User{5FB64045-55F3-4905-9CFE-2BC184BEAD15}G:\games\assetto corsa\acs.exe] => (Allow) G:\games\assetto corsa\acs.exe
FirewallRules: [UDP Query User{0A3FA8DF-6667-4D0F-B51B-D5A10AA30E69}G:\games\assetto corsa\acs.exe] => (Allow) G:\games\assetto corsa\acs.exe
FirewallRules: [{237FCB0F-7306-470C-9EF6-FB3973916181}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E0450BC-05C4-483E-8F71-31642CD5145F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B94E786B-2B31-4018-A9E2-CABDE7FA9381}] => (Allow) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F39379B5-8A6C-4A8F-AF86-FB60705DEB9F}] => (Allow) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{692FB58F-7447-47AF-AFBE-468926958B4C}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{EDA28318-E5DF-4C2C-B95D-CEB4B21AF016}] => (Allow) D:\Games\Counterstrike Source\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{21D44B44-2146-4C8D-952B-F032F505A26E}D:\games\counterstrike source\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\counterstrike source\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{27E6EA01-198F-4D61-A04F-8CCEF56F6594}D:\games\counterstrike source\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\games\counterstrike source\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{01F55C7A-CE01-4CD8-B34D-66EE1F235B3C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{BEC734A2-5A94-47DB-9023-6865E154C06F}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{772F2A32-23D0-4CF1-9990-26E68FB7AF1D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{3F46ADF1-FC33-442F-83B3-ADFFA3655183}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{D4AC49EE-A302-441E-944B-DFBB845C72D3}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{AC5B96E9-3181-45A3-8DC9-866DFF01A97C}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{BFBFE7AD-DC80-4191-A1A1-FE127D60855A}] => (Block) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{0A3F3D33-B641-4E8C-8939-0AA423B31C71}] => (Block) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{495B296D-931F-4890-8686-77CC51E21F4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7B108BE5-D3BB-4FCC-A009-DAC30E3A342A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{24B5DB29-7B0B-4004-A38B-6E91FB5403F0}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{A23EC090-1F9D-44E5-8AFC-FC1E787F5764}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{2D753C63-80CC-420A-9EA7-0EEB52A36DBD}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{BEB9B362-B23E-41B7-9F83-584EAAB333FC}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{27B604C1-5D3C-4A20-8B24-E73A3D26D894}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{361501C3-EF2F-4CA3-BA08-CA1F0B1F4703}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B4D90F43-B272-4298-98BF-D2790D44E0B3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{B2187E78-48B7-4D95-9904-D50A4B212B83}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{3B402AEC-BC41-41D3-AB15-E5F484850458}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{C347660E-084E-4C67-B862-147417EF0B2A}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe

==================== Wiederherstellungspunkte =========================

21-05-2016 18:30:45 Geplanter Prüfpunkt
22-05-2016 19:06:22 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (05/12/2016 07:52:19 AM) (Source: MsiInstaller) (EventID: 1024) (User: Ben-PC)
Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F104E4700}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/08/2016 06:39:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DivX Player.exe, Version: 11.3.10.75, Zeitstempel: 0x55ce1f99
Name des fehlerhaften Moduls: DMFContainer.dll, Version: 1.5.0.3, Zeitstempel: 0x55cd83fd
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0008cc21
ID des fehlerhaften Prozesses: 0x1d30
Startzeit der fehlerhaften Anwendung: 0xDivX Player.exe0
Pfad der fehlerhaften Anwendung: DivX Player.exe1
Pfad des fehlerhaften Moduls: DivX Player.exe2
Berichtskennung: DivX Player.exe3

Error: (05/08/2016 06:39:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DivX Player.exe, Version: 11.3.10.75, Zeitstempel: 0x55ce1f99
Name des fehlerhaften Moduls: DMFContainer.dll, Version: 1.5.0.3, Zeitstempel: 0x55cd83fd
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0008cc21
ID des fehlerhaften Prozesses: 0x990
Startzeit der fehlerhaften Anwendung: 0xDivX Player.exe0
Pfad der fehlerhaften Anwendung: DivX Player.exe1
Pfad des fehlerhaften Moduls: DivX Player.exe2
Berichtskennung: DivX Player.exe3

Error: (05/05/2016 07:40:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GTA5.exe, Version: 1.0.678.1, Zeitstempel: 0x56e2b38c
Name des fehlerhaften Moduls: GTA5.exe, Version: 1.0.678.1, Zeitstempel: 0x56e2b38c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000664856
ID des fehlerhaften Prozesses: 0x1f70
Startzeit der fehlerhaften Anwendung: 0xGTA5.exe0
Pfad der fehlerhaften Anwendung: GTA5.exe1
Pfad des fehlerhaften Moduls: GTA5.exe2
Berichtskennung: GTA5.exe3

Error: (04/04/2016 07:47:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Spotify.exe, Version 1.0.25.127 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e10

Startzeit: 01d18e99f23f6467

Endzeit: 0

Anwendungspfad: C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe

Berichts-ID: 4a812025-fa8d-11e5-92eb-bc5ff44945d9

Error: (03/28/2016 04:09:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm csgo.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15f4

Startzeit: 01d188fb213b5fbe

Endzeit: 121

Anwendungspfad: D:\Games\Counterstrike Source\steamapps\common\Counter-Strike Global Offensive\csgo.exe

Berichts-ID:

Error: (03/25/2016 02:57:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GTA5.exe, Version: 1.0.678.1, Zeitstempel: 0x56e2b38c
Name des fehlerhaften Moduls: GTA5.exe, Version: 1.0.678.1, Zeitstempel: 0x56e2b38c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000359135b
ID des fehlerhaften Prozesses: 0x141c
Startzeit der fehlerhaften Anwendung: 0xGTA5.exe0
Pfad der fehlerhaften Anwendung: GTA5.exe1
Pfad des fehlerhaften Moduls: GTA5.exe2
Berichtskennung: GTA5.exe3

Error: (03/19/2016 08:50:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm vlc.exe, Version 2.2.1.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1838

Startzeit: 01d1821010e13c8a

Endzeit: 5

Anwendungspfad: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Berichts-ID:

Error: (03/19/2016 03:17:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avant.exe, Version: 12.5.0.0, Zeitstempel: 0x5689f08e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19160, Zeitstempel: 0x56bcd51f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002f644
ID des fehlerhaften Prozesses: 0x1230
Startzeit der fehlerhaften Anwendung: 0xavant.exe0
Pfad der fehlerhaften Anwendung: avant.exe1
Pfad des fehlerhaften Moduls: avant.exe2
Berichtskennung: avant.exe3

Error: (03/09/2016 10:06:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm csgo.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2bc

Startzeit: 01d17a3f110dce49

Endzeit: 11

Anwendungspfad: D:\Games\Counterstrike Source\steamapps\common\Counter-Strike Global Offensive\csgo.exe

Berichts-ID:


Systemfehler:
=============
Error: (05/24/2016 07:39:23 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (05/24/2016 07:38:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/24/2016 07:38:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/24/2016 07:38:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/24/2016 07:38:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/24/2016 07:38:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/24/2016 07:38:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ProductAgentService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/24/2016 07:38:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/24/2016 07:38:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Plays.tv Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/24/2016 07:38:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2014-10-14 06:39:27.577
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 06:39:27.576
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 06:39:27.574
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 06:39:27.572
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 06:39:27.571
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-14 06:39:27.570
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:27:08.619
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:27:08.618
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:27:08.617
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-10-13 00:27:08.615
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 16279.03 MB
Verfügbarer physikalischer RAM: 11201.02 MB
Summe virtueller Speicher: 32556.25 MB
Verfügbarer virtueller Speicher: 26444.61 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:69.09 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:503.98 GB) NTFS
Drive f: (20141018_012547) (CDROM) (Total:5.36 GB) (Free:0 GB) UDF
Drive g: (Extern) (Fixed) (Total:1863.01 GB) (Free:646.12 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A357D397)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 038D8719)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00273BB2)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 24.05.2016, 10:28   #12
M-K-D-B
/// TB-Ausbilder
 
Trojaner "searchprotect" und "tmp00000be1" entfernen - Standard

Trojaner "searchprotect" und "tmp00000be1" entfernen



Servus,


wir entfernen die letzten Reste und kontrollieren nochmal alles.



Hinweis: Der Suchlauf mit ESET kann länger dauern.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von HitmanPro,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 25.05.2016, 07:41   #13
HackedNoob
 
Trojaner "searchprotect" und "tmp00000be1" entfernen - Standard

Trojaner "searchprotect" und "tmp00000be1" entfernen



Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:24-05-2016 01
durchgeführt von Ben (2016-05-25 01:08:41) Run:2
Gestartet von C:\Users\Ben\Desktop
Geladene Profile: Ben (Verfügbare Profile: Ben)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater
EmptyTemp:
end
*****************

Prozess erfolgreich geschlossen.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater => Schlüssel erfolgreich entfernt
EmptyTemp: => 362.4 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 01:08:43 ====
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ab567c4a07a1ba46bb79c7d90f147c7f
# end=init
# utc_time=2016-05-24 11:12:05
# local_time=2016-05-25 01:12:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 29579
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ab567c4a07a1ba46bb79c7d90f147c7f
# end=updated
# utc_time=2016-05-24 11:31:34
# local_time=2016-05-25 01:31:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=ab567c4a07a1ba46bb79c7d90f147c7f
# engine=29579
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-25 12:57:37
# local_time=2016-05-25 02:57:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2071 16777213 100 99 6398 161450522 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 8833822 215767707 0 0
# scanned=470908
# found=73
# cleaned=73
# scan_time=5162
sh=AAF11F1D85F2917144A2FA298F037F00150B1D85 ft=1 fh=48d573ff6de029f5 vn="JS/SecurityDisabler.B evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HDvidCodec.com\hdvidextsetup.exe.vir"
sh=A9AAC7CA705AEF1BB44D100D3D0E72E10E7F61B0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\chrome\content\core\xhr.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=C59CEF5A69DF0E225184EBB231C005F0042767F0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=5B79E1012732BA64F2D1FDF7DBF44CAD28FE7CDD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=F2B6C01B0C8E3FDDC1D1FF717405839AF5E87C45 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\14_CrossriderUtils.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=BCAFAD8B3BF149BFB7F337DF5FD07A9B3391AFFE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\170_icm1_5_m.js.vir"
sh=EDAF8A2B6318DD482F0BBDC2A96C109697D86E5A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=9968E7101A0C09D5340EE60D45B074AB1C8302C2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.S evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\22_resources.js.vir"
sh=4666A52D4EEF9AD0B5BEF9DFF1A9163C17D03398 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\28_initializer.js.vir"
sh=2EBC101982648313FFE20510A6C6754410F9D89B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\47_resources_background.js.vir"
sh=148CA44D7C0A3E2F5E2A3D38EFC5D999D2701A84 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\64_appApiMessage.js.vir"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\92_superfish_m.js.vir"
sh=17455E3C3ACDC5230501BB3BA992829B8669DDC5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=A9AAC7CA705AEF1BB44D100D3D0E72E10E7F61B0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\chrome\content\core\xhr.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=E254E0BD5C202A441B4F7415C762F7D537A79E24 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=5B79E1012732BA64F2D1FDF7DBF44CAD28FE7CDD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=F2B6C01B0C8E3FDDC1D1FF717405839AF5E87C45 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\14_CrossriderUtils.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=9968E7101A0C09D5340EE60D45B074AB1C8302C2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.S evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\22_resources.js.vir"
sh=4666A52D4EEF9AD0B5BEF9DFF1A9163C17D03398 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\28_initializer.js.vir"
sh=2EBC101982648313FFE20510A6C6754410F9D89B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\47_resources_background.js.vir"
sh=148CA44D7C0A3E2F5E2A3D38EFC5D999D2701A84 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\64_appApiMessage.js.vir"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\92_superfish_m.js.vir"
sh=DEF8CB14886F5A427CEB5E70D8C1D395AC135F4A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_147573\Extensions\e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=0B95EB315772FE78834796A9676287069026F7AF ft=1 fh=e13dc6e6bc45bf40 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\Ben\Downloads\Dxtory - CHIP-Installer.exe"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung (gelöscht)" ac=C fn="D:\Programme\BitLord 2\StubInstaller.exe"
         
Rest kommt heute Nacht.
Beim ESET Online Scanner soll ich nicht die Quarantäne löschen?

Alt 25.05.2016, 12:19   #14
M-K-D-B
/// TB-Ausbilder
 
Trojaner "searchprotect" und "tmp00000be1" entfernen - Standard

Trojaner "searchprotect" und "tmp00000be1" entfernen



Zitat:
Zitat von HackedNoob Beitrag anzeigen
Beim ESET Online Scanner soll ich nicht die Quarantäne löschen?
Hat doch ESET sowieso gemacht...

Generell ist das aber nicht zu empfehlen, da (wie bei dir jetzt auch) ESET nur Elemente gefunden hat, die sich in der Quarantäne von AdwCleaner befinden und dort sowieso keinen Schaden mehr anrichten können...


Fehlen noch HitmanPro und FRST...
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 26.05.2016, 16:22   #15
HackedNoob
 
Trojaner "searchprotect" und "tmp00000be1" entfernen - Standard

Trojaner "searchprotect" und "tmp00000be1" entfernen



Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : BEN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Ben-PC\Ben
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-05-26 16:15:53
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 0s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 10

   Objects scanned . . . : 2.405.051
   Files scanned . . . . : 49.123
   Remnants scanned  . . : 433.322 files / 1.922.606 keys

Malware _____________________________________________________________________

   C:\Users\Ben\Documents\Test Drive Unlimited\savegame\PetrolSexual\tduhack2.exe
      Size . . . . . . . : 339.718 bytes
      Age  . . . . . . . : 845.7 days (2014-02-01 00:34:10)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 0EC15D863C7978DB7782D4BFAB0B068497D4343D47F10FC500722403922EC2B0
    > HitmanPro  . . . . : Malware
      Fuzzy  . . . . . . : 106.0


Suspicious files ____________________________________________________________

   C:\Users\Ben\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.383.360 bytes
      Age  . . . . . . . : 4.0 days (2016-05-22 16:39:20)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : DE49CF6D342CEAD974A1CBDF411025AA8260B51CD9C841E15719ED7909585F09
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.0s C:\Users\Ben\Desktop\Addition.txt
         -0.0s C:\Users\Ben\Desktop\Avira Launcher.lnk
         -0.0s C:\Users\Ben\Desktop\FRST.txt
          0.0s C:\Users\Ben\Desktop\FRST-OlderVersion\FRST64.exe
          0.1s C:\Users\Ben\Desktop\tdsskiller.exe
         27.4s C:\Users\Ben\Desktop\AdwCleaner_5.117.exe

   C:\Users\Ben\Desktop\FRST64.exe
      Size . . . . . . . : 2.382.848 bytes
      Age  . . . . . . . : 1.6 days (2016-05-25 01:07:57)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 1D5EF9D8190AF8CFA7A3DCD8015E2EBAF7C3D34B7F8D6BDA77A4C339306AC1CC
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-2410925410-2808068811-915591143-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Ben\Desktop\FRST64.exe


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}\ (Iminent)
   HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.oneclickctrl.9\ (DealPly)
   HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.dpliveupdate.update3webcontrol.3\ (DealPly)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DealPlyLive.exe\ (DealPly)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}\ (DealPly)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DealPlyLive.exe\ (DealPly)
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01
durchgeführt von Ben (Administrator) auf BEN-PC (26-05-2016 16:21:23)
Gestartet von C:\Users\Ben\Desktop
Geladene Profile: Ben (Verfügbare Profile: Ben)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
(ICSI Technology Ltd.) C:\Windows\Dit.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(ICSI) C:\Windows\DitExp.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Spotify Ltd) C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Avant Force) C:\Program Files (x86)\Avant Browser\avant.exe
(Avant Force) C:\Program Files (x86)\Avant Browser\avantvw.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(The Chromium Authors) C:\Program Files (x86)\Avant Browser\webkit\webkit.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-06] (Logitech Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1651600 2016-04-25] (Bitdefender)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [885760 2012-02-22] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dit] => C:\Windows\Dit.exe [90112 2004-08-05] (ICSI Technology Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-27] (DivX, LLC)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-05-09] (Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-27] (Raptr, Inc)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [Dropbox Update] => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [Spotify] => C:\Users\Ben\AppData\Roaming\Spotify\Spotify.exe [6858864 2016-05-25] (Spotify Ltd)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Run: [Spotify Web Helper] => C:\Users\Ben\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-05-25] (Spotify Ltd)
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\MountPoints2: F - F:\Setup.exe autorun
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\MountPoints2: {0cffc0e7-918d-11e2-ba83-bc5ff44945d9} - F:\setup.exe
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-21]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-05-21]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 80.69.96.12 81.210.129.4
Tcpip\..\Interfaces\{93459425-DE5C-4808-9F97-6026C69CD4BC}: [DhcpNameServer] 80.69.96.12 81.210.129.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2410925410-2808068811-915591143-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-04-05] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-04-05] (Bitdefender)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Keine Datei
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll Keine Datei
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-28] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-08-05] (DivX, LLC)
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Photoshop CS6\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-22] (Apple Inc.)
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\google-images.xml [2014-12-18]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\google-maps.xml [2014-12-18]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\youtube.xml [2015-11-12]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\{58827B9B-1E67-4411-915F-922793B7986B}.xml [2012-08-26]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\{A31C05CC-0B97-428B-80B9-224FF9550200}.xml [2012-08-26]
FF SearchPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\searchplugins\{D3ED56D7-F8F1-4998-87F7-9D409CB38784}.xml [2012-08-26]
FF Extension: NoScript - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-07]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\artur.dubovoy@gmail.com [2016-05-17]
FF Extension: Cliqz - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\cliqz@cliqz.com.xpi [2016-04-19]
FF Extension: Blur - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\donottrackplus@abine.com.xpi [2016-05-26]
FF Extension: TopLine - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\jid0-uIWxKlEIWnV1103pH2C8N6RsUe0@jetpack.xpi [2012-10-28] [ist nicht signiert]
FF Extension: Mailvelope - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-12-08]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\vdpure@link64.xpi [2016-01-22]
FF Extension: Video DownloadHelper - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-24]
FF Extension: Adblock Plus - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-05-12]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-05-12] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF HKU\S-1-5-21-2410925410-2808068811-915591143-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\mpkx4s0h.default\extensions\cliqz@cliqz.com => nicht gefunden

Chrome: 
=======
CHR Profile: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]
CHR Extension: (Google-Suche) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-17]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-07-03]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-07-03]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-07-03]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-07-03]
CHR Extension: (Google Wallet) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-03]
CHR Extension: (Google Mail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]
CHR Extension: (Store) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-07-03]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-08-16] (Creative Labs) [Datei ist nicht signiert]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-08-16] (Creative Labs) [Datei ist nicht signiert]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [Datei ist nicht signiert]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-02-14] (Creative Technology Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-05-09] (Plays.tv, LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-04-25] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-05-11] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-03-18] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-03-18] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [118608 2016-02-09] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-02-14] (Creative Technology Ltd)
R3 CTHDB; C:\Windows\System32\DRIVERS\CtHDb.sys [23640 2012-02-29] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-20] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2015-12-16] (BitDefender LLC)
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [298736 2016-03-03] (Bitdefender)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [511320 2016-02-22] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-26 16:14 - 2016-05-26 16:18 - 00000000 ____D C:\ProgramData\HitmanPro
2016-05-26 16:14 - 2016-05-26 16:14 - 11438608 _____ (SurfRight B.V.) C:\Users\Ben\Desktop\HitmanPro_x64.exe
2016-05-25 01:11 - 2016-05-25 01:11 - 02870984 _____ (ESET) C:\Users\Ben\Desktop\esetsmartinstaller_deu.exe
2016-05-25 01:11 - 2016-05-25 01:11 - 00000000 ____D C:\Program Files (x86)\ESET
2016-05-24 07:44 - 2016-05-24 07:45 - 00002966 _____ C:\Users\Ben\Desktop\SystemLook.txt
2016-05-24 07:43 - 2016-05-24 07:43 - 00165376 _____ C:\Users\Ben\Desktop\SystemLook_x64.exe
2016-05-24 07:38 - 2016-05-25 01:08 - 00000811 _____ C:\Users\Ben\Desktop\Fixlog.txt
2016-05-23 21:03 - 2016-05-23 22:10 - 00000000 ____D C:\Users\Ben\Documents\BitLord
2016-05-23 21:03 - 2016-05-23 21:18 - 00000000 ____D C:\Users\Ben\AppData\Roaming\BitLord
2016-05-22 20:59 - 2016-05-22 20:59 - 00006386 _____ C:\Users\Ben\Desktop\ESt2015_Hassenzahl_Benedict.elfo
2016-05-22 19:12 - 2016-05-26 16:21 - 00000000 ____D C:\Users\Ben\Desktop\FRST-OlderVersion
2016-05-22 19:08 - 2016-05-22 19:08 - 00005747 _____ C:\Users\Ben\Desktop\JRT.txt
2016-05-22 19:05 - 2016-05-22 19:05 - 01610816 _____ (Malwarebytes) C:\Users\Ben\Desktop\JRT.exe
2016-05-22 19:04 - 2016-05-22 19:04 - 00002160 _____ C:\Users\Ben\Desktop\mbam.txt
2016-05-22 18:53 - 2016-05-22 18:53 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-05-22 18:52 - 2016-05-22 18:52 - 22851472 _____ (Malwarebytes ) C:\Users\Ben\Desktop\mbam-setup-2.2.1.1043(1).exe
2016-05-22 18:50 - 2016-05-22 18:50 - 00014306 _____ C:\Users\Ben\Desktop\AdwCleaner[C1].txt
2016-05-22 18:24 - 2016-05-22 18:24 - 00001229 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2016-05-22 18:24 - 2016-05-22 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2016-05-22 16:39 - 2016-05-26 16:21 - 02383360 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2016-05-22 16:39 - 2016-05-26 16:21 - 00027327 _____ C:\Users\Ben\Desktop\FRST.txt
2016-05-22 16:39 - 2016-05-24 07:47 - 00070574 _____ C:\Users\Ben\Desktop\Addition.txt
2016-05-22 16:39 - 2016-05-22 16:39 - 03651136 _____ C:\Users\Ben\Desktop\AdwCleaner_5.117.exe
2016-05-22 16:39 - 2016-05-21 00:22 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Ben\Desktop\tdsskiller.exe
2016-05-22 16:39 - 2016-05-21 00:14 - 00001132 _____ C:\Users\Ben\Desktop\Avira Launcher.lnk
2016-05-21 00:22 - 2016-05-21 00:33 - 00220424 _____ C:\TDSSKiller.3.1.0.9_21.05.2016_00.22.30_log.txt
2016-05-21 00:22 - 2016-05-21 00:22 - 00071121 _____ C:\Users\Ben\Downloads\Addition.txt
2016-05-21 00:21 - 2016-05-26 16:21 - 00000000 ____D C:\FRST
2016-05-21 00:21 - 2016-05-21 00:22 - 00077166 _____ C:\Users\Ben\Downloads\FRST.txt
2016-05-20 22:59 - 2016-05-20 22:59 - 22851472 _____ (Malwarebytes ) C:\Users\Ben\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-20 20:40 - 2016-05-21 00:45 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Avira
2016-05-20 20:38 - 2016-05-21 00:48 - 00000000 ____D C:\ProgramData\Avira
2016-05-15 16:33 - 2016-05-15 16:33 - 00003640 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-05-15 05:09 - 2016-05-21 00:14 - 00002116 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-05-15 05:09 - 2016-05-15 05:09 - 00253404 ____H C:\bdr-ld02
2016-05-15 05:09 - 2016-05-15 05:09 - 00009216 ____H C:\bdr-ld02.mbr
2016-05-15 05:09 - 2016-05-15 05:09 - 00000684 ____H C:\bdr-cf02
2016-05-15 05:09 - 2016-05-15 05:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-05-15 05:09 - 2016-03-03 01:36 - 00298736 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2016-05-15 05:09 - 2016-02-22 15:13 - 00511320 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-05-15 05:09 - 2015-12-16 05:53 - 00182936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-05-15 05:09 - 2015-12-15 21:35 - 49760229 ____H C:\bdr-im02.gz
2016-05-15 05:09 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz02
2016-05-15 05:07 - 2016-05-15 05:10 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Bitdefender
2016-05-15 05:07 - 2016-03-18 06:58 - 00842152 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-05-15 05:07 - 2016-03-18 06:56 - 01623536 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-05-15 05:07 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2016-05-15 05:06 - 2016-05-15 05:26 - 00000000 ____D C:\ProgramData\Bitdefender
2016-05-15 05:05 - 2016-05-26 15:42 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-05-14 18:18 - 2016-05-14 18:18 - 00000000 ____D C:\Users\Ben\Desktop\AST Fahrwerk
2016-05-13 21:20 - 2016-05-15 03:45 - 00000000 ____D C:\Users\Ben\AppData\Local\AMD
2016-05-13 21:19 - 2016-05-13 21:19 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-05-13 21:18 - 2016-05-13 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2016-05-13 21:17 - 2016-05-13 21:18 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-05-13 21:17 - 2016-05-13 21:17 - 00000000 ____D C:\Program Files (x86)\AMD
2016-05-13 21:10 - 2016-05-13 21:10 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\Ben\Downloads\autodetectutility.exe
2016-05-13 20:04 - 2016-05-13 20:04 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-13 07:13 - 2016-05-26 04:21 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Raptr
2016-05-12 22:32 - 2016-05-12 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV
2016-05-12 07:36 - 2016-05-25 07:09 - 00000000 ____D C:\Users\Ben\AppData\Roaming\PlaysTV
2016-05-12 07:35 - 2016-05-12 07:35 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-05-11 16:52 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 16:52 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 16:52 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 16:52 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 16:52 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 16:52 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 16:52 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 16:52 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 16:52 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 16:52 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 16:52 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 16:52 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 16:52 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 16:52 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 16:52 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 16:52 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 16:52 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 16:52 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 16:52 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 16:52 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 16:52 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 16:52 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 16:52 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 16:52 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 16:52 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 16:52 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 16:52 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 16:52 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 16:52 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 16:52 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 16:52 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 16:52 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 16:52 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 16:52 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 16:52 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 16:52 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 16:52 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 16:52 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 16:52 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 16:52 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 16:52 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 16:52 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 16:52 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 16:52 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 16:52 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 16:52 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 16:52 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 16:52 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 16:52 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 16:52 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 16:52 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 16:52 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 16:52 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 16:52 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 16:52 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 16:52 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 16:52 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 16:52 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 16:52 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 16:52 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 16:52 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 16:52 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 16:52 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 16:52 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 16:52 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 16:52 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 16:52 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 16:52 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 16:52 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 16:52 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 16:52 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 16:52 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 16:52 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 16:52 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 16:52 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 16:52 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 16:52 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 16:52 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 16:52 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 16:52 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 16:52 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 16:52 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 16:52 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 16:52 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 16:52 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 16:52 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 16:52 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 16:52 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 16:52 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 16:52 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 16:52 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 16:52 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 16:52 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 16:52 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 16:52 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 16:52 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 16:52 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 16:52 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 16:52 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-05 14:35 - 2016-05-05 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-04 18:30 - 2016-05-04 19:39 - 00000000 ____D C:\Users\Public\CineForm
2016-05-04 18:30 - 2016-05-04 19:29 - 00000000 ____D C:\Users\Ben\AppData\Roaming\GoPro
2016-05-04 18:30 - 2016-05-04 18:30 - 00000000 ____D C:\Users\Ben\AppData\Local\GoPro
2016-05-04 18:29 - 2016-05-04 18:29 - 00000000 ____D C:\Program Files (x86)\OpenAL
2016-04-27 21:28 - 2016-04-27 21:28 - 08306382 _____ C:\Users\Ben\Desktop\Infiltrate template.rar

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-05-26 15:57 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-26 15:57 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-26 15:49 - 2015-03-11 20:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-26 15:47 - 2012-09-21 01:34 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Spotify
2016-05-26 15:46 - 2011-04-12 09:43 - 00699432 _____ C:\Windows\system32\perfh007.dat
2016-05-26 15:46 - 2011-04-12 09:43 - 00149572 _____ C:\Windows\system32\perfc007.dat
2016-05-26 15:46 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-26 15:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-26 15:43 - 2015-03-04 23:19 - 00000000 ___RD C:\Users\Ben\Dropbox
2016-05-26 15:42 - 2012-09-21 01:34 - 00000000 ____D C:\Users\Ben\AppData\Local\Spotify
2016-05-26 15:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-26 05:46 - 2015-12-26 07:38 - 00305198 _____ C:\bdlog.txt
2016-05-26 05:46 - 2015-04-04 22:48 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-26 05:46 - 2015-04-04 22:48 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-26 05:38 - 2015-08-15 12:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-26 05:38 - 2015-06-18 18:28 - 00001216 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000UA.job
2016-05-26 05:16 - 2015-04-14 01:51 - 00000080 _____ C:\Users\Ben\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2016-05-26 04:30 - 2015-05-02 22:15 - 00005543 _____ C:\Users\Ben\Desktop\Kosten.txt
2016-05-26 04:20 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-25 19:38 - 2015-06-18 18:28 - 00001164 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2410925410-2808068811-915591143-1000Core.job
2016-05-24 23:57 - 2012-08-19 16:49 - 00000000 _____ C:\Users\Ben\AppData\Roaming\bitlord_log.txt
2016-05-23 23:25 - 2012-08-17 03:18 - 00000000 ____D C:\Users\Ben\AppData\Roaming\vlc
2016-05-22 18:53 - 2015-03-11 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-05-22 18:53 - 2015-03-11 20:43 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-05-22 18:48 - 2013-10-12 19:28 - 00000000 ____D C:\AdwCleaner
2016-05-22 18:26 - 2014-04-06 17:25 - 00000000 ____D C:\ProgramData\elsterformular
2016-05-22 18:24 - 2014-04-06 17:25 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2016-05-22 18:24 - 2012-08-16 20:37 - 00000000 ____D C:\Users\Ben
2016-05-22 06:26 - 2015-11-02 20:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-21 16:50 - 2014-02-01 17:31 - 00000201 _____ C:\Users\Ben\Desktop\TO DO! BICHT!!!.txt
2016-05-21 14:51 - 2015-03-04 23:19 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Dropbox
2016-05-21 00:48 - 2013-08-26 11:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-21 00:15 - 2014-09-13 14:31 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-05-21 00:15 - 2013-11-27 20:47 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-05-21 00:15 - 2013-09-13 21:51 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-21 00:15 - 2012-08-17 03:21 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-21 00:15 - 2012-08-16 20:34 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-05-21 00:15 - 2012-08-16 20:34 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-05-21 00:15 - 2009-07-14 06:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-05-21 00:15 - 2009-07-14 06:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-05-21 00:14 - 2016-03-28 20:56 - 00002165 _____ C:\Users\Public\Desktop\Preset Manager 1.0.lnk
2016-05-21 00:14 - 2016-01-12 00:56 - 00001831 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-05-21 00:14 - 2015-03-21 03:54 - 00002168 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-05-21 00:14 - 2014-11-30 20:11 - 00000761 _____ C:\Users\Public\Desktop\Assetto Corsa.lnk
2016-05-21 00:14 - 2014-08-31 01:09 - 00000953 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2016-05-21 00:14 - 2014-04-20 21:02 - 00001101 _____ C:\Users\Public\Desktop\Pinnacle VideoSpin.lnk
2016-05-21 00:14 - 2014-04-13 19:36 - 00001100 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2016-05-21 00:14 - 2013-09-13 21:51 - 00001141 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-21 00:14 - 2013-08-23 01:01 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-21 00:14 - 2013-03-20 21:54 - 00001944 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-05-21 00:14 - 2012-12-25 18:54 - 00000704 _____ C:\Users\Public\Desktop\Winamp.lnk
2016-05-21 00:14 - 2012-09-21 01:34 - 00001779 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-05-21 00:14 - 2012-08-17 00:39 - 00001923 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Avant Browser.lnk
2016-05-21 00:14 - 2012-08-17 00:39 - 00001911 _____ C:\Users\Public\Desktop\Avant Browser.lnk
2016-05-21 00:14 - 2012-08-16 20:38 - 00001321 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-21 00:14 - 2009-07-14 07:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-05-21 00:14 - 2009-07-14 06:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-05-21 00:13 - 2015-10-13 23:16 - 00000941 _____ C:\Users\Ben\Desktop\Magic Bullet Looks.lnk
2016-05-21 00:13 - 2015-03-04 23:19 - 00001009 _____ C:\Users\Ben\Desktop\Drobox.lnk
2016-05-21 00:13 - 2014-12-17 22:53 - 00001827 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Tunatic.lnk
2016-05-21 00:13 - 2014-10-19 19:41 - 00000905 _____ C:\Users\Ben\Desktop\GTR2.lnk
2016-05-21 00:13 - 2014-09-13 15:19 - 00001038 _____ C:\Users\Ben\Desktop\Vegas Pro 13.0 (64-bit).lnk
2016-05-21 00:13 - 2014-07-10 01:26 - 00000783 _____ C:\Users\Ben\Desktop\Zeug vom Desktop.lnk
2016-05-21 00:13 - 2013-11-27 23:49 - 00000924 _____ C:\Users\Ben\Desktop\GIMP.lnk
2016-05-21 00:13 - 2013-03-20 22:03 - 00000763 _____ C:\Users\Ben\Desktop\GTR Evolution.lnk
2016-05-21 00:13 - 2012-12-30 04:03 - 00001563 _____ C:\Users\Ben\Desktop\Counter-Strike Source.lnk
2016-05-21 00:13 - 2012-11-06 22:55 - 00000961 _____ C:\Users\Ben\Desktop\TeamSpeak 3 Client.lnk
2016-05-21 00:13 - 2012-10-03 14:32 - 00000684 _____ C:\Users\Ben\Desktop\Free PDF to Word Doc Converter.lnk
2016-05-21 00:13 - 2012-09-21 01:34 - 00001793 _____ C:\Users\Ben\Desktop\Spotify.lnk
2016-05-21 00:13 - 2012-08-19 16:49 - 00000842 _____ C:\Users\Ben\Desktop\BitLord.lnk
2016-05-21 00:13 - 2012-08-16 21:17 - 00000355 _____ C:\Users\Ben\Desktop\Arbeitsplatz.lnk
2016-05-21 00:05 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-20 21:00 - 2012-11-06 22:56 - 00000000 ____D C:\Users\Ben\AppData\Roaming\TS3Client
2016-05-20 19:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-16 20:18 - 2012-09-01 01:53 - 00000371 _____ C:\Users\Ben\Desktop\TO DO.txt
2016-05-15 05:09 - 2016-02-14 19:14 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-05-15 05:06 - 2016-02-14 19:14 - 00000000 ____D C:\Program Files\Bitdefender
2016-05-15 03:51 - 2014-11-12 01:50 - 00000000 ____D C:\Users\Ben\AppData\LocalLow\boost_interprocess
2016-05-14 04:13 - 2014-04-05 20:01 - 00000000 ____D C:\Users\Ben\Desktop\CS 2014
2016-05-13 21:19 - 2016-03-29 01:26 - 00004230 _____ C:\Windows\System32\Tasks\AMD Updater
2016-05-13 21:17 - 2016-03-29 01:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-05-13 21:17 - 2013-12-29 21:05 - 00000000 ____D C:\Program Files\AMD
2016-05-13 07:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-05-13 07:38 - 2015-08-15 12:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-13 07:38 - 2015-07-23 00:54 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 07:38 - 2015-07-23 00:54 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 22:29 - 2012-08-16 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-05-12 22:29 - 2012-08-16 20:56 - 00000000 ____D C:\Program Files (x86)\Creative
2016-05-12 08:09 - 2015-04-15 19:16 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 08:04 - 2014-12-23 18:11 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-12 02:19 - 2014-08-20 22:58 - 00000000 ____D C:\Users\Ben\AppData\Local\Adobe
2016-05-11 23:25 - 2012-08-16 20:50 - 00000000 ____D C:\AMD
2016-05-11 22:53 - 2013-07-11 11:30 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 21:51 - 2009-07-14 06:45 - 05050848 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-11 21:50 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 18:01 - 2012-08-16 21:20 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-10 21:58 - 2012-08-16 20:47 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Adobe
2016-05-08 18:39 - 2012-10-28 19:22 - 00000000 ____D C:\Users\Ben\AppData\Local\CrashDumps
2016-05-05 22:28 - 2013-09-13 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-27 21:43 - 2012-08-16 20:53 - 00120496 _____ C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-01-12 00:56 - 2016-01-12 00:56 - 15566737 _____ () C:\Program Files\FileZilla3141.zip
2012-08-19 16:49 - 2016-05-24 23:57 - 0000000 _____ () C:\Users\Ben\AppData\Roaming\bitlord_log.txt
2012-10-13 19:23 - 2013-12-12 01:51 - 0005632 _____ () C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-17 22:30 - 2015-11-17 22:30 - 0000842 _____ () C:\Users\Ben\AppData\Local\recently-used.xbel
2012-09-12 20:33 - 2013-04-21 19:02 - 0007605 _____ () C:\Users\Ben\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-18 07:54

==================== Ende von FRST.txt ============================
         

Antwort

Themen zu Trojaner "searchprotect" und "tmp00000be1" entfernen
antivirus, avira, browser, defender, email, entfernen, error, file, google, home, internet, internet explorer, log, löschen, modul, pdf, programm, prozesse, services.exe, software, svchost.exe, temp, trojaner, windows, winlogon.exe



Ähnliche Themen: Trojaner "searchprotect" und "tmp00000be1" entfernen


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Win 7: "PlusHD.8" & "rvzr-a-akamaihd.net" nerven - brauche Support beim Entfernen
    Log-Analyse und Auswertung - 24.01.2014 (17)
  3. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  4. "Antiviren Werbung" "Langsamer PC" "PC stürzt ab" Banner und Popups beim surfen
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (28)
  5. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  6. Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"
    Log-Analyse und Auswertung - 27.10.2012 (10)
  7. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  8. Malwarereinigung: "TR/Kazy.25747.40", "Trojan.Downloader..." und "Backdoor: Win32Cycbot.B"
    Log-Analyse und Auswertung - 09.06.2011 (1)
  9. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  10. Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Alles rund um Windows - 16.04.2011 (0)
  11. Wie soll ich "HTML/Rce.gen" in "\Firefox\Profiles\p2hadvdz.default\Cache" entfernen?
    Plagegeister aller Art und deren Bekämpfung - 06.02.2011 (1)
  12. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  13. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  14. "error cleaner" "privacy protector" "spyware&malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (7)
  15. "error cleaner" "privacy protector" "spyware und malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (2)
  16. Beheben des Problems "kein Internet"/"rsvp32_2.dll"/"Can't load library from memory"
    Plagegeister aller Art und deren Bekämpfung - 25.03.2007 (22)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema Trojaner "searchprotect" und "tmp00000be1" entfernen - Hi Leute, ich brauche leider mal wieder Hilfe. Jemand/bzw. irgendein Programm hat in 2 meiner Email Accounts an alle Kontakte Spamware, und mir "Delivery Failure" Nachrichten geschickt. Laut Bitdefender und - Trojaner "searchprotect" und "tmp00000be1" entfernen...
Archiv
Du betrachtest: Trojaner "searchprotect" und "tmp00000be1" entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.