Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PayPal Phishing Mail - ZIP-Anhang

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.10.2016, 13:36   #1
nameweg
 
PayPal Phishing Mail - ZIP-Anhang - Standard

PayPal Phishing Mail - ZIP-Anhang



Hallo,

ich habe eine PayPal Mail bekommen und dummerweise den Anhang geöffnet. Eine ZIP-Datei. Danach stellte Avast mehrere Bedrohunhen fest und wollte, dass ich neu starte. Danach hat Avast stundenlang Dateien gescannt und Bedrohungen beseitigt.
Dann wurde der PC neu gestartet und es wurden wieder Bedrohungen gefunden. Avast wollte dann aber den selben Vorgang nochmal durchführen und ich dachte, bevor jetzt nochmal stundenlang gesucht wird und sich ein paar Bedrohungen verstecken können, brauche ich Hilfe von Profis.

Vielen Dank schonmal für die Hilfe!
Wiebke

Alt 01.11.2016, 17:54   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
PayPal Phishing Mail - ZIP-Anhang - Standard

PayPal Phishing Mail - ZIP-Anhang





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 01.11.2016, 18:28   #3
nameweg
 
PayPal Phishing Mail - ZIP-Anhang - Standard

PayPal Phishing Mail - ZIP-Anhang



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016
durchgeführt von Dodo (Administrator) auf ANONYMOUS (01-11-2016 19:09:07)
Gestartet von C:\Users\Dodo\Desktop
Geladene Profile: Dodo (Verfügbare Profile: Dodo & Administrator)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 9 (Standard-Browser: "G:\Programme\Firefox\firefox.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
(Digital Extremes) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
(Mozilla Corporation) G:\Programme\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 30-10-2016
durchgeführt von Dodo (01-11-2016 19:09:49)
Gestartet von C:\Users\Dodo\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) (2009-08-28 20:26:27)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2904693490-1559453303-1626246330-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-2904693490-1559453303-1626246330-1002 - Limited - Enabled)
Dodo (S-1-5-21-2904693490-1559453303-1626246330-1000 - Administrator - Enabled) => C:\Users\Dodo
Gast (S-1-5-21-2904693490-1559453303-1626246330-501 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

@BIOS Ver.2.05 (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.05 - GIGABYTE)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)
ANNO 1503 (HKLM-x32\...\{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}) (Version:  - )
Anno 1602 (HKLM-x32\...\ANNO1602) (Version:  - )
Atom Zombie Smasher (HKLM-x32\...\Atom Zombie Smasher_is1) (Version:  - Blendo Games)
Audials TV (HKLM-x32\...\{24EE4523-711A-4BD1-95EA-F73A8A6950D3}) (Version: 1.3.10803.300 - RapidSolution Software AG)
AudialsOne (HKLM-x32\...\{64E7AA85-CCA8-48CE-8F46-98649E908DF0}) (Version: 4.2.13200.0 - RapidSolution Software AG)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber Deutschland)
Audiograbber Lame-MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2241 - AVAST Software)
Batman: Arkham City™ (HKLM-x32\...\GFWL_{57520FA0-AC56-469B-9983-FF1000008300}) (Version: 1.0.0000.131 - WB Games)
Batman: Arkham City™ (x32 Version: 1.0.0000.131 - WB Games) Hidden
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.62.0000 - 2K Games)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Braid (Version 1.015) (HKLM-x32\...\Braid_is1) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series Benutzerregistrierung (HKLM-x32\...\Canon MP550 series Benutzerregistrierung) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
Civilization III (HKLM-x32\...\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}) (Version:  - )
Cogs (HKLM-x32\...\Cogs) (Version:  - )
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crayon Physics Deluxe version 55 (HKLM-x32\...\{4CA1E8E2-B2A9-40C1-8EC4-BBCB23BAAA19}_is1) (Version: 55 - Kloonigames, Ltd)
Darkspore™ (HKLM-x32\...\{B1AAE4BF-C98E-467E-94C7-4E1F51DD86E0}) (Version: 1.00.0000 - Electronic Arts)
Die Siedler (HKLM-x32\...\Die Siedler_is1) (Version:  - )
Die Siedler II Gold Edition (HKLM-x32\...\Die Siedler II Gold Edition_is1) (Version:  - )
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
DOOM 3: BFG Edition (HKLM-x32\...\Steam App 208200) (Version:  - id Software)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
Dropbox (HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DVBViewer TERRATEC Edition (HKLM-x32\...\DVBViewer TERRATEC Edition_is1) (Version:  - CM&V)
Energy Saver Advance B9.0316.1 (HKLM-x32\...\{7ED169D4-5053-4166-93DF-53B12AE6C539}) (Version: 1.10.0000 - GIGABYTE)
Eufloria (HKLM-x32\...\Steam App 41210) (Version:  - Rudolf Kremers & Alex May)
EXPERTool 7.5 (HKLM-x32\...\EXPERTool_is1) (Version:  - Gainward Co., Ltd)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Far Cry (HKLM-x32\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ihr Firmenname)
Far Cry (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Foxit PDF Editor (HKLM-x32\...\Foxit PDF Editor) (Version:  - )
Foxit PDF IFilter (HKLM\...\{03D3BAD4-28ED-4EF2-A369-D148A240D0B3}) (Version: 1.0.1729 - Foxit Software)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.6.321 - Foxit Software Inc.)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Ltd.)
FreeCAD 0.12 (HKLM-x32\...\{81ABC4A0-DE63-11DE-8A39-0800200C9A66}) (Version: 0.12.5284 - Juergen Riegel (FreeCAD@juergen-riegel.net))
GameRanger (HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\GameRanger) (Version:  - GameRanger Technologies)
GameSpy Comrade (HKLM-x32\...\{894084B6-BC69-43B7-BF06-B93AECFEA520}) (Version: 2.1.1.214 - GameSpy)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel(R) Driver Update Utility 2.6 (x32 Version: 2.6.0.32 - Intel) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{3e714701-b89c-4cf2-bf3b-41b2c105ffdc}) (Version: 2.6.0.32 - Intel)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
James Cameron's AVATAR(tm): DAS SPIEL (HKLM-x32\...\{7E19B002-4CA3-4C9F-BA92-91D101B97219}) (Version: 1.02.00 - Ubisoft)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH)
K-Lite Codec Pack 6.5.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.5.0 - )
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lexware Info Service (HKLM-x32\...\{59624372-3B85-47f4-9B04-4911E551DF1E}) (Version: 2.61.00.0033 - Lexware GmbH & Co. KG)
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Machinarium (HKLM-x32\...\Machinarium) (Version: 23.10.09 - Amanita Design, s.r.o.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47CD-87CD-13E68B676E4F}) (Version: 1.2.20608.0 - Electronic Arts)
MAXQDA 11 (Release 11.0.10) (HKLM-x32\...\MAXQDA11) (Version: (Release 11.0.10) - VERBI Software.Consult.Sozialforschung GmbH)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (de-DE, Hedda) (HKLM-x32\...\{ACFCC7B5-C028-40AE-A5F5-9778B41F22A2}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro) (HKLM-x32\...\{C7CDC27F-0952-4DF1-9E41-B75140933BC6}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 de)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MWS Reader 5 (HKLM-x32\...\MWS Reader 5_is1) (Version: 5.2.621 - directINNOVATION UG (haftungsbeschränkt))
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
PC Connectivity Solution (HKLM-x32\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.21.0 - Nokia)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PDF-Viewer (HKLM\...\{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1) (Version: 2.0.54.0 - Tracker Software Products Ltd)
PixiePack Codec Pack (HKLM-x32\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5780 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0149 - REALTEK Semiconductor Corp.)
Risen 2 - Dark Waters (HKLM-x32\...\{CC4473E6-AB7D-406B-ADAE-BF9C61CEC5FE}) (Version: 1.00 - Deep Silver)
Risen 2 - ModStarter 2.0.0.0 (Online Mods DB version) (HKLM-x32\...\Risen 2 - ModStarter_is1) (Version:  - LordOfWAR)
Sam and Max - Season One - Episode 104 - Abe Lincoln Must Die! (HKLM-x32\...\Episode 104 - Abe Lincoln Must Die!) (Version: 1.1.0.0-free - Telltale Games)
SecuROM Diagnostic Tool (HKLM-x32\...\SecuROM Diagnostic Tool) (Version:  - Sony DADC Austria)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Shadowgrounds 1.05b (HKLM-x32\...\Shadowgrounds_is1) (Version:  - Frozenbyte, Inc.)
Shadowgrounds Survivor 1.09 (HKLM-x32\...\Shadowgrounds Survivor_is1) (Version:  - Frozenbyte, Inc.)
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.61 - Firaxis Games) Hidden
Siedler3 (HKLM-x32\...\Siedler3Deinstall) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steuer 2009 (HKLM-x32\...\{410AB9BC-B057-4D39-9260-660EE1B4BED2}) (Version: 16.12.00.0001 - Haufe-Lexware GmbH & Co. KG)
Super Crossfire version 1.0 (HKLM-x32\...\{AE71B0D5-8873-4110-BD84-F5D5174EC342}_is1) (Version: 1.0 - Radiangames)
TERRATEC Cinergy 2400i DT (64 Bit) (HKLM-x32\...\{1C778F3E-3E83-4029-AC79-9D8D9D9A9F7F}) (Version: 1.1.0.284 - TERRATEC)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
The Evil Within (HKLM-x32\...\Steam App 268050) (Version:  - Tango Gameworks)
The Path (HKLM-x32\...\Steam App 27000) (Version:  - Tale of Tales)
The Void (HKLM-x32\...\The Void_is1) (Version:  - )
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red)
Tomahawk (HKLM-x32\...\Tomahawk) (Version: 0.7.0 - Tomahawk-player.org)
Tomb Raider: Legend 1.0 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )
TSL Alpha Demo - Public Demo RC1 (HKLM-x32\...\The Silver Lining_is1) (Version:  - Phoenix Online Studios)
Update Manager B08.1027.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.3.0 - Azureus Software, Inc.)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - TerraTec  (MicNgBas) Media  (04/21/2009 1.1.0.0284) (HKLM\...\7F9086B0202998E0E80985C36F977C0EE8003CC8) (Version: 04/21/2009 1.1.0.0284 - TerraTec )
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
X-Chat 2.8.6-2 (HKLM-x32\...\X-Chat 2_is1) (Version: 2.8.6-2 - SilvereX)
Xrodon (HKLM-x32\...\{74A80415-EBB2-447A-8A99-00F5E0009F42}) (Version: 1.00.0000 - Xrodon)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Dodo\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {00196EAE-E245-41CF-B6ED-8BEBD5F01D1E} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {007F3B2A-9C8B-44C9-9A83-2FBE9ECC66A2} - System32\Tasks\{13A6A191-3663-41E3-9576-41A3A866C14D} => pcalua.exe -a "C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe" -d G:\Download -c "G:\Download\THX-magnusk.pdf"
Task: {35681ACE-8384-44E5-83EF-4543D760B244} - System32\Tasks\{A400AD13-F3CA-4375-8487-6548FC80F354} => pcalua.exe -a "D:\EADM\EAD 4.0.0.462 release prod Installer.exe" -d D:\EADM
Task: {3863B40E-DD9B-459A-BDD3-BC1942913111} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2904693490-1559453303-1626246330-1000UA => C:\Users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-19] (Facebook Inc.)
Task: {53B3B3C0-75E0-4105-A1C4-E63E21351CE3} - System32\Tasks\Microsoft\Windows\RestartManager\{069F86EF-0613-46ab-89FE-9FFFEA19D058} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {5E8F5383-E25E-42DF-9F73-41D2CCA677BB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
Task: {625C803B-8AAE-4588-9BFA-D3D75104F973} - System32\Tasks\{6BEE6734-2B5E-49EA-AD31-4ECBD3B5EA75} => pcalua.exe -a G:\Download\Stronghold_v1_1.exe -d G:\Programme\Firefox
Task: {63E7BF33-DBCF-4CBE-A904-A5A778A6BF2D} - System32\Tasks\{C887397C-BEFB-4952-8948-C10E48E2F8F1} => pcalua.exe -a "H:\Half-Life 2\Uninstall Half-Life 2 Deutsche Sprachergänzung.exe"
Task: {6ACC99D0-8FAD-4F21-B90C-C7E98E1EA4E6} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {822DF6DC-1E5F-4D3C-B30E-F3FD75E99A86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {93F3766D-D5C5-43D2-A678-0FADD259F429} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D78DD80C-76E7-4FC2-B131-F85CD97C3E72} - System32\Tasks\{083BE5DF-3794-43C8-8EC9-993D93C7972D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\EAInstaller\Peggle\Cleanup.exe" -c uninstall_game -autologging
Task: {F24A3454-F638-4394-BA61-8E25075477C1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2904693490-1559453303-1626246330-1000Core => C:\Users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-19] (Facebook Inc.)
Task: {F2FA68DA-056A-4A1A-AA8B-9E9197119310} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-27] (AVAST Software)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2904693490-1559453303-1626246330-1000Core.job => C:\Users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2904693490-1559453303-1626246330-1000UA.job => C:\Users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2011-10-20 09:45 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2009-10-02 19:53 - 2009-10-17 16:09 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-06-08 17:04 - 2016-06-08 17:04 - 00117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-06-08 17:04 - 2016-06-08 17:04 - 00256152 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\analyzer.dll
2014-06-28 15:13 - 2016-08-23 08:43 - 00365056 _____ () C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
2015-03-17 22:27 - 2015-11-27 12:37 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-17 22:27 - 2015-11-27 12:37 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-01 13:34 - 2016-11-01 13:34 - 03126160 _____ () C:\Program Files\AVAST Software\Avast\defs\16110100\algo.dll
2016-08-02 15:56 - 2016-08-02 15:56 - 00507808 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-02-12 14:04 - 2015-11-27 12:37 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-11-16 10:35 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:DB1803DC62E828FE [98]
AlternateDataStreams: C:\ProgramData\TEMP:24721E3C [1950]
AlternateDataStreams: C:\ProgramData\TEMP:B606BA34 [112]
AlternateDataStreams: C:\ProgramData\TEMP:F84B8DB5 [120]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\sony.com -> sony.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dodo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: AeLookupSvc => 2
MSCONFIG\Services: DAUpdaterSvc => 2
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: ehstart => 2
MSCONFIG\Services: EMDMgmt => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: GEST Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 2
MSCONFIG\Services: WPFFontCache_v0400 => 3
MSCONFIG\startupfolder: C:^Users^Dodo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.lnk => C:\Windows\pss\DesktopVideoPlayer.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dodo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk => C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dodo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon
MSCONFIG\startupreg: Comrade.exe => C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
MSCONFIG\startupreg: DivXMediaServer => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ6.5\ICQ.exe" silent
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: NSU_agent => "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
MSCONFIG\startupreg: PDFPrint => "C:\Program Files (x86)\PDF24\pdf24.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{BD8AE32A-5F95-4215-B1A0-951EF03C769F}C:\program files (x86)\gigabyte\gbtupd\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\gbtupd\runupd.exe
FirewallRules: [UDP Query User{FEF84EF3-A695-42D3-8C4D-DD871F348E23}C:\program files (x86)\gigabyte\gbtupd\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\gbtupd\runupd.exe
FirewallRules: [{E9F3A9B7-AC9C-4CEE-9F1F-85454768615C}] => (Allow) G:\Spiele\Assasins Creed\Game\AssassinsCreed_Dx9.exe
FirewallRules: [{4B921A4F-07A7-4178-A329-3408A42FBA63}] => (Allow) G:\Spiele\Assasins Creed\Game\AssassinsCreed_Dx9.exe
FirewallRules: [{6613C863-2E63-43E8-AADA-8F7634AC2049}] => (Allow) G:\Spiele\Assasins Creed\Game\AssassinsCreed_Dx10.exe
FirewallRules: [{60D687C5-D6E4-42CB-B049-CCEA7C5D3B4A}] => (Allow) G:\Spiele\Assasins Creed\Game\AssassinsCreed_Dx10.exe
FirewallRules: [{F6C3BAD7-A911-4E06-968D-1584B5349BD1}] => (Allow) G:\Spiele\Assasins Creed\Game\AssassinsCreed_Launcher.exe
FirewallRules: [{3FCD362C-2BCB-472F-96AA-B3BF84F945B7}] => (Allow) G:\Spiele\Assasins Creed\Game\AssassinsCreed_Launcher.exe
FirewallRules: [{DFB0C412-B53F-49F9-9D4B-6AAF64EFC566}] => (Allow) G:\Spiele\Crysis\Bin32\Crysis.exe
FirewallRules: [{CEB8FE34-14B7-403A-BD39-7DE1514DFEE6}] => (Allow) G:\Spiele\Crysis\Bin32\Crysis.exe
FirewallRules: [{941ADF80-EC9F-4511-9235-D79B71CCF13F}] => (Allow) G:\Spiele\Crysis\Bin32\CrysisDedicatedServer.exe
FirewallRules: [{3369D2E1-C304-4E51-BC68-7366E2C51995}] => (Allow) G:\Spiele\Crysis\Bin32\CrysisDedicatedServer.exe
FirewallRules: [{D47FF97B-BFB0-4D8E-86DC-4CBC90DF177B}] => (Allow) G:\Spiele\Crysis\Bin64\Crysis.exe
FirewallRules: [{F4E00767-D0D6-406F-B695-78F3B8CBC3AE}] => (Allow) G:\Spiele\Crysis\Bin64\Crysis.exe
FirewallRules: [{71C596B9-69CA-4AFC-8681-3B60DAD28DE8}] => (Allow) G:\Spiele\Crysis\Bin64\CrysisDedicatedServer.exe
FirewallRules: [{2CAFB032-F219-456A-AB81-E95E403C5075}] => (Allow) G:\Spiele\Crysis\Bin64\CrysisDedicatedServer.exe
FirewallRules: [{F4DB1775-3D3A-4FA9-8064-2994D7366BA3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{41FEF90B-7F87-41CC-A2EA-5B5CAB2F8D7B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DBA3E4E4-8413-489B-A382-BCC878D7AEA3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CB6FF849-FE89-4E94-A2D2-9C9E80DF9A6A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6D03F3D9-B469-49BC-B765-348F00F88807}] => (Allow) H:\Sacred\system\s2gs.exe
FirewallRules: [{6361E0B3-54D5-467F-AAEA-4FF0DC01B33E}] => (Allow) H:\Sacred\system\s2gs.exe
FirewallRules: [{0714E996-AD87-475D-AEA7-2AD85B4D8058}] => (Allow) H:\Sacred\system\sacred2.exe
FirewallRules: [{5A9A6E5D-5F62-4C7C-BD73-CDA8151DAEAC}] => (Allow) H:\Sacred\system\sacred2.exe
FirewallRules: [TCP Query User{51922FDC-E5DB-43BF-A1A1-8873013000C8}C:\program files (x86)\gigabyte\gbtupd\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\gbtupd\runupd.exe
FirewallRules: [UDP Query User{2D1B9619-7039-4BAE-9760-85330E4464F7}C:\program files (x86)\gigabyte\gbtupd\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\gbtupd\runupd.exe
FirewallRules: [TCP Query User{34368187-06BE-4791-8396-92D29EDEE86C}G:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe] => (Allow) G:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe
FirewallRules: [UDP Query User{9F586A91-DF71-4D54-A494-E4B3FCB7194C}G:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe] => (Allow) G:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe
FirewallRules: [TCP Query User{5BF5D91E-FDBD-4070-B3AE-D24CD0C00A0B}G:\programme\audialsone4\audialsone.exe] => (Allow) G:\programme\audialsone4\audialsone.exe
FirewallRules: [UDP Query User{BBB3F4A8-D899-4C59-B800-E8D2ADA5B658}G:\programme\audialsone4\audialsone.exe] => (Allow) G:\programme\audialsone4\audialsone.exe
FirewallRules: [{1F540F62-7137-472D-97A1-82833F26EA40}] => (Allow) G:\Spiele\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{DE95CCA7-1E91-4F66-B1C4-90CACB78C3C8}] => (Allow) G:\Spiele\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{25697D15-E2A8-460A-B277-4B14D1ECDA88}] => (Allow) G:\Spiele\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{18D1B51A-F366-4E17-9DAA-5C6E1DC4361A}] => (Allow) G:\Spiele\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{1B4B7DF0-F13A-4B21-8C5A-5AABD4ED9D1E}] => (Allow) H:\Spiele\Avatar\bin\Avatar.exe
FirewallRules: [{9E50C082-195C-4814-B726-7DA353ABCF43}] => (Allow) H:\Spiele\Avatar\bin\Avatar.exe
FirewallRules: [{D4DF43D4-0C66-4FDC-9DDA-1EA64AB6C6D9}] => (Allow) H:\Spiele\Avatar\bin\AvatarLauncher.exe
FirewallRules: [{90BE629C-8FC7-4477-A8B8-4625A34F41C7}] => (Allow) H:\Spiele\Avatar\bin\AvatarLauncher.exe
FirewallRules: [TCP Query User{0214F3A7-95B1-4772-A02C-0F6C4BA8897A}G:\programme\qip\qip.exe] => (Allow) G:\programme\qip\qip.exe
FirewallRules: [UDP Query User{22C6C730-EE54-4CF2-968D-D8E2A36705D3}G:\programme\qip\qip.exe] => (Allow) G:\programme\qip\qip.exe
FirewallRules: [TCP Query User{0EF7921E-5BCD-4CC2-B9B0-2B4CEEF9DD92}G:\programme\qip\qip.exe] => (Block) G:\programme\qip\qip.exe
FirewallRules: [UDP Query User{22A86623-2E00-4BE5-B62E-8AF2B721DB3E}G:\programme\qip\qip.exe] => (Block) G:\programme\qip\qip.exe
FirewallRules: [TCP Query User{B3EEFF8F-A685-4EE3-865B-7A0698842837}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe] => (Allow) C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe
FirewallRules: [UDP Query User{9972FA76-0545-4720-B804-F950C66BAD44}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe] => (Allow) C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe
FirewallRules: [TCP Query User{57C37BE3-B0EB-4D55-A4B4-F84B4C5588DD}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [UDP Query User{B456813D-E6D5-4AB7-9F33-095C5A10EC87}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [TCP Query User{4D80F5E1-5FB1-4533-AB03-B265781FAC2F}G:\programme\firefox\firefox.exe] => (Allow) G:\programme\firefox\firefox.exe
FirewallRules: [UDP Query User{C301A87E-3E15-4D7E-BF9F-21F64C54AED7}G:\programme\firefox\firefox.exe] => (Allow) G:\programme\firefox\firefox.exe
FirewallRules: [{AFE8C676-94B6-47DE-B7DD-245CCFB6A34B}] => (Allow) G:\Spiele\Civ4\Civilization4.exe
FirewallRules: [{FD8185CB-BB5B-466D-A713-4007CE7BFA7A}] => (Allow) G:\Spiele\Civ4\Civilization4.exe
FirewallRules: [TCP Query User{979F57F6-BFB7-455B-B092-0C2079C23338}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{F7621FB3-8A4E-437C-B2F4-A154AEF7889E}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{51A96407-BE60-450E-9C9B-9AE1692AABAE}G:\spiele\return to castle wolfenstein\et.exe] => (Block) G:\spiele\return to castle wolfenstein\et.exe
FirewallRules: [UDP Query User{ECB1A91D-8E1D-4FA6-8434-195ECDA54EF4}G:\spiele\return to castle wolfenstein\et.exe] => (Block) G:\spiele\return to castle wolfenstein\et.exe
FirewallRules: [TCP Query User{2B7B8B6B-02ED-46E2-B1E2-A3EC67CD9711}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{5C3CBD2E-38DA-436A-9631-1A094FF843CF}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{0C5843E5-2184-4636-BE5A-0198B1EE144D}] => (Allow) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{D00F4137-9BDB-4644-A84B-41B3D2FBD99F}] => (Allow) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{10192BEE-0D17-40AF-9C85-1B8CC56679D1}] => (Allow) LPort=1542
FirewallRules: [{CF8A2690-7633-493D-B237-755992909B21}] => (Allow) LPort=1542
FirewallRules: [{17E3763F-5EA8-4E36-8E92-B12BB74925AF}] => (Allow) LPort=53
FirewallRules: [{F45FF53D-2156-4C0C-933F-0B403EC5A167}] => (Allow) LPort=80
FirewallRules: [{8CE03B20-23BE-4579-82DF-C1DE5D3ADCB1}] => (Allow) LPort=80
FirewallRules: [{E5DFA1E1-25DC-4320-923B-9667745BD060}] => (Allow) LPort=80
FirewallRules: [{0DCC0D3D-92F7-42C1-A5D3-759490FB5D0D}] => (Allow) G:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [{C305DE5C-EA8B-4D84-8358-6B6E7C1BE004}] => (Allow) G:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [TCP Query User{2B7FBBD1-B376-48EE-A0CC-35B6FB1EF2F9}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{4305BF48-D73E-4164-9096-55B8094065D9}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{33511513-13E0-421D-9A8B-8EBF878F9EAE}G:\spiele\wc3ft\war3.exe] => (Allow) G:\spiele\wc3ft\war3.exe
FirewallRules: [UDP Query User{5801BF73-F567-4658-AF26-81126149E477}G:\spiele\wc3ft\war3.exe] => (Allow) G:\spiele\wc3ft\war3.exe
FirewallRules: [{79CEA734-18C3-4539-8668-FAC948DC6FE3}] => (Allow) G:\Spiele\wc3ft\Frozen Throne.exe
FirewallRules: [{19E101DC-DAEE-4C01-968F-C62F6C635C59}] => (Allow) G:\Spiele\wc3ft\Frozen Throne.exe
FirewallRules: [TCP Query User{0E36FF4E-998A-4EFF-AEA1-E369A2648EE9}G:\spiele\wc3ft\war3.exe] => (Allow) G:\spiele\wc3ft\war3.exe
FirewallRules: [UDP Query User{055EA4FF-6497-4D22-A6B8-EEE9F62B1442}G:\spiele\wc3ft\war3.exe] => (Allow) G:\spiele\wc3ft\war3.exe
FirewallRules: [TCP Query User{6861D84F-279D-4E3D-BB97-603BBF565B7C}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{DF287267-7BEB-404C-863C-9BEB7F59F3AC}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{EAA2E3A4-3290-40E2-9030-C2D8A5A3CD4B}] => (Allow) G:\Spiele\ANNO1602\1602.exe
FirewallRules: [{257D3558-E6DF-492A-914C-3141E8923C9E}] => (Allow) G:\Spiele\ANNO1602\1602.exe
FirewallRules: [TCP Query User{59AF9E7C-C430-43DB-B28F-5C3EA19632F7}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{A4CCC909-5A07-4E95-9C6B-0A94879FE1EE}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{47C36DBC-4902-436D-9F6F-EC29B5CA4DCF}G:\spiele\age of empires\empires2.exe] => (Block) G:\spiele\age of empires\empires2.exe
FirewallRules: [UDP Query User{CC1B33F2-E6A3-422E-9E83-437D73C63106}G:\spiele\age of empires\empires2.exe] => (Block) G:\spiele\age of empires\empires2.exe
FirewallRules: [{008AC44C-0E7C-46DA-8BC9-A8F575CAABCD}] => (Allow) G:\Spiele\Civ4 - Complete\Civilization4.exe
FirewallRules: [{9F0C3483-D46D-4F45-A047-707F38A5E834}] => (Allow) G:\Spiele\Civ4 - Complete\Civilization4.exe
FirewallRules: [{8D4441B5-E153-43EA-BB02-D9C385DBDC14}] => (Allow) G:\Spiele\Civ4 - Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{6AE4B54C-E6F3-4030-9707-A81D0ED3A593}] => (Allow) G:\Spiele\Civ4 - Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{2E8D0071-B48B-4A90-B95A-7C64199F0E3C}] => (Allow) G:\Spiele\Civ4 - Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{9B0CAAB0-7F12-4D61-8F5B-4CEF89B8038E}] => (Allow) G:\Spiele\Civ4 - Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [TCP Query User{D6EB5AF5-8ED8-4539-A3AD-14F544C6298A}G:\spiele\civ4 - complete\civilization4.exe] => (Block) G:\spiele\civ4 - complete\civilization4.exe
FirewallRules: [UDP Query User{60EB019F-6174-48C2-B994-5BBF177D9F00}G:\spiele\civ4 - complete\civilization4.exe] => (Block) G:\spiele\civ4 - complete\civilization4.exe
FirewallRules: [TCP Query User{91D5CD34-966A-40CC-85FD-0CE2D7A8C9C2}C:\program files (x86)\slysoft\winamp\winamp.exe] => (Allow) C:\program files (x86)\slysoft\winamp\winamp.exe
FirewallRules: [UDP Query User{95FD8E5A-ECC4-4307-B965-52F216EF7286}C:\program files (x86)\slysoft\winamp\winamp.exe] => (Allow) C:\program files (x86)\slysoft\winamp\winamp.exe
FirewallRules: [TCP Query User{106033D7-0B9E-4FB0-9EA4-09C5BA02F372}G:\spiele\civ4\civilization4.exe] => (Block) G:\spiele\civ4\civilization4.exe
FirewallRules: [UDP Query User{61963017-EE5B-4CDC-A749-1535CE105379}G:\spiele\civ4\civilization4.exe] => (Block) G:\spiele\civ4\civilization4.exe
FirewallRules: [TCP Query User{A06E0C9A-C7BE-448E-8ECD-ACE19B33ABDF}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{645D38B9-00FD-4A83-8666-06238BA80E47}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{C547955E-2C85-424D-BC00-3BB38DEFD201}C:\program files (x86)\qip 2010\qip.exe] => (Block) C:\program files (x86)\qip 2010\qip.exe
FirewallRules: [UDP Query User{9538098C-F967-4103-A971-8A8FECD45E25}C:\program files (x86)\qip 2010\qip.exe] => (Block) C:\program files (x86)\qip 2010\qip.exe
FirewallRules: [TCP Query User{0011D549-4ED7-4DA1-8D7A-9AFF8228FB78}C:\program files (x86)\qip 2010\qip.exe] => (Allow) C:\program files (x86)\qip 2010\qip.exe
FirewallRules: [UDP Query User{10F9C05E-D083-4FB1-917C-5AE51448ED0B}C:\program files (x86)\qip 2010\qip.exe] => (Allow) C:\program files (x86)\qip 2010\qip.exe
FirewallRules: [TCP Query User{1D639947-3EF6-439D-8081-F5F6483C37D3}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{FD2D6B95-4586-4218-969D-6B248B94A61F}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{8BA6552F-AB3E-4B51-BFBC-399C6335EEB4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{C28BC18A-7B7B-4DB3-8591-65682E785376}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{B1D7BDD0-E167-47B3-996E-C50853992FE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\monkey2\Monkey2.exe
FirewallRules: [{FB62B986-6C83-4B11-8059-861220F2B884}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\monkey2\Monkey2.exe
FirewallRules: [TCP Query User{4584F86E-B3BD-4FFE-8D11-41267273EDDE}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{839D915B-9ED3-4936-B041-EC17DF91A283}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{81147C50-22EB-47B8-BC42-86090D95CE3C}G:\programme\x-chat 2\xchat.exe] => (Allow) G:\programme\x-chat 2\xchat.exe
FirewallRules: [UDP Query User{1D249207-A7B6-4353-95A5-6E06B8C20E32}G:\programme\x-chat 2\xchat.exe] => (Allow) G:\programme\x-chat 2\xchat.exe
FirewallRules: [{CC5FAC6E-492B-497F-BC15-4F0956E96EC7}] => (Allow) G:\Spiele\Darkspore\DarksporeBin\Darkspore.exe
FirewallRules: [{C5DDDB51-6693-41E9-B009-FE79BD6FDC27}] => (Allow) G:\Spiele\Darkspore\DarksporeBin\Darkspore.exe
FirewallRules: [TCP Query User{51CD10E3-3AD5-45D5-88CA-A558065A7EB7}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{E1CD9B5D-7912-4CDB-9037-9DF0D486D6D1}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [TCP Query User{91EC461E-A1F5-45B2-B9FF-08DA441CC1C4}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{03A21F6A-721A-400C-9179-478DD8E4C57F}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [TCP Query User{7D6A124A-C65F-4F79-B782-6F6016D8852A}H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Allow) H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe
FirewallRules: [UDP Query User{97F217D5-50BE-4F01-8571-CE5EF17656B5}H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Allow) H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe
FirewallRules: [TCP Query User{E69E12F9-4236-407A-A984-7584CBB4A634}H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Allow) H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe
FirewallRules: [UDP Query User{5F6F26F1-0864-42B5-A61A-71C6D97712A2}H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Allow) H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe
FirewallRules: [{6D534BC7-5220-46EE-BFFE-A4500A9176E6}] => (Allow) H:\Spiele\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{E24BC96A-A0DA-4953-9701-0F1FFB9141A5}] => (Allow) H:\Spiele\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{4CFAFD75-1AC7-4421-9F18-30D91305C949}] => (Allow) H:\Spiele\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{AAC6C58B-27D4-4E7B-A2FD-79215BBD955B}] => (Allow) H:\Spiele\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{E8643DF7-83FA-45F4-831C-5ED0BE7D6C77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blackwell legacy\blackwell1.exe
FirewallRules: [{B75F3118-4598-4E72-BDB6-2829E0391876}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blackwell legacy\blackwell1.exe
FirewallRules: [{BBC9605A-36EF-4D85-8732-D4D0CDFC69C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blackwell unbound\Unbound.exe
FirewallRules: [{1F74DD4C-22B6-4793-A98F-5FA5F5A2B25D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blackwell unbound\Unbound.exe
FirewallRules: [{692B3D70-09FE-4677-881B-494D90F76751}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blackwell convergence\Convergence.exe
FirewallRules: [{2E83F4F3-5965-42CF-AADB-A5A4BBDF0BDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blackwell convergence\Convergence.exe
FirewallRules: [{74B1B4CA-074B-4EE7-8F53-13D2B5A1B58D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nuclear dawn\ndsrv.exe
FirewallRules: [{820883AF-EDFA-47D7-B4D2-73B4754BACC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nuclear dawn\ndsrv.exe
FirewallRules: [{D64E0BB9-CCB1-4723-84C7-0026FEEA7D83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nuclear dawn\bin\SDKLauncher.exe
FirewallRules: [{19248A0C-D1E6-4D8B-99F7-1B9F835C1035}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nuclear dawn\bin\SDKLauncher.exe
FirewallRules: [{EF2BD3A3-39D8-4CB1-8C17-10645D130A6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rbs\Really Big Sky.exe
FirewallRules: [{E95B6D9C-6B9B-4FF4-A444-147E920E3F78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rbs\Really Big Sky.exe
FirewallRules: [{8443F0B7-E8DD-4F5D-9D3F-722F0E845D9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\aquaria\Aquaria.exe
FirewallRules: [{A18FA233-FFF8-41DA-AE6C-218F594A8967}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\aquaria\Aquaria.exe
FirewallRules: [TCP Query User{9839678D-1AA5-4A75-9210-C6F51D27B1C3}G:\spiele\farcry\bin32\farcry.exe] => (Block) G:\spiele\farcry\bin32\farcry.exe
FirewallRules: [UDP Query User{419B84F5-25E5-4451-BDC0-04B757B607F9}G:\spiele\farcry\bin32\farcry.exe] => (Block) G:\spiele\farcry\bin32\farcry.exe
FirewallRules: [{52E30F4F-1705-445E-B248-A8B6EA949311}] => (Allow) C:\Users\Dodo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B7AADC19-49D7-41E8-8003-F68208F41941}] => (Allow) C:\Users\Dodo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D1329306-140B-4D2F-84E7-2B9A101ACB65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Puzzle Agent 2\Grickle102.exe
FirewallRules: [{76702735-32A9-4185-B81D-C6097B05C663}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Puzzle Agent 2\Grickle102.exe
FirewallRules: [{55C7E51C-4E4A-4EDE-99AD-092562A86BFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anomaly Warzone Earth\AnomalyWarzoneEarth.exe
FirewallRules: [{42AA2EDB-DAA1-4ACC-8AA6-40D76FDCD466}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anomaly Warzone Earth\AnomalyWarzoneEarth.exe
FirewallRules: [{4C80B975-4F9A-4911-8A62-BDF4207D53F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Children of the Nile\CoTN.exe
FirewallRules: [{A320BF7C-1F37-42F2-800B-C933894FCDDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Children of the Nile\CoTN.exe
FirewallRules: [{3A625B2F-68EE-4BB5-A0D1-B90740DFF1EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unmechanical\Binaries\Win32\UDK.exe
FirewallRules: [{3409CF9E-1D62-4F11-8034-2D1A72C8301B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unmechanical\Binaries\Win32\UDK.exe
FirewallRules: [{7C269F47-6FE7-4F33-B0A5-95EFE8F2EE6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Krater\run_game.exe
FirewallRules: [{8FD7900F-9F74-44AB-BA7A-3ED744863EF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Krater\run_game.exe
FirewallRules: [{C6B53DF2-9D36-4AAD-8D75-8DD5F3CA90BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dream Machine\the_dream_machine.exe
FirewallRules: [{898DFB1A-343E-4899-9A02-350F4820EFE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dream Machine\the_dream_machine.exe
FirewallRules: [TCP Query User{7046F82D-4763-47B1-A71E-D8B175EEA9BE}C:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe] => (Block) C:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe
FirewallRules: [UDP Query User{5C6CDBB0-4C48-4CAB-875F-EC8FE93A52D8}C:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe] => (Block) C:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe
FirewallRules: [{19D8FCCD-FB9E-4173-90C6-666A653C36EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nuclear dawn\nucleardawn.exe
FirewallRules: [{BBCE5C2D-9934-4E0C-B053-A00B654337EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nuclear dawn\nucleardawn.exe
FirewallRules: [{EB92C349-3CEC-4D0B-8045-69423EA15D71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{B246163B-E0C3-4A30-B7D9-C1F78D199850}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{DA149523-62FC-4F87-BE0D-2D55A32EC730}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{2B36C248-4C13-42A9-B00C-1A07FD0E2458}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{68CBA541-39B9-4A52-B31A-DEE84CF0DF56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{692854D9-4952-4D20-8778-10CC99B7C5AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [TCP Query User{5712E80B-63D1-4381-93DA-041B9118B949}C:\program files (x86)\tomahawk\tomahawk.exe] => (Allow) C:\program files (x86)\tomahawk\tomahawk.exe
FirewallRules: [UDP Query User{9FA226DC-9B7F-42F5-A198-622B9E0920B1}C:\program files (x86)\tomahawk\tomahawk.exe] => (Allow) C:\program files (x86)\tomahawk\tomahawk.exe
FirewallRules: [TCP Query User{B4D9386F-A3F1-42AC-868D-F8A34C442122}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{AF6F1952-EA27-4997-9A50-B3091AC02439}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{572160F8-D9BF-481B-BEEC-963FB5944C42}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{112C5841-DFBE-4918-9AA3-4623753F9927}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{98FD4D3E-9F1B-45FD-8565-14DD1695F659}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{BA6C23F3-02E8-46AA-8EC5-08DB90E76ED8}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [{96DC8AE7-D131-43FC-AEC9-059A404431E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Eufloria\Eufloria.exe
FirewallRules: [{16B6223D-F4F2-4009-BDE5-97361F69786D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Eufloria\Eufloria.exe
FirewallRules: [TCP Query User{A12FF843-122D-41B7-88F8-847A24AFCDCF}C:\program files (x86)\steam\steam.exe] => (Block) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{CF1327EE-6988-48B6-A9BD-A2983AFDB1D1}C:\program files (x86)\steam\steam.exe] => (Block) C:\program files (x86)\steam\steam.exe
FirewallRules: [{9C5BF215-DB4F-4C37-86CD-F8B9B04B7BF7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B2542680-7704-4171-A418-EB3FB115F890}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6C9C33FD-F653-4368-8896-27F40C654BB6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{7FE9725A-2E2B-451A-AB71-F37922F31474}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{7F5AEC49-3D62-4C04-A994-A6008174868B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fractal\fractal.exe
FirewallRules: [{7D63FB58-4E02-4EEC-8E9B-27D9B082B6A7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fractal\fractal.exe
FirewallRules: [{A857C3B1-C26C-4B85-BF32-C74EE4A8ACDB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Path\PathViewer.exe
FirewallRules: [{024314D0-8C4A-4A03-B072-850C46F66F5C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Path\PathViewer.exe
FirewallRules: [{37D862E0-073E-446A-9211-0500A5C1FE84}] => (Allow) C:\Program Files (x86)\webcam 7\wLite.exe
FirewallRules: [{6F6CD146-0BEF-4ADF-BFA7-C49711C4B194}] => (Allow) C:\Program Files (x86)\webcam 7\wLite.exe
FirewallRules: [{4299BEC9-AB85-48EB-947D-205804FC55F7}] => (Allow) C:\Program Files (x86)\webcam 7\wService.exe
FirewallRules: [{796E5F06-0E0E-4D73-877E-6A867DCD6631}] => (Allow) C:\Program Files (x86)\webcam 7\wService.exe
FirewallRules: [{7A1A59D7-A5B6-41BB-8883-98DC6DD56A2B}] => (Allow) C:\Users\Dodo\AppData\Local\vghd\bin\Virtuagirl_Downloader.exe
FirewallRules: [{B5F18611-4BC3-4630-8D2B-7A04D32259CC}] => (Allow) C:\Users\Dodo\AppData\Local\vghd\bin\Virtuagirl_Downloader.exe
FirewallRules: [TCP Query User{2FE753AC-5569-4401-BA6C-E537AF5E4F77}G:\spiele\dragon age\bin_ship\daorigins.exe] => (Block) G:\spiele\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{89D60E64-0C6F-424A-A80D-ECC66138AB60}G:\spiele\dragon age\bin_ship\daorigins.exe] => (Block) G:\spiele\dragon age\bin_ship\daorigins.exe
FirewallRules: [{F133E6F8-0579-46BA-9A82-236FB2DAFECD}] => (Allow) C:\Users\Dodo\AppData\Local\vghd\bin\Virtuagirl_Downloader.exe
FirewallRules: [{C442AC3E-2B86-481A-BA7A-4F9402828439}] => (Allow) C:\Users\Dodo\AppData\Local\vghd\bin\Virtuagirl_Downloader.exe
FirewallRules: [{58D04961-E240-4CFB-A53A-7C6AB341B265}] => (Allow) H:\Spiele\Peggle Deluxe\Peggle.exe
FirewallRules: [{E4938D0A-8EDE-4C0D-84D7-1FDFD6F8D96C}] => (Allow) H:\Spiele\Peggle Deluxe\Peggle.exe
FirewallRules: [{BC3945F0-0C9C-4401-9258-0910CFD2E8EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{823DBA16-C311-4074-81FA-98900BFB5652}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{46981D27-5B9F-4A26-B472-C707AAC5F8EC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E536A8DD-7CBD-4DCF-87FD-BB95BB1403B9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E5033104-B807-465B-923E-8D18AF12FAD4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RAGE\Rage.exe
FirewallRules: [{5FA6B2C8-EDBC-415B-A3A6-543FEF3D5421}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RAGE\Rage.exe
FirewallRules: [{CFF478BF-2D97-4333-A1BA-32F3EBC2F753}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RAGE\Rage64.exe
FirewallRules: [{6179D8CC-8475-4192-AA35-663436648C84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RAGE\Rage64.exe
FirewallRules: [TCP Query User{971206DB-22ED-4C6C-9A3D-0EC5147535AB}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{38259DE5-A5C9-4992-8FA2-F9B2C1FC0C3A}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{8FADC12F-AB22-49D9-B2E1-F67B425E6876}] => (Allow) C:\Users\Dodo\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{AEAC4E7A-B3B2-4F84-8A5F-19586BD0AB97}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3C4544C2-C354-42A5-A680-C7EA69B58C02}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{3A1AA0E9-5AA1-47AA-8279-0983A2D04102}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{B2791C9F-114B-4374-9381-DC5C31020127}] => (Allow) C:\Users\Dodo\AppData\Local\Apps\2.0\MBJK7BLZ.BKV\DC17LPBR.VHM\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
FirewallRules: [{5E46F96F-9D0F-4F56-BB4C-9881843C2DA5}] => (Allow) C:\Users\Dodo\AppData\Local\Apps\2.0\MBJK7BLZ.BKV\DC17LPBR.VHM\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
FirewallRules: [{9E71FD1C-770C-41A1-A34F-049DBE0B9D74}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{17C19D37-574B-4DE6-A6E5-8AA71B71C741}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{55764CB9-03C6-4A52-B68F-DE8B1A99C221}] => (Allow) G:\Programme\Firefox\firefox.exe
FirewallRules: [{9C20345D-1F41-49DE-AC80-D99A8375ADF9}] => (Allow) G:\Programme\Firefox\firefox.exe
FirewallRules: [{1A2CEDEC-AE4A-427D-9DE8-EA07C916902E}] => (Allow) H:\Spiele\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{9F5F4334-B405-4500-BB3E-C9DAD97073D9}] => (Allow) H:\Spiele\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{B3BD9A7F-BCD1-45D2-A876-FF1DAD999DEB}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{2FF291CB-8C43-4249-BC61-D66698E8D7F6}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{A365A11A-1749-4877-AAAF-CB3685E30777}] => (Allow) LPort=26675
FirewallRules: [{85A3DF43-2958-4928-994F-F7464C0AE4BE}] => (Allow) G:\Programme\Firefox\firefox.exe
FirewallRules: [{69B8B30C-3B59-4F9E-8F45-708177EE2447}] => (Allow) G:\Programme\Firefox\firefox.exe
FirewallRules: [{ADC8690D-77A0-4FA6-8BAE-441341D79222}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8FFD3624-5BE2-47AC-975E-28CFB00A9441}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{C2A4D8C4-2024-4235-9660-24C702100459}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{8AA8022F-6DE5-4340-B2C5-54B281CC94DD}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{6C51C4E8-6B20-41D4-A834-EF8214896C68}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{78CA2536-2D3B-4EBC-9274-07F0C8D91A28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheEvilWithin\EvilWithin.exe

==================== Wiederherstellungspunkte =========================

24-08-2016 16:24:08 Windows Update
24-08-2016 18:00:36 Windows Update
02-10-2016 11:37:38 Installed Microsoft Server Speech Platform Runtime (x86)
02-10-2016 11:38:15 Installed Microsoft Server Speech Text to Speech Voice (de-DE, Hedda)
02-10-2016 11:38:43 Installed Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro)

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/31/2016 03:31:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung versabus-5.exe, Version 1.99.9.9, Zeitstempel 0x5315892f, fehlerhaftes Modul versabus-5.exe, Version 1.99.9.9, Zeitstempel 0x5315892f, Ausnahmecode 0xc0000005, Fehleroffset 0x0000113e,
Prozess-ID 0x17a0, Anwendungsstartzeit 01d233838643d350.

Error: (10/17/2016 03:06:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\DODO\DESKTOP\TOR BROWSER\BROWSER\TORBROWSER\DATA\BROWSER\PROFILE.DEFAULT\PREFS-1.JS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog

Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/28/2016 06:01:59 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\DODO\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\MNXO088K.DEFAULT\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog

Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/21/2016 02:13:29 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={EC095443-4F74-4960-82CA-C41D36085170}: Der Benutzer "ANONYMOUS\Dodo" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 815.

Error: (09/11/2016 12:34:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 48.0.2.6079, Zeitstempel 0x57bd3628, fehlerhaftes Modul mozglue.dll, Version 48.0.2.6079, Zeitstempel 0x57bd2857, Ausnahmecode 0x80000003, Fehleroffset 0x0000efe5,
Prozess-ID 0x738, Anwendungsstartzeit 01d20bbb9c60d9e1.

Error: (09/05/2016 05:51:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\AVAST Software\Avast\Setup\4815a8ed-a18f-4ec2-a6b8-9f54c0e558ee.dll".
Die abhängige Assemblierung "Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (08/29/2016 05:23:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Ini2TABDelim.exe, Version 0.0.0.1, Zeitstempel 0x4faefdca, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.19594, Zeitstempel 0x56ac2a1d, Ausnahmecode 0x0eedfade, Fehleroffset 0x0002012f,
Prozess-ID 0x1228, Anwendungsstartzeit 01d20211a6ad6459.

Error: (08/24/2016 08:09:22 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Windows.Presentation, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020

Error: (08/24/2016 07:52:36 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: PresentationFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020

Error: (08/24/2016 06:11:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "PNRPsvc" in der DLL "C:\Windows\system32\pnrpperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.


Systemfehler:
=============
Error: (11/01/2016 06:41:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
i8042prt

Error: (11/01/2016 06:41:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (11/01/2016 01:35:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.

Error: (11/01/2016 01:33:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Realtek11nSU erreicht.

Error: (11/01/2016 01:32:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
i8042prt

Error: (11/01/2016 01:32:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (10/31/2016 01:49:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
i8042prt

Error: (10/31/2016 01:49:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Realtek11nSU erreicht.

Error: (10/31/2016 01:49:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (10/27/2016 10:06:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
i8042prt


CodeIntegrity:
===================================
  Date: 2016-10-31 14:13:45.597
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-10-31 14:13:45.347
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-10-31 14:13:45.082
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-10-31 14:13:44.817
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-10-31 14:13:44.552
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-10-31 14:13:44.287
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-10-31 14:13:43.070
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-10-31 14:13:42.805
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-10-31 14:13:42.555
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-10-31 14:13:42.305
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Prozentuale Nutzung des RAM: 48%
Installierter physikalischer RAM: 6141.58 MB
Verfügbarer physikalischer RAM: 3137.73 MB
Summe virtueller Speicher: 12480.13 MB
Verfügbarer virtueller Speicher: 9219.56 MB

==================== Laufwerke ================================

Drive c: (Charles) (Fixed) (Total:519.45 GB) (Free:331.85 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive g: (Charleene) (Fixed) (Total:97.66 GB) (Free:9.91 GB) NTFS
Drive h: (Charly) (Fixed) (Total:314.41 GB) (Free:68.59 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 875289B3)
Partition 1: (Active) - (Size=519.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=314.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
Danke schonmal, lieber Jürgen!

Viele Grüße
Wiebke
__________________

Alt 02.11.2016, 17:15   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
PayPal Phishing Mail - ZIP-Anhang - Standard

PayPal Phishing Mail - ZIP-Anhang



FRST.txt ist nicht vollständig gepostet.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 03.11.2016, 17:13   #5
nameweg
 
PayPal Phishing Mail - ZIP-Anhang - Standard

PayPal Phishing Mail - ZIP-Anhang



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016
durchgeführt von Dodo (Administrator) auf ANONYMOUS (01-11-2016 19:09:07)
Gestartet von C:\Users\Dodo\Desktop
Geladene Profile: Dodo (Verfügbare Profile: Dodo & Administrator)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 9 (Standard-Browser: "G:\Programme\Firefox\firefox.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
(Digital Extremes) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
(Mozilla Corporation) G:\Programme\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6963744 2009-01-20] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2016-01-29] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-27] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [MWS Reader 5] => C:\Program Files (x86)\MWS Reader 5\mwsr5.exe [13272064 2015-05-11] (directINNOVATION UG (haftungsbeschränkt))
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\Run: [GAINWARD] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2181672 2009-05-12] (Gainward Co.)
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\Run: [sonet-8] => C:\ProgramData\sonet-26\sonet-1.exe [458752 2016-11-01] (DirecTV both)
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\MountPoints2: {15e1e7c6-0317-11e6-a629-00241d8b6ae7} - K:\AutoRun.exe
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\MountPoints2: {15e1e7cb-0317-11e6-a629-00241d8b6ae7} - K:\AutoRun.exe
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\MountPoints2: {2d7223c2-db87-11e4-878e-00241d8b6ae7} - K:\AutoRun.exe
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\MountPoints2: {dc4b95d1-5b65-11e3-8a94-00241d8b6ae7} - F:\auvisio.exe
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\vghd\\VGHD.SCR
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-27] (AVAST Software)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2015-08-07]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Dodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\molecule-7.lnk [2016-11-01]
ShortcutTarget: molecule-7.lnk -> C:\Users\Dodo\AppData\Roaming\molecule-51\molecule-32.exe ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{52529908-1B7A-4824-B72C-C96AEFA12052}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F77FACE0-805A-4608-B792-CCC2E5C32A90}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.qip.ru
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM-x32 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000 -> DefaultScope {0AF5279C-C66B-46F6-A95E-B81EB16A0686} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000 -> {0AF5279C-C66B-46F6-A95E-B81EB16A0686} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2009-11-08] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-27] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25] (CANON INC.)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2009-11-08] (Microsoft Corporation)
BHO-x32: Kein Name -> {6B5863A0-C43F-4C0A-982B-CC0E9125783F} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-31] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-27] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-31] (Oracle Corporation)
Toolbar: HKLM - Kein Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Toolbar: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  Keine Datei
DPF: HKLM-x32 {15BE8BEE-4105-4A79-B385-25068AA967DB} hxxp://dizun95pzobbc.cloudfront.net/VBIMDPlayer.CAB
DPF: HKLM-x32 {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} hxxp://dizun95pzobbc.cloudfront.net/INDBrowser.CAB

FireFox:
========
FF ProfilePath: C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default [2016-11-01]
FF user.js: detected! => C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\user.js [2010-03-31]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\mnxo088k.default -> hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF Homepage: Mozilla\Firefox\Profiles\mnxo088k.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\mnxo088k.default -> hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> ftp", "94.23.205.32"
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> http", "94.23.205.32"
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> socks", "94.23.205.32"
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> ssl", "94.23.205.32"
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> ssl_port", 3128
FF Extension: (stealthy) - C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\Extensions\stealthyextension@gmail.com.xpi [2016-08-04]
FF Extension: (Flagfox) - C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(74) [2013-03-22] [ist nicht signiert]
FF Extension: (Free YouTube Download (Free Studio) Menu) - C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011-10-28] [ist nicht signiert]
FF Extension: (Video DownloadHelper) - C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-11]
FF Extension: (Adblock Plus) - C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-31]
FF SearchPlugin: C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\searchplugins\disconnectsearch.xml [2015-11-20]
FF SearchPlugin: C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\searchplugins\google-images.xml [2015-02-11]
FF SearchPlugin: C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\searchplugins\google-maps.xml [2015-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-04] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-27]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: (Citavi Picker) - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-02] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-26] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-09-07] (CANON INC.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll [Keine Datei]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-2904693490-1559453303-1626246330-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2904693490-1559453303-1626246330-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dodo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-27]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-27] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5554152 2015-11-27] (Avast Software)
S4 DAUpdaterSvc; G:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S4 GEST Service; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-02-06] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2016-01-29] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert]
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2016-01-29] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099720 2016-07-23] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2009-10-17] ()
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek) [Datei ist nicht signiert]
S4 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [Datei ist nicht signiert]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-27] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64712 2015-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-27] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [214008 2015-11-27] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65224 2015-11-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-27] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2011-06-07] ()
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-06-07] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 MicNgBas; C:\Windows\System32\DRIVERS\MicNgBas.sys [89896 2012-10-31] (Micronas GmbH)
R3 MicNgCap; C:\Windows\System32\DRIVERS\MicNgCap.sys [99624 2012-10-31] (Micronas GmbH)
R3 MicNgTun; C:\Windows\System32\DRIVERS\MicNgTun.sys [339240 2012-10-31] (Micronas GmbH)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-11-27] (AVAST Software)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31264 2009-11-16] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31264 2009-11-16] (RapidSolution Software AG)
S4 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [163644 2010-07-20] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Datei ist nicht signiert]
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [77952 2009-02-03] (Protection Technology (StarForce))
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [107384 2007-02-08] (Protection Technology (StarForce))
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2010-12-21] () [Datei ist nicht signiert]
S2 TBPanel; kein ImagePath
R3 USBSTOR; C:\Windows\SysWOW64\DRIVERS\USBSTOR.SYS [0 2012-08-28] () <==== ACHTUNG (Null Byte Datei/Ordner)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-11-27] (Avast Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-01 19:09 - 2016-11-01 19:09 - 00024539 _____ C:\Users\Dodo\Desktop\FRST.txt
2016-11-01 19:08 - 2016-11-01 19:09 - 00000000 ____D C:\FRST
2016-11-01 19:07 - 2016-11-01 19:07 - 02408960 _____ (Farbar) C:\Users\Dodo\Desktop\FRST64.exe
2016-11-01 13:44 - 2016-11-01 13:44 - 00000000 ____D C:\Users\Dodo\AppData\Roaming\molecule-51
2016-11-01 13:39 - 2016-11-01 13:39 - 00000000 ____D C:\Users\Dodo\AppData\Roaming\current-7
2016-11-01 13:36 - 2016-11-01 13:36 - 00000000 ____D C:\ProgramData\sonet-26
2016-10-31 14:00 - 2016-11-01 13:34 - 00000000 ____D C:\ProgramData\photon-61
2016-10-27 18:14 - 2016-10-31 13:58 - 00000000 ____D C:\ProgramData\ry
2016-10-17 18:53 - 2016-10-17 18:53 - 00567776 _____ C:\Users\Dodo\Desktop\FLT_WCPVLL8818_0.pdf
2016-10-02 11:39 - 2016-10-02 11:39 - 00000000 ____D C:\Windows\Lhsp
2016-10-02 11:37 - 2016-10-02 11:39 - 00000000 ____D C:\Program Files (x86)\MWS Reader 5
2016-10-02 11:37 - 2016-10-02 11:37 - 00001046 _____ C:\Users\Public\Desktop\MWS Reader 5.lnk
2016-10-02 11:37 - 2016-10-02 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MWS Reader 5

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-01 19:04 - 2006-11-02 16:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-01 19:04 - 2006-11-02 16:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-01 18:59 - 2010-08-25 21:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-01 18:57 - 2013-07-29 17:34 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-01 18:53 - 2010-08-25 21:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-01 18:49 - 2013-01-13 11:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-01 18:48 - 2008-01-21 12:10 - 01692202 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-01 18:48 - 2008-01-21 12:09 - 00719864 _____ C:\Windows\system32\perfh007.dat
2016-11-01 18:48 - 2008-01-21 12:09 - 00165892 _____ C:\Windows\system32\perfc007.dat
2016-11-01 18:48 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\inf
2016-11-01 18:41 - 2006-11-02 16:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-01 14:26 - 2015-10-07 10:49 - 00000012 _____ C:\Windows\bthservsdp.dat
2016-11-01 14:26 - 2006-11-02 16:42 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-01 14:04 - 2014-02-19 16:59 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2904693490-1559453303-1626246330-1000UA.job
2016-10-31 19:56 - 2015-10-13 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-31 19:56 - 2013-10-01 16:12 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-31 19:55 - 2015-10-13 17:06 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-10-31 17:04 - 2014-02-19 16:59 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2904693490-1559453303-1626246330-1000Core.job
2016-10-31 14:04 - 2014-08-09 18:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-31 14:00 - 2014-08-09 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-10-31 14:00 - 2014-08-09 18:11 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-10-31 14:00 - 2012-12-12 22:32 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-10-27 18:14 - 2016-08-17 14:51 - 00000000 ____D C:\Users\Dodo\Desktop\BNE-Projekt-Computer
2016-10-26 18:50 - 2013-01-13 11:53 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-26 18:50 - 2012-04-03 11:35 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-26 18:50 - 2011-11-11 12:53 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-26 18:50 - 2011-05-19 19:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-26 18:50 - 2009-08-29 10:18 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-24 19:38 - 2011-09-13 08:56 - 00000000 ____D C:\Users\Dodo\AppData\Roaming\vlc
2016-10-24 19:36 - 2011-09-28 13:14 - 00000000 ____D C:\Users\Dodo\AppData\Roaming\dvdcss
2016-10-22 17:06 - 2012-05-05 11:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-17 20:11 - 2013-10-31 21:14 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-17 15:05 - 2015-08-19 19:34 - 00000000 ____D C:\Users\Dodo\Desktop\Tor Browser
2016-10-06 18:34 - 2010-06-10 19:04 - 00000000 ____D C:\Users\Dodo\dwhelper
2016-10-03 11:51 - 2006-11-02 16:21 - 00290712 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-02 20:41 - 2013-02-01 15:05 - 00000000 ____D C:\Users\Dodo\AppData\Local\MWSReader
2016-10-02 11:39 - 2009-08-28 21:32 - 00061408 _____ C:\Users\Dodo\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-02 11:39 - 2009-08-28 21:31 - 00000000 ____D C:\Users\Dodo

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2011-01-19 12:30 - 2011-01-19 12:30 - 142700671 _____ () C:\Program Files\openofficeorg1.cab
2011-01-19 12:34 - 2011-01-19 12:34 - 3003392 _____ () C:\Program Files\openofficeorg33.msi
2011-01-19 12:33 - 2011-01-19 12:33 - 0475016 _____ () C:\Program Files\setup.exe
2011-01-19 11:15 - 2011-01-19 11:15 - 0000290 _____ () C:\Program Files\setup.ini
2014-06-30 10:45 - 2014-07-24 18:35 - 0002181 _____ () C:\Users\Dodo\AppData\Roaming\FoxitReaderUpdateInfo.txt
2015-03-31 19:43 - 2015-03-31 19:44 - 0019408 _____ () C:\Users\Dodo\AppData\Roaming\UserTile.png
2010-09-08 22:44 - 2015-02-11 19:38 - 0001356 _____ () C:\Users\Dodo\AppData\Local\d3d9caps.dat
2009-08-28 21:31 - 2012-06-04 17:18 - 0001460 _____ () C:\Users\Dodo\AppData\Local\d3d9caps64.dat
2009-08-30 01:25 - 2016-08-02 07:44 - 0204800 _____ () C:\Users\Dodo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-02-15 19:31 - 2010-02-15 19:31 - 0028150 _____ () C:\Users\Dodo\AppData\Local\dd_depcheckdotnetfx30.txt
2009-09-05 09:37 - 2015-07-03 18:19 - 0466942 _____ () C:\Users\Dodo\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2015-07-03 13:54 - 2015-07-03 13:54 - 0000002 _____ () C:\Users\Dodo\AppData\Local\dd_dotnetfx35error.txt
2009-09-05 09:36 - 2009-09-05 09:36 - 0000002 _____ () C:\Users\Dodo\AppData\Local\dd_dotnetfx35error_lp.txt
2015-07-03 13:54 - 2015-07-03 18:31 - 0739230 _____ () C:\Users\Dodo\AppData\Local\dd_dotnetfx35install.txt
2009-09-05 09:36 - 2015-07-03 14:04 - 0161434 _____ () C:\Users\Dodo\AppData\Local\dd_dotnetfx35install_lp.txt
2010-02-15 19:31 - 2010-02-15 19:31 - 0000718 _____ () C:\Users\Dodo\AppData\Local\dd_dotnetfx3error.txt
2010-02-15 19:31 - 2010-02-15 19:31 - 0032020 _____ () C:\Users\Dodo\AppData\Local\dd_dotnetfx3install.txt
2015-07-03 14:04 - 2015-07-03 14:04 - 0976830 _____ () C:\Users\Dodo\AppData\Local\dd_NET_Framework35_LangPack_MSI14EA.txt
2009-09-05 09:37 - 2009-09-05 09:37 - 0811580 _____ () C:\Users\Dodo\AppData\Local\dd_NET_Framework35_LangPack_MSI1B84.txt
2015-07-03 14:03 - 2015-07-03 14:04 - 2824480 _____ () C:\Users\Dodo\AppData\Local\dd_NET_Framework35_x64_MSI1436.txt
2015-07-03 18:31 - 2015-07-03 18:31 - 2824524 _____ () C:\Users\Dodo\AppData\Local\dd_NET_Framework35_x64_MSI60B5.txt
2012-02-15 17:17 - 2012-02-15 17:17 - 0436462 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI0841.txt
2011-12-04 13:21 - 2011-12-04 13:21 - 0361158 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI0BB0.txt
2015-07-03 13:53 - 2015-07-03 13:53 - 0368912 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI0C5E.txt
2011-04-08 23:11 - 2011-04-08 23:11 - 0374186 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI0F99.txt
2011-11-11 19:08 - 2011-11-11 19:08 - 0365012 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI1037.txt
2013-03-22 20:53 - 2013-03-22 20:53 - 0377928 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI110B.txt
2013-03-22 20:53 - 2013-03-22 20:53 - 0386394 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI1142.txt
2010-04-20 16:42 - 2010-04-20 16:43 - 0445814 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI291D.txt
2013-12-29 21:05 - 2013-12-29 21:05 - 0417886 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI2BB1.txt
2012-02-02 15:15 - 2012-02-02 15:15 - 0359074 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI3337.txt
2011-11-09 15:03 - 2011-11-09 15:03 - 0365304 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI386F.txt
2010-12-05 14:52 - 2010-12-05 14:52 - 0359244 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI3974.txt
2009-10-31 18:10 - 2009-10-31 18:11 - 0420394 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI3BD7.txt
2012-11-26 18:38 - 2012-11-26 18:38 - 0367402 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI4261.txt
2011-11-09 12:37 - 2011-11-09 12:37 - 0359238 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI48D1.txt
2011-11-11 12:06 - 2011-11-11 12:06 - 0365780 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI4D51.txt
2009-11-04 23:04 - 2009-11-04 23:04 - 0330262 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI54E1.txt
2013-03-25 22:52 - 2013-03-25 22:53 - 0375386 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI56C3.txt
2013-03-25 22:53 - 2013-03-25 22:53 - 0387932 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI56FB.txt
2013-07-29 17:34 - 2013-07-29 17:34 - 0389020 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI57A2.txt
2015-07-03 18:19 - 2015-07-03 18:19 - 0368912 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI57A3.txt
2011-09-08 15:26 - 2011-09-08 15:27 - 0381366 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI5E05.txt
2011-09-08 15:27 - 2011-09-08 15:27 - 0365718 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI5E92.txt
2011-09-10 14:53 - 2011-09-10 14:54 - 0464442 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI616D.txt
2009-12-06 13:34 - 2009-12-06 13:34 - 0335136 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI652B.txt
2011-04-29 22:46 - 2011-04-29 22:47 - 0463016 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI6572.txt
2013-10-27 18:03 - 2013-10-27 18:03 - 0375088 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI65F1.txt
2013-10-27 18:03 - 2013-10-27 18:03 - 0386866 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI6607.txt
2011-06-16 19:17 - 2011-06-16 19:18 - 0474996 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI6B7F.txt
2012-02-15 17:17 - 2012-02-15 17:17 - 0011360 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI0841.txt
2011-12-04 13:21 - 2011-12-04 13:21 - 0011218 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI0BB0.txt
2015-07-03 13:53 - 2015-07-03 13:53 - 0011234 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI0C5E.txt
2011-04-08 23:11 - 2011-04-08 23:11 - 0013674 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI0F99.txt
2011-11-11 19:08 - 2011-11-11 19:08 - 0011370 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI1037.txt
2013-03-22 20:53 - 2013-03-22 20:53 - 0086532 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI110B.txt
2013-03-22 20:53 - 2013-03-22 20:53 - 0086436 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI1142.txt
2010-04-20 16:42 - 2010-04-20 16:43 - 0011642 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI291D.txt
2013-12-29 21:05 - 2013-12-29 21:05 - 0011152 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI2BB1.txt
2012-02-02 15:15 - 2012-02-02 15:15 - 0011474 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI3337.txt
2011-11-09 15:03 - 2011-11-09 15:03 - 0017426 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI386F.txt
2010-12-05 14:52 - 2010-12-05 14:52 - 0011138 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI3974.txt
2009-10-31 18:10 - 2009-10-31 18:11 - 0011442 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI3BD7.txt
2012-11-26 18:38 - 2012-11-26 18:38 - 0011202 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI4261.txt
2011-11-09 12:37 - 2011-11-09 12:37 - 0011138 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI48D1.txt
2011-11-11 12:06 - 2011-11-11 12:06 - 0011402 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI4D51.txt
2009-11-04 23:04 - 2009-11-04 23:04 - 0011218 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI54E1.txt
2013-03-25 22:52 - 2013-03-25 22:53 - 0012336 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI56C3.txt
2013-03-25 22:53 - 2013-03-25 22:53 - 0012416 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI56FB.txt
2013-07-29 17:34 - 2013-07-29 17:34 - 0015074 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI57A2.txt
2015-07-03 18:19 - 2015-07-03 18:19 - 0011234 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI57A3.txt
2011-09-08 15:26 - 2011-09-08 15:27 - 0011616 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI5E05.txt
2011-09-08 15:27 - 2011-09-08 15:27 - 0011424 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI5E92.txt
2011-09-10 14:53 - 2011-09-10 14:54 - 0019922 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI616D.txt
2009-12-06 13:34 - 2009-12-06 13:34 - 0433234 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI652B.txt
2011-04-29 22:46 - 2011-04-29 22:47 - 0014818 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI6572.txt
2013-10-27 18:03 - 2013-10-27 18:03 - 0011360 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI65F1.txt
2013-10-27 18:03 - 2013-10-27 18:03 - 0011408 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI6607.txt
2011-06-16 19:17 - 2011-06-16 19:18 - 0216228 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI6B7F.txt
2009-10-19 17:11 - 2009-10-19 17:11 - 0000092 _____ () C:\Users\Dodo\AppData\Local\fusioncache.dat
2015-12-14 18:14 - 2015-12-14 18:14 - 0012282 _____ () C:\Users\Dodo\AppData\Local\recently-used.xbel
2009-09-05 09:36 - 2015-07-03 18:31 - 0009286 _____ () C:\Users\Dodo\AppData\Local\uxeventlog.txt
2009-08-30 12:56 - 2010-05-13 10:46 - 0000126 ___SH () C:\ProgramData\.zreglib

Einige Dateien in TEMP:
====================
C:\Users\Dodo\AppData\Local\Temp\AskSLib.dll
C:\Users\Dodo\AppData\Local\Temp\cct.dll
C:\Users\Dodo\AppData\Local\Temp\Checkupdate.exe
C:\Users\Dodo\AppData\Local\Temp\DivXSetup.exe
C:\Users\Dodo\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Dodo\AppData\Local\Temp\drm_dyndata_7340007.dll
C:\Users\Dodo\AppData\Local\Temp\drm_dyndata_7380006.dll
C:\Users\Dodo\AppData\Local\Temp\drm_dyndata_7400004.dll
C:\Users\Dodo\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Dodo\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Dodo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdxp5jk.dll
C:\Users\Dodo\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Dodo\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Dodo\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Dodo\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Dodo\AppData\Local\Temp\installerdll19094257.dll
C:\Users\Dodo\AppData\Local\Temp\installerdll19105177.dll
C:\Users\Dodo\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.2-R0.3-56-g3779cff-b3072jnks.dll
C:\Users\Dodo\AppData\Local\Temp\JavaIC.dll
C:\Users\Dodo\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Dodo\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Dodo\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Dodo\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Dodo\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Dodo\AppData\Local\Temp\msscct32.dll
C:\Users\Dodo\AppData\Local\Temp\NEventMessages.dll
C:\Users\Dodo\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Dodo\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Dodo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Dodo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Dodo\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Dodo\AppData\Local\Temp\nvStInst.exe
C:\Users\Dodo\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Dodo\AppData\Local\Temp\rootsupd.exe
C:\Users\Dodo\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Dodo\AppData\Local\Temp\Setup.exe
C:\Users\Dodo\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Dodo\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Dodo\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.2.4-win32.exe
C:\Users\Dodo\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Dodo\AppData\Local\Temp\YSearchUtil.dll
C:\Users\Dodo\AppData\Local\Temp\_is5031.exe
C:\Users\Dodo\AppData\Local\Temp\_is6D.exe
C:\Users\Dodo\AppData\Local\Temp\_isA5A1.exe
C:\Users\Dodo\AppData\Local\Temp\_isAE38.exe
C:\Users\Dodo\AppData\Local\Temp\_isC279.exe
C:\Users\Dodo\AppData\Local\Temp\{45133924-D489-4140-962D-7C19ED9581DA}-GoogleEarth-Win-Plugin-7.1.1.1888.exe
C:\Users\Dodo\AppData\Local\Temp\{74BDD73E-0CBC-4D0E-B129-9DC543A17B6B}-GoogleEarth-Win-Plugin-7.1.2.2041.exe


Einige mit null Byte Größe Dateien/Ordner:
==========================
C:\Windows\SysWOW64\Drivers\ntmap.sys
C:\Windows\SysWOW64\Drivers\UMP3.sys
C:\Windows\SysWOW64\Drivers\usbstor.sys

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-11-01 18:56

==================== Ende von FRST.txt ============================
         
Danke für den Hinweis.

Jetzt sollte die Text-Datei vollständig sein.

Viele Grüße
Wiebke


Alt 03.11.2016, 17:52   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
PayPal Phishing Mail - ZIP-Anhang - Standard

PayPal Phishing Mail - ZIP-Anhang



Schritt 1
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> PayPal Phishing Mail - ZIP-Anhang

Alt 03.11.2016, 18:36   #7
nameweg
 
PayPal Phishing Mail - ZIP-Anhang - Standard

PayPal Phishing Mail - ZIP-Anhang



Danke!

Es wurden keine Bedrohungen gefunden.

Viele Grüße
Wiebke

Alt 04.11.2016, 17:29   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
PayPal Phishing Mail - ZIP-Anhang - Standard

PayPal Phishing Mail - ZIP-Anhang



Bitte das Log posten. Das gilt auch für alle weiteren Anweisungen.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 04.11.2016, 17:38   #9
nameweg
 
PayPal Phishing Mail - ZIP-Anhang - Standard

PayPal Phishing Mail - ZIP-Anhang



Code:
ATTFilter
18:34:50.0216 0x10b4  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
18:34:54.0382 0x10b4  ============================================================
18:34:54.0382 0x10b4  Current date / time: 2016/11/04 18:34:54.0382
18:34:54.0382 0x10b4  SystemInfo:
18:34:54.0382 0x10b4  
18:34:54.0382 0x10b4  OS Version: 6.0.6002 ServicePack: 2.0
18:34:54.0382 0x10b4  Product type: Workstation
18:34:54.0382 0x10b4  ComputerName: ANONYMOUS
18:34:54.0382 0x10b4  UserName: Dodo
18:34:54.0382 0x10b4  Windows directory: C:\Windows
18:34:54.0382 0x10b4  System windows directory: C:\Windows
18:34:54.0382 0x10b4  Running under WOW64
18:34:54.0382 0x10b4  Processor architecture: Intel x64
18:34:54.0382 0x10b4  Number of processors: 4
18:34:54.0382 0x10b4  Page size: 0x1000
18:34:54.0382 0x10b4  Boot type: Normal boot
18:34:54.0382 0x10b4  CodeIntegrityOptions = 0x00000001
18:34:54.0382 0x10b4  ============================================================
18:34:56.0784 0x10b4  KLMD registered as C:\Windows\system32\drivers\50108530.sys
18:34:56.0784 0x10b4  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 6002.19636, osProperties = 0x1
18:34:57.0034 0x10b4  System UUID: {93F90621-F667-0EE6-2744-74561A6FF634}
18:34:57.0424 0x10b4  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:34:57.0611 0x10b4  ============================================================
18:34:57.0611 0x10b4  \Device\Harddisk0\DR0:
18:34:57.0611 0x10b4  MBR partitions:
18:34:57.0611 0x10b4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x40EE47F0
18:34:57.0611 0x10b4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x40EE5000, BlocksNum 0x274D0000
18:34:57.0611 0x10b4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x683B5800, BlocksNum 0xC34F800
18:34:57.0611 0x10b4  ============================================================
18:34:57.0673 0x10b4  C: <-> \Device\Harddisk0\DR0\Partition1
18:34:57.0704 0x10b4  G: <-> \Device\Harddisk0\DR0\Partition3
18:34:57.0736 0x10b4  H: <-> \Device\Harddisk0\DR0\Partition2
18:34:57.0736 0x10b4  ============================================================
18:34:57.0736 0x10b4  Initialize success
18:34:57.0736 0x10b4  ============================================================
18:35:05.0052 0x0d84  ============================================================
18:35:05.0052 0x0d84  Scan started
18:35:05.0052 0x0d84  Mode: Manual; SigCheck; TDLFS; 
18:35:05.0052 0x0d84  ============================================================
18:35:05.0052 0x0d84  KSN ping started
18:35:05.0208 0x0d84  KSN ping finished: true
18:35:06.0986 0x0d84  ================ Scan system memory ========================
18:35:06.0986 0x0d84  System memory - ok
18:35:07.0002 0x0d84  ================ Scan services =============================
18:35:07.0189 0x0d84  [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI            C:\Windows\system32\drivers\acpi.sys
18:35:07.0314 0x0d84  ACPI - ok
18:35:07.0439 0x0d84  [ 16D11D2CA3F2078F553E0C3A70A4F050, 51EEA7EFBE122D3FEB2F8487F5A45166A0C4963314B28840C3C404479B4E1849 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:35:07.0470 0x0d84  AdobeFlashPlayerUpdateSvc - ok
18:35:07.0501 0x0d84  [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:35:07.0548 0x0d84  adp94xx - ok
18:35:07.0564 0x0d84  [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:35:07.0595 0x0d84  adpahci - ok
18:35:07.0626 0x0d84  [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
18:35:07.0642 0x0d84  adpu160m - ok
18:35:07.0673 0x0d84  [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:35:07.0688 0x0d84  adpu320 - ok
18:35:07.0704 0x0d84  [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:35:07.0813 0x0d84  AeLookupSvc - ok
18:35:07.0844 0x0d84  [ 8C771D6FBEE9D6F2E7DDE165940CB513, 1DDD7B495D12446F7FF206102D64D92D063C84EEA8D2F015F727721DC970BBE1 ] AFD             C:\Windows\system32\drivers\afd.sys
18:35:07.0907 0x0d84  AFD - ok
18:35:07.0922 0x0d84  [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:35:07.0954 0x0d84  agp440 - ok
18:35:07.0985 0x0d84  [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:35:08.0000 0x0d84  aic78xx - ok
18:35:08.0016 0x0d84  [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG             C:\Windows\System32\alg.exe
18:35:08.0110 0x0d84  ALG - ok
18:35:08.0125 0x0d84  [ 157D0898D4B73F075CE9FA26B482DF98, 84C3E163D7393FD306842F155C88A50B7D8AE88B59586F9014DB76B749CC33D5 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:35:08.0141 0x0d84  aliide - ok
18:35:08.0156 0x0d84  [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:35:08.0172 0x0d84  amdide - ok
18:35:08.0188 0x0d84  [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:35:08.0234 0x0d84  AmdK8 - ok
18:35:08.0281 0x0d84  [ F5761675DA9D15D7AE0E40907A8F4404, A218B09B4E058D88DCAF503A01178DB05CA0EB008EF690F32D9975F0ADD5BC25 ] AmdLLD64        C:\Windows\system32\DRIVERS\AmdLLD64.sys
18:35:08.0328 0x0d84  AmdLLD64 - ok
18:35:08.0359 0x0d84  [ 7C8ECAAD76EA1D076A450C8303D9BD98, 90904B2BE380A51BDCEDADA530214CE5321C06456E10F5985B40E3282902BEF6 ] Appinfo         C:\Windows\System32\appinfo.dll
18:35:08.0390 0x0d84  Appinfo - ok
18:35:08.0406 0x0d84  [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc             C:\Windows\system32\drivers\arc.sys
18:35:08.0437 0x0d84  arc - ok
18:35:08.0437 0x0d84  [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:35:08.0468 0x0d84  arcsas - ok
18:35:08.0562 0x0d84  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:35:08.0578 0x0d84  aspnet_state - ok
18:35:08.0593 0x0d84  [ D34E4A194A595FDBCBB314B68C3DC833, D62134F8D90258DAD2376C8C69BB5324AB0B2F73CB62C2CF5E2CC7370F9FC138 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
18:35:08.0624 0x0d84  aswHwid - ok
18:35:08.0624 0x0d84  [ 7B2E6767FA25540C400CFDA8E7E4FB11, 9757C56BEABBBB26BB23D125D0DE7BF954585F7E987F48B0E20D52C32A6FADC1 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
18:35:08.0656 0x0d84  aswMonFlt - ok
18:35:08.0656 0x0d84  [ DDB4DEC466330B8877A03B3F0DE71DE0, 1F7A7D0E3BEC498625BB09FB79642D566205C1F02AE06C06E7D52C15E12B28C7 ] AswRdr          C:\Windows\system32\drivers\aswRdr.sys
18:35:08.0671 0x0d84  AswRdr - ok
18:35:08.0702 0x0d84  [ 4ACDEA0ABC0EB8519E51D370F0D036FB, 9A13DF4AAEE76C38E2D7C1382E8C225F368CD829950B20221615F81D8C40DE35 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
18:35:08.0734 0x0d84  aswRvrt - ok
18:35:08.0765 0x0d84  [ ED9451A5BA5940D90A9464A901D08844, 455727645069C5F87DE91D650C043954BE21024F4986AE56893A0F4B108E2CB3 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
18:35:08.0827 0x0d84  aswSnx - ok
18:35:08.0890 0x0d84  [ F667A04F874F39125489984F36620CC2, AB69126160FA75E10B9FEFBF1F09FB12FA3E7E597146CEAEB6C8E0FB8A84F1BD ] aswSP           C:\Windows\system32\drivers\aswSP.sys
18:35:08.0921 0x0d84  aswSP - ok
18:35:08.0952 0x0d84  [ 3A1456066E9448BCF07E6F0DA9D0D776, 416F0B8D693B3FCE5FB4F32A93DCC6FFEB02854E8FABA9902ECC6C28F1E0D616 ] aswStmXP        C:\Windows\system32\drivers\aswStmXP.sys
18:35:08.0968 0x0d84  aswStmXP - ok
18:35:08.0999 0x0d84  [ 363C40EFEDA3868712D461B287D070C5, 254A3CC18F046701E50648DE8F85B29B81125B3D17200E329E9DCEFCB7B44F9E ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
18:35:09.0014 0x0d84  aswTdi - ok
18:35:09.0046 0x0d84  [ ADD0EC73AEFBC170E5B8C4734DB74AA0, D33665EB079C1BEC2CA65E97064375FB423118BD1D943B1339E9FA44F64FC4F4 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
18:35:09.0077 0x0d84  aswVmm - ok
18:35:09.0092 0x0d84  [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:35:09.0139 0x0d84  AsyncMac - ok
18:35:09.0155 0x0d84  [ E68D9B3A3905619732F7FE039466A623, 74C0B29E54EF064660B9C756E03D5A7EB78F261EFF768EB6E74D261FBD34340D ] atapi           C:\Windows\system32\drivers\atapi.sys
18:35:09.0170 0x0d84  atapi - ok
18:35:09.0217 0x0d84  [ F88EF61BCD43ADDF2C9555430C16CD96, 7213FE9B9025DA33B0DEA7338B1E00555FCB88326CE26052C9FF16E72E4715AA ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
18:35:09.0248 0x0d84  atksgt - ok
18:35:09.0295 0x0d84  [ 4FCE8096191D260028FB6585A4159D6F, FCCB53A93CE69C8A21B61A4DE678AB3A59A55828BCA655D5E5AB6B08CE6FB412 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:35:09.0342 0x0d84  AudioEndpointBuilder - ok
18:35:09.0358 0x0d84  [ 4FCE8096191D260028FB6585A4159D6F, FCCB53A93CE69C8A21B61A4DE678AB3A59A55828BCA655D5E5AB6B08CE6FB412 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:35:09.0373 0x0d84  AudioSrv - ok
18:35:09.0436 0x0d84  [ 199D3FA1AF32FCE46A38E8EB64FFF520, 49B15E568AAC2A7B4A322827F743BA9BC09D11E830F6C00F1F48B7C83A474626 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:35:09.0451 0x0d84  avast! Antivirus - ok
18:35:09.0670 0x0d84  [ DCDD3FDF6EF5F1D3B2B4BDA545E688B2, 2FB85A4903104A2E781207BBC7023E10B2541D86696D36004497E1AD77E62226 ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
18:35:09.0857 0x0d84  AvastVBoxSvc - ok
18:35:09.0935 0x0d84  [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE             C:\Windows\System32\bfe.dll
18:35:09.0966 0x0d84  BFE - ok
18:35:10.0028 0x0d84  [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS            C:\Windows\System32\qmgr.dll
18:35:10.0106 0x0d84  BITS - ok
18:35:10.0122 0x0d84  [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
18:35:10.0184 0x0d84  blbdrive - ok
18:35:10.0231 0x0d84  [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:35:10.0278 0x0d84  bowser - ok
18:35:10.0294 0x0d84  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
18:35:10.0340 0x0d84  BrFiltLo - ok
18:35:10.0356 0x0d84  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
18:35:10.0387 0x0d84  BrFiltUp - ok
18:35:10.0418 0x0d84  [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser         C:\Windows\System32\browser.dll
18:35:10.0450 0x0d84  Browser - ok
18:35:10.0465 0x0d84  [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid         C:\Windows\system32\drivers\brserid.sys
18:35:10.0606 0x0d84  Brserid - ok
18:35:10.0621 0x0d84  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
18:35:10.0684 0x0d84  BrSerWdm - ok
18:35:10.0699 0x0d84  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
18:35:10.0762 0x0d84  BrUsbMdm - ok
18:35:10.0777 0x0d84  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
18:35:10.0840 0x0d84  BrUsbSer - ok
18:35:10.0855 0x0d84  [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:35:10.0918 0x0d84  BTHMODEM - ok
18:35:10.0980 0x0d84  [ 22E65FFD640F16968F855F5B3528D366, 6EF7FC170E2533BD7BFF0125391757E27E3D5F05EDE1A986E4295CDCD2D9B197 ] BthServ         C:\Windows\System32\bthserv.dll
18:35:10.0996 0x0d84  BthServ - ok
18:35:11.0042 0x0d84  [ 2BD001601496AE87F7CB86F1FCD6F1EC, 7DDB69B025BE80CB50C1B8D4B20CD5D40FF09492B00E44157E74CBF7ED987478 ] Cardex          C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
18:35:11.0058 0x0d84  Cardex - ok
18:35:11.0058 0x0d84  [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:35:11.0105 0x0d84  cdfs - ok
18:35:11.0120 0x0d84  [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:35:11.0167 0x0d84  cdrom - ok
18:35:11.0198 0x0d84  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:35:11.0245 0x0d84  CertPropSvc - ok
18:35:11.0261 0x0d84  [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:35:11.0308 0x0d84  circlass - ok
18:35:11.0354 0x0d84  [ D44BA2F707838E0FEF35BCEC5CBD9D60, A9E85E801B0B08F7E5AD6206C61F36E42B4A99878D8AA66EAD8B4E667E50D813 ] CLFS            C:\Windows\system32\CLFS.sys
18:35:11.0386 0x0d84  CLFS - ok
18:35:11.0448 0x0d84  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:35:11.0464 0x0d84  clr_optimization_v2.0.50727_32 - ok
18:35:11.0510 0x0d84  [ 753049933D5326D835F4FCACDF4AD5E3, 715BEE09C19BCBCAD2A93E4725DB3A1FDD8E2FEFFF6E0C3D2F98FC607FED5D3A ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:35:11.0526 0x0d84  clr_optimization_v2.0.50727_64 - ok
18:35:11.0604 0x0d84  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:35:11.0620 0x0d84  clr_optimization_v4.0.30319_32 - ok
18:35:11.0635 0x0d84  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:35:11.0651 0x0d84  clr_optimization_v4.0.30319_64 - ok
18:35:11.0666 0x0d84  [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:35:11.0682 0x0d84  cmdide - ok
18:35:11.0713 0x0d84  [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:35:11.0729 0x0d84  Compbatt - ok
18:35:11.0744 0x0d84  COMSysApp - ok
18:35:11.0760 0x0d84  [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:35:11.0776 0x0d84  crcdisk - ok
18:35:11.0791 0x0d84  [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:35:11.0822 0x0d84  CryptSvc - ok
18:35:11.0916 0x0d84  [ 914A7156B0C0F10BE645A02E13F576B2, C8686CE4DD9C457D56D5535307FD210AE057BFF94AC59665681DA6CF46DBE2E8 ] DAUpdaterSvc    G:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
18:35:11.0932 0x0d84  DAUpdaterSvc - ok
18:35:11.0978 0x0d84  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:35:12.0025 0x0d84  DcomLaunch - ok
18:35:12.0056 0x0d84  [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:35:12.0103 0x0d84  DfsC - ok
18:35:12.0212 0x0d84  [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR            C:\Windows\system32\DFSR.exe
18:35:12.0368 0x0d84  DFSR - ok
18:35:12.0415 0x0d84  [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
18:35:12.0446 0x0d84  Dhcp - ok
18:35:12.0493 0x0d84  [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk            C:\Windows\system32\drivers\disk.sys
18:35:12.0509 0x0d84  disk - ok
18:35:12.0540 0x0d84  [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:35:12.0571 0x0d84  Dnscache - ok
18:35:12.0602 0x0d84  [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc         C:\Windows\System32\dot3svc.dll
18:35:12.0649 0x0d84  dot3svc - ok
18:35:12.0680 0x0d84  [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS             C:\Windows\system32\dps.dll
18:35:12.0727 0x0d84  DPS - ok
18:35:12.0743 0x0d84  [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:35:12.0774 0x0d84  drmkaud - ok
18:35:12.0821 0x0d84  [ 8407DDFAB85AE664E507C30314090385, 05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748 ] DrvAgent64      C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
18:35:12.0836 0x0d84  DrvAgent64 - ok
18:35:12.0883 0x0d84  [ 51991007674FB3548BE592F5071E747C, 4F73EBBAD41689057FC4CDB1570BA1C668A906722D302E00D87FACF024B514FC ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:35:12.0946 0x0d84  DXGKrnl - ok
18:35:12.0992 0x0d84  [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
18:35:13.0039 0x0d84  E1G60 - ok
18:35:13.0055 0x0d84  [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost         C:\Windows\System32\eapsvc.dll
18:35:13.0117 0x0d84  EapHost - ok
18:35:13.0148 0x0d84  [ 665E1507E129DC598C6EB390A10AC05B, 851018D4DB6E80FC27445EA13B8AADC340746CB6E71908F9B05EB094C4BB78D9 ] Ecache          C:\Windows\system32\drivers\ecache.sys
18:35:13.0164 0x0d84  Ecache - ok
18:35:13.0211 0x0d84  [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:35:13.0242 0x0d84  ehRecvr - ok
18:35:13.0273 0x0d84  [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] ehSched         C:\Windows\ehome\ehsched.exe
18:35:13.0289 0x0d84  ehSched - ok
18:35:13.0304 0x0d84  [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] ehstart         C:\Windows\ehome\ehstart.dll
18:35:13.0320 0x0d84  ehstart - ok
18:35:13.0351 0x0d84  [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:35:13.0382 0x0d84  elxstor - ok
18:35:13.0414 0x0d84  [ E10597CED1246F81C87F00E67E7C6855, 67B5A552D5988FD20C35FC5AEF557456C73CB3DAC88E7735A3E15E7F3B6C0D73 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
18:35:13.0460 0x0d84  EMDMgmt - ok
18:35:13.0492 0x0d84  [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:35:13.0538 0x0d84  ErrDev - ok
18:35:13.0601 0x0d84  [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem     C:\Windows\system32\es.dll
18:35:13.0632 0x0d84  EventSystem - ok
18:35:13.0663 0x0d84  [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat           C:\Windows\system32\drivers\exfat.sys
18:35:13.0726 0x0d84  exfat - ok
18:35:13.0757 0x0d84  [ 1E34B436811CCA4A2783C0BC7A0BEB2E, 7C9496100DEA53FBADDA8B1EFF9F943FD13E75601A039632887A35F190C1F799 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:35:13.0804 0x0d84  fastfat - ok
18:35:13.0819 0x0d84  [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:35:13.0850 0x0d84  fdc - ok
18:35:13.0882 0x0d84  [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:35:13.0913 0x0d84  fdPHost - ok
18:35:13.0928 0x0d84  [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:35:14.0006 0x0d84  FDResPub - ok
18:35:14.0022 0x0d84  [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:35:14.0038 0x0d84  FileInfo - ok
18:35:14.0053 0x0d84  [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:35:14.0116 0x0d84  Filetrace - ok
18:35:14.0116 0x0d84  [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:35:14.0162 0x0d84  flpydisk - ok
18:35:14.0194 0x0d84  [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:35:14.0209 0x0d84  FltMgr - ok
18:35:14.0256 0x0d84  [ DE26C43A170809645297C1B479B7F791, C76AAA07E6C4DD3E9C2035D88F63549D6A32C04329640617959BF86F50AEF735 ] FontCache       C:\Windows\system32\FntCache.dll
18:35:14.0350 0x0d84  FontCache - ok
18:35:14.0396 0x0d84  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:35:14.0412 0x0d84  FontCache3.0.0.0 - ok
18:35:14.0428 0x0d84  [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:35:14.0459 0x0d84  Fs_Rec - ok
18:35:14.0474 0x0d84  [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:35:14.0490 0x0d84  gagp30kx - ok
18:35:14.0521 0x0d84  [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv            C:\Windows\gdrv.sys
18:35:14.0537 0x0d84  gdrv - ok
18:35:14.0584 0x0d84  [ ACE536A519F5A6E4E49117B60DACDA6D, 8733055A91C492BCA5DF034B666520CCAE9040E318024A70A8DD7ADAEC70196F ] GEST Service    C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
18:35:14.0599 0x0d84  GEST Service - ok
18:35:14.0708 0x0d84  [ 28D0B60C58D1F734449E735E2C4FCE94, 8DF2706EB0F6383BA44961440FDAA93B3756E48994FBF4AB2B13CDA66A6F3C3F ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
18:35:14.0740 0x0d84  GfExperienceService - ok
18:35:14.0802 0x0d84  [ D2D54891B2CAB5C9B8EA4081A093E04A, 2916C140AB571D28DA23C2C746B7FFEF6986B7F39AB4285AAC05A5E6B358A5BD ] gpsvc           C:\Windows\System32\gpsvc.dll
18:35:14.0864 0x0d84  gpsvc - ok
18:35:14.0958 0x0d84  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:35:14.0974 0x0d84  gupdate - ok
18:35:14.0974 0x0d84  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:35:14.0989 0x0d84  gupdatem - ok
18:35:15.0020 0x0d84  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
18:35:15.0036 0x0d84  hamachi - ok
18:35:15.0176 0x0d84  [ CD926C6DE583ADBE1A3A9A62C310FDE2, 9E5E2D9F3342ACBAD6E0F6A1DEFC369A30E5CB6743EF2178A886A95263E5B7EF ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
18:35:15.0254 0x0d84  Hamachi2Svc - ok
18:35:15.0301 0x0d84  [ DF45F8142DC6DF9D18C39B3EFFBD0409, E0F04525530FF403C5A34B7E9A03CDE70B7BACE12E2E50103554E92AF374BD09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:35:15.0364 0x0d84  HdAudAddService - ok
18:35:15.0410 0x0d84  [ F942C5820205F2FB453243EDFEC82A3D, 17A6A3DCF884FB524C93F2477D97E9F2B8E547709F8F2AEA93BEEA322B62E914 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:35:15.0520 0x0d84  HDAudBus - ok
18:35:15.0551 0x0d84  [ B4881C84A180E75B8C25DC1D726C375F, C0BEDBF43EFB0DD442A1D7985EA4A7493671648954B7D1840E30FB2FC46589A4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:35:15.0598 0x0d84  HidBth - ok
18:35:15.0613 0x0d84  [ 4E77A77E2C986E8F88F996BB3E1AD829, 1748676EB038A145405080B829DF4156C2596691BE5C67FD8269BE8D9351B400 ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:35:15.0676 0x0d84  HidIr - ok
18:35:15.0707 0x0d84  [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] hidserv         C:\Windows\system32\hidserv.dll
18:35:15.0738 0x0d84  hidserv - ok
18:35:15.0785 0x0d84  [ 443BDD2D30BB4F00795C797E2CF99EDF, BCE1A241AE5CCE3E1C65CCF07ECB4305C7106F2EFFD51F2C519EB00026B474C4 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:35:15.0816 0x0d84  HidUsb - ok
18:35:15.0832 0x0d84  [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:35:15.0878 0x0d84  hkmsvc - ok
18:35:15.0894 0x0d84  [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
18:35:15.0925 0x0d84  HpCISSs - ok
18:35:15.0972 0x0d84  [ 098F1E4E5C9CB5B0063A959063631610, 36B02A738413E4745978E3E90D9CE8ABC08376BEE411008A4312A752CB4A2E13 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:35:16.0066 0x0d84  HTTP - ok
18:35:16.0081 0x0d84  [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
18:35:16.0097 0x0d84  i2omp - ok
18:35:16.0112 0x0d84  [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:35:16.0159 0x0d84  i8042prt - ok
18:35:16.0175 0x0d84  [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
18:35:16.0206 0x0d84  iaStorV - ok
18:35:16.0300 0x0d84  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:35:16.0300 0x0d84  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
18:35:16.0502 0x0d84  Detect skipped due to KSN trusted
18:35:16.0502 0x0d84  IDriverT - ok
18:35:16.0580 0x0d84  [ A9AA69F749AC1D318151E77372CC83DB, 2A50A4D6ED22F5F6CB5DC56A639D904AD71E511DC744A6F6C3D1D4D39756AF31 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:35:16.0612 0x0d84  idsvc - ok
18:35:16.0627 0x0d84  [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:35:16.0643 0x0d84  iirsp - ok
18:35:16.0690 0x0d84  [ 0401A380C88754B2399F8043AC9B2BF9, BFF3B53FAFAE6622AA9F74BAA4A3D522C06E2D732B88916766603B9FE8D0D77F ] IKEEXT          C:\Windows\System32\ikeext.dll
18:35:16.0721 0x0d84  IKEEXT - ok
18:35:16.0783 0x0d84  [ 4B071AEBBC13D60430EE0371B262F681, F8C49C37F0EA53328FCE323307F672342C69445BC4632889B238C68435088DCD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:35:16.0877 0x0d84  IntcAzAudAddService - ok
18:35:16.0892 0x0d84  [ DF797A12176F11B2D301C5B234BB200E, 384343636B21CA7EDF28EFD1B6728EAB1508CA49CE48FF3DC0D91DB843C0C73E ] intelide        C:\Windows\system32\drivers\intelide.sys
18:35:16.0908 0x0d84  intelide - ok
18:35:16.0924 0x0d84  [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:35:16.0970 0x0d84  intelppm - ok
18:35:16.0986 0x0d84  [ 5624BC1BC5EEB49C0AB76A8114F05EA3, BD5AA534D8A923AF4D205EEC6DA55A3DC5F915E5F3223BF23F24C09824FA90B6 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:35:17.0048 0x0d84  IPBusEnum - ok
18:35:17.0095 0x0d84  [ D8AABC341311E4780D6FCE8C73C0AD81, 141E8032A934777567E6DAC35FB1C77C40D9B6EE477F17F872F35833A8F57F72 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:35:17.0126 0x0d84  IpFilterDriver - ok
18:35:17.0173 0x0d84  [ BF0DBFA9792C5C14FA00F61C75116C1B, 24C14DCAF57013F1C238E3C123279737420A714EB29CB69239C9838C9A269A59 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:35:17.0204 0x0d84  iphlpsvc - ok
18:35:17.0204 0x0d84  IpInIp - ok
18:35:17.0220 0x0d84  [ 9C2EE2E6E5A7203BFAE15C299475EC67, E51628ECAB9CCCBCE02801C5E71406487A280765FEE318D14B0C227141B87658 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
18:35:17.0282 0x0d84  IPMIDRV - ok
18:35:17.0298 0x0d84  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
18:35:17.0345 0x0d84  IPNAT - ok
18:35:17.0360 0x0d84  [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:35:17.0407 0x0d84  IRENUM - ok
18:35:17.0438 0x0d84  [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:35:17.0454 0x0d84  isapnp - ok
18:35:17.0485 0x0d84  [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:35:17.0501 0x0d84  iScsiPrt - ok
18:35:17.0516 0x0d84  [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
18:35:17.0532 0x0d84  iteatapi - ok
18:35:17.0548 0x0d84  [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
18:35:17.0579 0x0d84  iteraid - ok
18:35:17.0594 0x0d84  [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:35:17.0610 0x0d84  kbdclass - ok
18:35:17.0641 0x0d84  [ DBDF75D51464FBC47D0104EC3D572C05, E392EE961E734620245874C7700D56621A1A990C45DF5CE0B7D270BA708F255E ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:35:17.0688 0x0d84  kbdhid - ok
18:35:17.0735 0x0d84  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] KeyIso          C:\Windows\system32\lsass.exe
18:35:17.0766 0x0d84  KeyIso - ok
18:35:17.0797 0x0d84  [ 8A4507582C71261627A7F89198A91B51, B591CB996EA109CD167FBE7CB61A2FEFF8C864B3BF6B0C1D566881936E213EAB ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:35:17.0844 0x0d84  KSecDD - ok
18:35:17.0860 0x0d84  [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:35:17.0906 0x0d84  ksthunk - ok
18:35:17.0953 0x0d84  [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:35:18.0016 0x0d84  KtmRm - ok
18:35:18.0047 0x0d84  [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:35:18.0078 0x0d84  LanmanServer - ok
18:35:18.0109 0x0d84  [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:35:18.0140 0x0d84  LanmanWorkstation - ok
18:35:18.0172 0x0d84  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
18:35:18.0187 0x0d84  LGBusEnum - ok
18:35:18.0218 0x0d84  [ 94AF1384A67B9FCF5651E70BC9D4C526, 9C025F7BBB5BBE9DAF3DEF2F6385CE77C8F413912C4D16930814F6D19B62B367 ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
18:35:18.0234 0x0d84  LGSHidFilt - ok
18:35:18.0265 0x0d84  [ 8F4DA100274CF85D94FBA8CA76125255, 1ADA7C36C915CB9BD41CF291F8E6990746A83F4D2ABCC5CAF765A3CE388BE5E5 ] LGSUsbFilt      C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys
18:35:18.0281 0x0d84  LGSUsbFilt - ok
18:35:18.0312 0x0d84  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
18:35:18.0328 0x0d84  LGVirHid - ok
18:35:18.0374 0x0d84  [ 8E4CA9AFD55EF6B509C80A8715ABF8C6, 45698605D17285D346D2052607AEF492EBD89E9625367C31584C7C84757EEFE0 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
18:35:18.0390 0x0d84  lirsgt - ok
18:35:18.0406 0x0d84  [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:35:18.0437 0x0d84  lltdio - ok
18:35:18.0468 0x0d84  [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:35:18.0515 0x0d84  lltdsvc - ok
18:35:18.0515 0x0d84  [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:35:18.0562 0x0d84  lmhosts - ok
18:35:18.0593 0x0d84  [ 367B044CC3A056242D85F4D26975E6C3, EA989217E91377535A8AECF2C0C23F1A183493CAD1EDE9B19541A93FD9AE290A ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
18:35:18.0608 0x0d84  LMIGuardianSvc - ok
18:35:18.0624 0x0d84  [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:35:18.0655 0x0d84  LSI_FC - ok
18:35:18.0671 0x0d84  [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:35:18.0686 0x0d84  LSI_SAS - ok
18:35:18.0702 0x0d84  [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:35:18.0718 0x0d84  LSI_SCSI - ok
18:35:18.0733 0x0d84  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:35:18.0780 0x0d84  luafv - ok
18:35:18.0811 0x0d84  [ 039E4A64A5B6DE525E8CACFF1207B049, C907064F770D28193B8D3F6E1B14E0FF0424DBB7F977894FFEEC04FBB887D0AC ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv.sys
18:35:18.0827 0x0d84  ManyCam - ok
18:35:18.0858 0x0d84  [ F1CE49C11A9833A5D2EC32443A142064, 70BFA69B61304F7FD4193205B59019B489FE9CE1D3E961568DCACBE0C68EC7B5 ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv_x64.sys
18:35:18.0874 0x0d84  mcaudrv_simple - ok
18:35:18.0905 0x0d84  [ 76A58DF02BD4EA29F189B82D0BEF17F8, B3A96AABE050BB332ECD9AF7C35D08B468AC459D30FF4D49B609BA3F95ECEEDA ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:35:18.0920 0x0d84  Mcx2Svc - ok
18:35:18.0920 0x0d84  [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:35:18.0936 0x0d84  megasas - ok
18:35:18.0967 0x0d84  [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
18:35:18.0998 0x0d84  MegaSR - ok
18:35:19.0061 0x0d84  [ D36F1BEC8EAC7D1A0D58765EAE401366, 92DC8A8DEB73A8BA0B014A291CD14B8331C473DEDC2F83EBDD6AC3A699E1942E ] MicNgBas        C:\Windows\system32\DRIVERS\MicNgBas.sys
18:35:19.0076 0x0d84  MicNgBas - ok
18:35:19.0123 0x0d84  [ 74D35FB207D6F25B27966D4F7CCF1EA1, 1600DA3A76DF41727443049B2B9527B4036C44FE9E40EDFA44E39CEF846026C6 ] MicNgCap        C:\Windows\system32\DRIVERS\MicNgCap.sys
18:35:19.0139 0x0d84  MicNgCap - ok
18:35:19.0186 0x0d84  [ D33EC08314F2B033E43DAEC87EE7FB21, 6311B28275BA1B920C07F777A6F97F8184F01F364272E2E92C5BD551110CC471 ] MicNgTun        C:\Windows\system32\DRIVERS\MicNgTun.sys
18:35:19.0201 0x0d84  MicNgTun - ok
18:35:19.0217 0x0d84  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS           C:\Windows\system32\mmcss.dll
18:35:19.0264 0x0d84  MMCSS - ok
18:35:19.0279 0x0d84  [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem           C:\Windows\system32\drivers\modem.sys
18:35:19.0326 0x0d84  Modem - ok
18:35:19.0326 0x0d84  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:35:19.0373 0x0d84  monitor - ok
18:35:19.0373 0x0d84  [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:35:19.0388 0x0d84  mouclass - ok
18:35:19.0404 0x0d84  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:35:19.0435 0x0d84  mouhid - ok
18:35:19.0466 0x0d84  [ 108DE0E4E7B0F53F5764F9A241F7A4E6, 0D7688E322FE1DD21BAC1324DC9F27D1007E8417717A0EF8637768D318654CDA ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
18:35:19.0482 0x0d84  MountMgr - ok
18:35:19.0529 0x0d84  [ 572BD5A99648652147A5D3C6DA946C99, FFDAD4A5682864977C926A5DDDB632CDB2A166BF025757801CC56F2828720023 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:35:19.0544 0x0d84  MozillaMaintenance - ok
18:35:19.0560 0x0d84  [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio            C:\Windows\system32\drivers\mpio.sys
18:35:19.0576 0x0d84  mpio - ok
18:35:19.0607 0x0d84  [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:35:19.0654 0x0d84  mpsdrv - ok
18:35:19.0700 0x0d84  [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:35:19.0747 0x0d84  MpsSvc - ok
18:35:19.0778 0x0d84  [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
18:35:19.0794 0x0d84  Mraid35x - ok
18:35:19.0825 0x0d84  [ 0F09F5686FD2025C1607B3CA301E3D28, 04F96858C82EDF636F0C8CF8F2286D3A1229BBC9F06C2AFA7BDB9D5DC5BD69BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:35:19.0888 0x0d84  MRxDAV - ok
18:35:19.0903 0x0d84  [ B31DB7D6E624479EA20FEE17E712A44C, E316244BD83698793A66EA185BE1395827C7A9D5B73B60592BBF6413BFCF52F1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:35:19.0950 0x0d84  mrxsmb - ok
18:35:19.0966 0x0d84  [ 2EB4A3EDA9FBECEC53CA2BB0853E2B66, 0DBA1CB6A9A97E9406111F724F82A009B9492A4D602FCD288FB907830E070E0E ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:35:20.0012 0x0d84  mrxsmb10 - ok
18:35:20.0012 0x0d84  [ 3F979D9CE02323CB3EBD15174732C8C1, 2B8301222B582012A86B85F45374E3B1A562D1EC61DE6A3F5AF611C3B38F409C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:35:20.0044 0x0d84  mrxsmb20 - ok
18:35:20.0059 0x0d84  [ 1AC860612B85D8E85EE257D372E39F4D, 74682CCE44BCEE31BCA286D4F4E53B64CAAE244155F2B4C8FEB6AE7C391CA89D ] msahci          C:\Windows\system32\drivers\msahci.sys
18:35:20.0075 0x0d84  msahci - ok
18:35:20.0090 0x0d84  [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:35:20.0122 0x0d84  msdsm - ok
18:35:20.0153 0x0d84  [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC           C:\Windows\System32\msdtc.exe
18:35:20.0184 0x0d84  MSDTC - ok
18:35:20.0200 0x0d84  [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:35:20.0246 0x0d84  Msfs - ok
18:35:20.0262 0x0d84  [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:35:20.0278 0x0d84  msisadrv - ok
18:35:20.0309 0x0d84  [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:35:20.0356 0x0d84  MSiSCSI - ok
18:35:20.0356 0x0d84  msiserver - ok
18:35:20.0371 0x0d84  [ 0EA73E498F53B96D83DBFCA074AD4CF8, E3DDE34FCFF272E06CD8DA836F8D79E2515885715D4A7CD7BF8D97D7A4E0E781 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:35:20.0418 0x0d84  MSKSSRV - ok
18:35:20.0434 0x0d84  [ 52E59B7E992A58E740AA63F57EDBAE8B, A89F607B330BA1F42CA9FF01EF289BBD088350CF376568E58CB9865F1DA6CD72 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:35:20.0465 0x0d84  MSPCLOCK - ok
18:35:20.0465 0x0d84  [ 49084A75BAE043AE02D5B44D02991BB2, 4CD2692D191035CE9D18F4D21F054FF8C3F9CF2734464EA33EAB480A28AD447F ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:35:20.0512 0x0d84  MSPQM - ok
18:35:20.0543 0x0d84  [ DC6CCF440CDEDE4293DB41C37A5060A5, 768D08A67508E1CE69B67642A5E5A639C0DD1E93C956C56ECC5A56B0E502C953 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:35:20.0574 0x0d84  MsRPC - ok
18:35:20.0590 0x0d84  [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:35:20.0605 0x0d84  mssmbios - ok
18:35:20.0621 0x0d84  [ 86D632D75D05D5B7C7C043FA3564AE86, 96911FBC106B91E76598EE110B5147D4C55E42C9194E857F866B6B395E78D2CB ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:35:20.0652 0x0d84  MSTEE - ok
18:35:20.0668 0x0d84  [ 0CC49F78D8ACA0877D885F149084E543, 984DDCB52F0DFC1B26C6504FE500E8D9C2CA7F79ED34608AE9866A0915B8BA67 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:35:20.0683 0x0d84  Mup - ok
18:35:20.0730 0x0d84  [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] napagent        C:\Windows\system32\qagentRT.dll
18:35:20.0777 0x0d84  napagent - ok
18:35:20.0824 0x0d84  [ 2007B826C4ACD94AE32232B41F0842B9, 6267D165C3C8C5F83194890A6DBF71226D4B891AECD1D06F7AEB5D738C3DC9CA ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:35:20.0855 0x0d84  NativeWifiP - ok
18:35:20.0902 0x0d84  [ 54803EAE413ED3AB97976674B0EF122A, B06D419B84EA1FB9EA218D5379F2DD32B0739D029A51DD75CA74C01F25BAA806 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:35:20.0948 0x0d84  NDIS - ok
18:35:20.0980 0x0d84  [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:35:21.0011 0x0d84  NdisTapi - ok
18:35:21.0026 0x0d84  [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:35:21.0073 0x0d84  Ndisuio - ok
18:35:21.0104 0x0d84  [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:35:21.0151 0x0d84  NdisWan - ok
18:35:21.0167 0x0d84  [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:35:21.0214 0x0d84  NDProxy - ok
18:35:21.0214 0x0d84  [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:35:21.0245 0x0d84  NetBIOS - ok
18:35:21.0292 0x0d84  [ 2EE680D31D685C0DB4F6D5A68F418A96, 27A41F194BA54BC5B27E063AEAB465862A9F73A86AF7B81646E0E08A4FC3510D ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
18:35:21.0338 0x0d84  netbt - ok
18:35:21.0354 0x0d84  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] Netlogon        C:\Windows\system32\lsass.exe
18:35:21.0370 0x0d84  Netlogon - ok
18:35:21.0401 0x0d84  [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman          C:\Windows\System32\netman.dll
18:35:21.0432 0x0d84  Netman - ok
18:35:21.0526 0x0d84  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:35:21.0541 0x0d84  NetMsmqActivator - ok
18:35:21.0557 0x0d84  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:35:21.0572 0x0d84  NetPipeActivator - ok
18:35:21.0588 0x0d84  [ 7846D0136CC2B264926A73047BA7688A, 6F56CC1B17095C378D98B58A92F9EDA2D009529DDB6F60E815D85C7606C8EDC0 ] netprofm        C:\Windows\System32\netprofm.dll
18:35:21.0635 0x0d84  netprofm - ok
18:35:21.0635 0x0d84  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:35:21.0650 0x0d84  NetTcpActivator - ok
18:35:21.0650 0x0d84  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:35:21.0682 0x0d84  NetTcpPortSharing - ok
18:35:21.0697 0x0d84  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:35:21.0713 0x0d84  nfrd960 - ok
18:35:21.0760 0x0d84  [ 978B07454FFE135E971130BF200530DB, 40DA06804570264BD3FCD8EA30C8730FACEAC0005CEE7FA7AF579F266E916E11 ] ngvss           C:\Windows\system32\drivers\ngvss.sys
18:35:21.0775 0x0d84  ngvss - ok
18:35:21.0822 0x0d84  [ 9DC33E66BB7E6470BFE8AA9EF5FBED43, 23E583B264BBD7933E3A000F00D646ABE526D1068C41BC24CF93739529FCA339 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:35:21.0853 0x0d84  NlaSvc - ok
18:35:21.0869 0x0d84  [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:35:21.0916 0x0d84  Npfs - ok
18:35:21.0947 0x0d84  [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi             C:\Windows\system32\nsisvc.dll
18:35:21.0978 0x0d84  nsi - ok
18:35:22.0009 0x0d84  [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:35:22.0040 0x0d84  nsiproxy - ok
18:35:22.0103 0x0d84  [ 2ACCAA3C3C55370A32F17B3595E1A217, 8539A293A5E1EBA2CC0FA9E999099D3B6B035D41069398AE17D737BBE4D9FEA8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:35:22.0181 0x0d84  Ntfs - ok
18:35:22.0196 0x0d84  [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null            C:\Windows\system32\drivers\Null.sys
18:35:22.0243 0x0d84  Null - ok
18:35:22.0633 0x0d84  [ 144E1FEE0A69BA8D9AC323E772708BC5, 5AF8505301C831036A092EAE67DD9998E756B78026346E860C663DC24B4042F4 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:35:23.0054 0x0d84  nvlddmkm - ok
18:35:23.0179 0x0d84  [ 93C82F365F9C0A2058A211E305A5CCFA, 1B3FA9122377CF8C982EEE8719E2E295E3D118AC15646ACAB3A5BF78E1EE7E70 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
18:35:23.0242 0x0d84  NvNetworkService - ok
18:35:23.0257 0x0d84  [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:35:23.0273 0x0d84  nvraid - ok
18:35:23.0304 0x0d84  [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:35:23.0320 0x0d84  nvstor - ok
18:35:23.0366 0x0d84  [ E2ABF40D5E04ACE17064EC1D3B1F7834, 191285D4E476DA5DDE39EC772253B99FD3C5F472B26C673D814F4BE0549C21BF ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:35:23.0413 0x0d84  nvsvc - ok
18:35:23.0429 0x0d84  [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:35:23.0460 0x0d84  nv_agp - ok
18:35:23.0460 0x0d84  NwlnkFlt - ok
18:35:23.0460 0x0d84  NwlnkFwd - ok
18:35:23.0476 0x0d84  [ 7B58953E2F263421FDBB09A192712A85, 50F2E667BDD477514BC5B9513E3E8837F4964CFE96ADE849ED6DBE1D7BEA4928 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:35:23.0538 0x0d84  ohci1394 - ok
18:35:23.0663 0x0d84  [ F34655869378762CEEF159E82BE95C3E, 346211DEB3D9C1D4C0688F737BF154A75C986921465FAF04E8CFED48385E64E8 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
18:35:23.0725 0x0d84  Origin Client Service - ok
18:35:23.0788 0x0d84  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
18:35:23.0834 0x0d84  p2pimsvc - ok
18:35:23.0866 0x0d84  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:35:23.0897 0x0d84  p2psvc - ok
18:35:23.0944 0x0d84  [ 4C6A7FD04DDF4DB88791048382E3EDB1, 0F3827F8C41549C4B41A688ED78B8EE27EBBF5F907595481D37C635D2583DBA6 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:35:23.0990 0x0d84  Parport - ok
18:35:24.0022 0x0d84  [ B43751085E2ABE389DA466BC62A4B987, 167CB6B18B6B7B74A229A976833E1FBE6D51C9C0EB8A23C92FC2465B692DF383 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:35:24.0053 0x0d84  partmgr - ok
18:35:24.0068 0x0d84  [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:35:24.0100 0x0d84  PcaSvc - ok
18:35:24.0131 0x0d84  [ BC0018C2D29F655188A0ED3FA94FDB24, BCF7F2CA5E30F569AEB69049BA3C196982C72EA7264CFBA59D7123041BA96E5A ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
18:35:24.0146 0x0d84  pccsmcfd - ok
18:35:24.0178 0x0d84  [ 47AB1E0FC9D0E12BB53BA246E3A0906D, 82B452D614B535FAD3AFEEA06DFBBF8F7C5031563A2558CFA04F9B94C76E45DF ] pci             C:\Windows\system32\drivers\pci.sys
18:35:24.0193 0x0d84  pci - ok
18:35:24.0224 0x0d84  [ 2657F6C0B78C36D95034BE109336E382, C85CFDA57A64B7CC1BB09225C2F81629CEF21C5F25735B098F214397D6DE0D2C ] pciide          C:\Windows\system32\drivers\pciide.sys
18:35:24.0240 0x0d84  pciide - ok
18:35:24.0271 0x0d84  [ 037661F3D7C507C9993B7010CEEE6288, A7B415675B14FD755D0167BBA458A902AA9ABFC4343A1B887289D31DE8A55285 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:35:24.0287 0x0d84  pcmcia - ok
18:35:24.0318 0x0d84  [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:35:24.0412 0x0d84  PEAUTH - ok
18:35:24.0458 0x0d84  [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:35:24.0490 0x0d84  PerfHost - ok
18:35:24.0568 0x0d84  [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla             C:\Windows\system32\pla.dll
18:35:24.0646 0x0d84  pla - ok
18:35:24.0692 0x0d84  [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:35:24.0724 0x0d84  PlugPlay - ok
18:35:24.0724 0x0d84  PnkBstrA - ok
18:35:24.0755 0x0d84  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
18:35:24.0786 0x0d84  PNRPAutoReg - ok
18:35:24.0817 0x0d84  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
18:35:24.0848 0x0d84  PNRPsvc - ok
18:35:24.0880 0x0d84  [ 8E2693CFD14188ABA1254F2946F64EEA, BDF41AB6E29712BBB878FA484392E4BC5BBA2EEDDE127346BCCC8099DBD76E5D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:35:24.0958 0x0d84  PolicyAgent - ok
18:35:25.0004 0x0d84  [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:35:25.0036 0x0d84  PptpMiniport - ok
18:35:25.0051 0x0d84  [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor       C:\Windows\system32\drivers\processr.sys
18:35:25.0098 0x0d84  Processor - ok
18:35:25.0129 0x0d84  [ EF321BEED9CF3DF60EBA29A1D618AD8A, FE277119BCC9938054DFA670844B31E4F66C19EBC6E59E747F99C38F76A433BD ] ProfSvc         C:\Windows\system32\profsvc.dll
18:35:25.0160 0x0d84  ProfSvc - ok
18:35:25.0176 0x0d84  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:35:25.0192 0x0d84  ProtectedStorage - ok
18:35:25.0238 0x0d84  [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
18:35:25.0270 0x0d84  PSched - ok
18:35:25.0332 0x0d84  [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:35:25.0394 0x0d84  ql2300 - ok
18:35:25.0410 0x0d84  [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:35:25.0426 0x0d84  ql40xx - ok
18:35:25.0457 0x0d84  [ 90574842C3DA781E279061A3EFF91F07, F87DE7355DAA4FACF2126A0427C08BAAD9E647E0B02EE5447746BE969B28DA8D ] QWAVE           C:\Windows\system32\qwave.dll
18:35:25.0488 0x0d84  QWAVE - ok
18:35:25.0488 0x0d84  [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:35:25.0519 0x0d84  QWAVEdrv - ok
18:35:25.0582 0x0d84  [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
18:35:25.0597 0x0d84  RapiMgr - ok
18:35:25.0597 0x0d84  [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:35:25.0644 0x0d84  RasAcd - ok
18:35:25.0660 0x0d84  [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto         C:\Windows\System32\rasauto.dll
18:35:25.0706 0x0d84  RasAuto - ok
18:35:25.0722 0x0d84  [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:35:25.0769 0x0d84  Rasl2tp - ok
18:35:25.0800 0x0d84  [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] RasMan          C:\Windows\System32\rasmans.dll
18:35:25.0831 0x0d84  RasMan - ok
18:35:25.0862 0x0d84  [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:35:25.0909 0x0d84  RasPppoe - ok
18:35:25.0956 0x0d84  [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:35:25.0972 0x0d84  RasSstp - ok
18:35:25.0987 0x0d84  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:35:26.0050 0x0d84  rdbss - ok
18:35:26.0065 0x0d84  [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:35:26.0112 0x0d84  RDPCDD - ok
18:35:26.0128 0x0d84  [ C045D1FB111C28DF0D1BE8D4BDA22C06, 572986C93B982387EE94797A1EDE1C6C444B0F1078AC8201099452BFA021458F ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
18:35:26.0174 0x0d84  rdpdr - ok
18:35:26.0190 0x0d84  [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:35:26.0237 0x0d84  RDPENCDD - ok
18:35:26.0268 0x0d84  [ AE4BD9E1C33D351D8E607FC81F15160C, AD785CA72B7C6EB9F94B2E797C758C0F804DB26EE056DDC6D4F85BB562A02EA4 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:35:26.0315 0x0d84  RDPWD - ok
18:35:26.0408 0x0d84  [ E1A6731867765FBC01B37150AEFC00F3, 4ADB0FE791ACF0BBCF314FB73AE6025D70BAFB8DF925B4A4CFB3B50EA191C94E ] Realtek11nSU    C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
18:35:26.0424 0x0d84  Realtek11nSU - detected UnsignedFile.Multi.Generic ( 1 )
18:35:26.0549 0x0d84  Detect skipped due to KSN trusted
18:35:26.0549 0x0d84  Realtek11nSU - ok
18:35:26.0580 0x0d84  [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:35:26.0627 0x0d84  RemoteAccess - ok
18:35:26.0658 0x0d84  [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:35:26.0689 0x0d84  RemoteRegistry - ok
18:35:26.0705 0x0d84  [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator      C:\Windows\system32\locator.exe
18:35:26.0720 0x0d84  RpcLocator - ok
18:35:26.0752 0x0d84  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] RpcSs           C:\Windows\system32\rpcss.dll
18:35:26.0798 0x0d84  RpcSs - ok
18:35:26.0845 0x0d84  [ 26B52D0D1621FCBD0290676CFCCC95EC, F0F6260A57174142513C642029DFF552C1FD95FD5E394270FCD5676556623642 ] RRNetCap        C:\Windows\system32\DRIVERS\rrnetcap.sys
18:35:26.0861 0x0d84  RRNetCap - ok
18:35:26.0861 0x0d84  [ 26B52D0D1621FCBD0290676CFCCC95EC, F0F6260A57174142513C642029DFF552C1FD95FD5E394270FCD5676556623642 ] RRNetCapMP      C:\Windows\system32\DRIVERS\rrnetcap.sys
18:35:26.0876 0x0d84  RRNetCapMP - ok
18:35:26.0892 0x0d84  [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:35:26.0939 0x0d84  rspndr - ok
18:35:26.0986 0x0d84  [ 390482953C63E81BAE52F20386394421, C5385C4B1CD8A18675B113B2664701FE4BFEFA60FB4B0412C1058880D2CBCF86 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
18:35:27.0064 0x0d84  RTL8169 - ok
18:35:27.0110 0x0d84  [ FCBA736989B03B227578FFE2435D7C79, 599C77734CEAB702BB489169E84129D1DAB66DA3AC010C3FF5E8AF9A2C625E0E ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
18:35:27.0142 0x0d84  RTL8192su - ok
18:35:27.0142 0x0d84  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] SamSs           C:\Windows\system32\lsass.exe
18:35:27.0157 0x0d84  SamSs - ok
18:35:27.0188 0x0d84  [ CD9C693589C60AD59BBBCFB0E524E01B, F9EBD4FF4C712A563B1120D123012E41105D31402BE45D6F8C8DA71155D64ECB ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:35:27.0204 0x0d84  sbp2port - ok
18:35:27.0235 0x0d84  [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:35:27.0282 0x0d84  SCardSvr - ok
18:35:27.0329 0x0d84  [ C453886F47A10D44A9B4AFCBF349071D, B677FD3C638436CE84EC7087569CEEF912F59D0B800B4C76A5CC72289243C49B ] Schedule        C:\Windows\system32\schedsvc.dll
18:35:27.0407 0x0d84  Schedule - ok
18:35:27.0438 0x0d84  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:35:27.0469 0x0d84  SCPolicySvc - ok
18:35:27.0485 0x0d84  [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:35:27.0516 0x0d84  SDRSVC - ok
18:35:27.0532 0x0d84  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] SecDrv          C:\Windows\system32\drivers\SECDRV.SYS
18:35:27.0563 0x0d84  SecDrv - ok
18:35:27.0578 0x0d84  [ 251F63DD48559F73766E1159F94A6BD1, 4B18A3DDA49E6E189F44CBFB6387444EE4556B29F040E93A6798B3ACEAE0C382 ] seclogon        C:\Windows\system32\seclogon.dll
18:35:27.0594 0x0d84  seclogon - ok
18:35:27.0641 0x0d84  [ 07F83829E7429E60298440CD1E601A6A, 9F1229CD8DD9092C27A01F5D56E3C0D59C2BB9F0139ABF042E56F343637FDA33 ] semav6msr64     C:\Windows\system32\drivers\semav6msr64.sys
18:35:27.0656 0x0d84  semav6msr64 - ok
18:35:27.0672 0x0d84  [ 90973A64B96CD647FF81C79443618EED, 1D3CB7F724B7EADA6443DF07B258EE7FB7FEC92C2A7A9D3C57F6A220EF0DDDC4 ] SENS            C:\Windows\System32\sens.dll
18:35:27.0703 0x0d84  SENS - ok
18:35:27.0719 0x0d84  [ 2449316316411D65BD2C761A6FFB2CE2, A428D3B4E113D3CB6DD87CC52CF71E179189A9A9E326B39FB50C7B3155A41A88 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:35:27.0766 0x0d84  Serenum - ok
18:35:27.0766 0x0d84  [ 4B438170BE2FC8E0BD35EE87A960F84F, A585E17607DCB3E79518BC9914C7030C39B30A1B5B5B32137DABA32FF7079858 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:35:27.0828 0x0d84  Serial - ok
18:35:27.0844 0x0d84  [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:35:27.0875 0x0d84  sermouse - ok
18:35:27.0953 0x0d84  [ 8C1F87F5FDD92229D1754B98F073913F, DF97A2B8C337E80998E93934CC616AD46A8853232AEB6EF456ABC5C174A3C301 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
18:35:27.0968 0x0d84  ServiceLayer - detected UnsignedFile.Multi.Generic ( 1 )
18:35:28.0109 0x0d84  Detect skipped due to KSN trusted
18:35:28.0109 0x0d84  ServiceLayer - ok
18:35:28.0156 0x0d84  [ A8E4A4407A09F35DCCC3771AF590B0C4, F56ECE42CE81098FCCBCDFBBF006C3FB9EDD29C62F03C4EAE012EE690669481B ] SessionEnv      C:\Windows\system32\sessenv.dll
18:35:28.0202 0x0d84  SessionEnv - ok
18:35:28.0218 0x0d84  [ 4FCACE92BB0345D58BB96ADBD69F5237, 958067CFE2DC0BE0BC407E1309EE8859652A293F0F914DC7511B2F391FE8DF7F ] sfdrv01         C:\Windows\system32\drivers\sfdrv01.sys
18:35:28.0234 0x0d84  sfdrv01 - ok
18:35:28.0249 0x0d84  [ 14D4B4465193A87C127933978E8C4106, A5C3F2F09E9A0715529B05AC1020EF0F432121E129447795257087E0D6A812FC ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:35:28.0280 0x0d84  sffdisk - ok
18:35:28.0296 0x0d84  [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:35:28.0343 0x0d84  sffp_mmc - ok
18:35:28.0358 0x0d84  [ 35E59EBE4A01A0532ED67975161C7B82, 4F4296B8903FCD06439CC8BF93C703852E523834F09CF9121FDA729A988AF11B ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:35:28.0405 0x0d84  sffp_sd - ok
18:35:28.0405 0x0d84  [ 17F6BD95BF04B924F4C05CE78BEF8AE6, 68D38DC04349DA476B62F853B165EE6B6F42054BCAF2B8F615A6E6BAACD35EB4 ] sfhlp02         C:\Windows\system32\drivers\sfhlp02.sys
18:35:28.0436 0x0d84  sfhlp02 - ok
18:35:28.0436 0x0d84  [ 6B7838C94135768BD455CBDC23E39E5F, 868E054ED546479DEAD7C2834C7AB080820522C16F5B4BEF0F3B279A33ABA9C8 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:35:28.0499 0x0d84  sfloppy - ok
18:35:28.0499 0x0d84  [ 758D7842A48FE194BE08BAAF095285BE, 83EDB6DA4C31C718E445AC757A1D999950143486A25B4D8BF8DF66C8DFF7F60B ] sfsync04        C:\Windows\system32\drivers\sfsync04.sys
18:35:28.0514 0x0d84  sfsync04 - ok
18:35:28.0530 0x0d84  [ F3B72568A6FA36E5D63D30B8186D1C48, 8B6A7C8595182356F5B5B9F8DE4AC1F8926DBF0EEB68DA196FCF3512F1FD24FA ] sfvfs02         C:\Windows\system32\drivers\sfvfs02.sys
18:35:28.0546 0x0d84  sfvfs02 - ok
18:35:28.0592 0x0d84  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:35:28.0639 0x0d84  SharedAccess - ok
18:35:28.0702 0x0d84  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:35:28.0733 0x0d84  ShellHWDetection - ok
18:35:28.0748 0x0d84  [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
18:35:28.0780 0x0d84  SiSRaid2 - ok
18:35:28.0795 0x0d84  [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:35:28.0811 0x0d84  SiSRaid4 - ok
18:35:28.0920 0x0d84  [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] slsvc           C:\Windows\system32\SLsvc.exe
18:35:29.0045 0x0d84  slsvc - ok
18:35:29.0092 0x0d84  [ FD74B4B7C2088E390A30C85A896FC3AF, 897F1F89A4DDB356CF6E59EFBC32A2081C0CADE283793DB6879D263F7B2E313F ] SLUINotify      C:\Windows\system32\SLUINotify.dll
18:35:29.0107 0x0d84  SLUINotify - ok
18:35:29.0170 0x0d84  [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:35:29.0201 0x0d84  Smb - ok
18:35:29.0232 0x0d84  [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:35:29.0263 0x0d84  SNMPTRAP - ok
18:35:29.0294 0x0d84  [ 386C3C63F00A7040C7EC5E384217E89D, DD8766BCBD77EC6F67979A8B37B943A3A0E5478CE3FB129BF8FCA29B66529721 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:35:29.0310 0x0d84  spldr - ok
18:35:29.0357 0x0d84  [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] Spooler         C:\Windows\System32\spoolsv.exe
18:35:29.0388 0x0d84  Spooler - ok
18:35:29.0419 0x0d84  [ 51DE15CA5C05BCA46D8B110CD00A02FB, 1ACA132555AF7E492646EED2A9DFAAF378B3996B1570D89CDB2DACAEC4FA43BA ] sptd            C:\Windows\system32\Drivers\sptd.sys
18:35:29.0419 0x0d84  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: 51DE15CA5C05BCA46D8B110CD00A02FB, sha256: 1ACA132555AF7E492646EED2A9DFAAF378B3996B1570D89CDB2DACAEC4FA43BA
18:35:29.0419 0x0d84  sptd - detected LockedFile.Multi.Generic ( 1 )
18:35:29.0575 0x0d84  Detect skipped due to KSN trusted
18:35:29.0575 0x0d84  sptd - ok
18:35:29.0606 0x0d84  [ 4A3CE977E95070922EBA8EEE80EF08C0, EDC0DB3CBB20F7E4E517078C67CB4833F415EA386605011B13AE78C117DE0267 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:35:29.0684 0x0d84  srv - ok
18:35:29.0731 0x0d84  [ A1AD14A6D7A37891FFFECA35EBBB0730, AE00950D330EE4C05F5AA9BC7E63E974766D8E93B607CB3E683C727E8A65049D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:35:29.0778 0x0d84  srv2 - ok
18:35:29.0809 0x0d84  [ DA20A8B6800396211638D91F68FF09A6, 624ACDB9C4B20C3556ACD01E0794A7BAC0A8F867580210251540C5E14413A428 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:35:29.0840 0x0d84  srvnet - ok
18:35:29.0856 0x0d84  [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:35:29.0903 0x0d84  SSDPSRV - ok
18:35:29.0903 0x0d84  [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:35:29.0934 0x0d84  SstpSvc - ok
18:35:29.0996 0x0d84  [ 189879824D01F9A0DD1D72259A120F50, D587688E9EF7C43319AB87EEA368C9310F3A8F4A8A6D8A6E427A54126C209DF0 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:35:30.0028 0x0d84  Steam Client Service - ok
18:35:30.0090 0x0d84  [ 15825C1FBFB8779992CB65087F316AF5, E9431C016D209A7322C0586F11EEF0AB461AB5822960287BB1D0FBC30183614D ] stisvc          C:\Windows\System32\wiaservc.dll
18:35:30.0121 0x0d84  stisvc - ok
18:35:30.0137 0x0d84  [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:35:30.0152 0x0d84  swenum - ok
18:35:30.0199 0x0d84  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] swprv           C:\Windows\System32\swprv.dll
18:35:30.0246 0x0d84  swprv - ok
18:35:30.0262 0x0d84  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
18:35:30.0277 0x0d84  Symc8xx - ok
18:35:30.0293 0x0d84  [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
18:35:30.0308 0x0d84  Sym_hi - ok
18:35:30.0340 0x0d84  [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
18:35:30.0355 0x0d84  Sym_u3 - ok
18:35:30.0418 0x0d84  [ 92D7A8B0F87B036F17D25885937897A6, 6759BAB11E5FBB143BE13DF1611AE5D41D379DF423D881E92E910DF6A37CBA85 ] SysMain         C:\Windows\system32\sysmain.dll
18:35:30.0464 0x0d84  SysMain - ok
18:35:30.0574 0x0d84  [ 2BE3A44B764D6C43CBF4650E862CB807, 78920DA47F3A0C26503FB62EF159455A860E57A9A39C72AEE23A9324168EC1D2 ] SystemUsageReportSvc_WILLAMETTE C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
18:35:30.0589 0x0d84  SystemUsageReportSvc_WILLAMETTE - ok
18:35:30.0605 0x0d84  [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] TabletInputService C:\Windows\System32\TabSvc.dll
18:35:30.0652 0x0d84  TabletInputService - ok
18:35:30.0698 0x0d84  [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:35:30.0730 0x0d84  TapiSrv - ok
18:35:30.0761 0x0d84  [ 93F0F5EF8A4CA261372DF98B31B2BD05, 8CE4C01EF8BB6A2A11324D4ED1320760D78852A96570EEC5252FCEC2E50C597D ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
18:35:30.0776 0x0d84  tbhsd - ok
18:35:30.0776 0x0d84  TBPanel - ok
18:35:30.0776 0x0d84  [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS             C:\Windows\System32\tbssvc.dll
18:35:30.0839 0x0d84  TBS - ok
18:35:30.0901 0x0d84  [ 89399663A2F0393AFFC79E8397ECA844, BA7D4DF5A2F5EB5328522D6136BB71F56263305B9396A437A8AFEF5A8C5C496C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:35:30.0964 0x0d84  Tcpip - ok
18:35:31.0042 0x0d84  [ 89399663A2F0393AFFC79E8397ECA844, BA7D4DF5A2F5EB5328522D6136BB71F56263305B9396A437A8AFEF5A8C5C496C ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
18:35:31.0104 0x0d84  Tcpip6 - ok
18:35:31.0135 0x0d84  [ A7FF25D9B9DA36797BD1EA48DB292DCE, D89C946633E77765923BD698F2665DC03C5CF1676EB2BAF4450A856B2E856997 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:35:31.0198 0x0d84  tcpipreg - ok
18:35:31.0213 0x0d84  [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:35:31.0260 0x0d84  TDPIPE - ok
18:35:31.0276 0x0d84  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:35:31.0338 0x0d84  TDTCP - ok
18:35:31.0354 0x0d84  [ A47CD175CF72CA5EEDB47C79532A7622, 1F682B002A64D2A8559005651F742DD3AFB50AE5D6DADAF4A75DD08410385FBF ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:35:31.0385 0x0d84  tdx - ok
18:35:31.0400 0x0d84  [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:35:31.0432 0x0d84  TermDD - ok
18:35:31.0494 0x0d84  [ 5A67A1108E347FCA6A64B74FFB108BDE, F9EC8932366FF4101C6F059567DDF099D895C90567C3E770DDDC71562434A821 ] TermService     C:\Windows\System32\termsrv.dll
18:35:31.0525 0x0d84  TermService - ok
18:35:31.0541 0x0d84  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] Themes          C:\Windows\system32\shsvcs.dll
18:35:31.0556 0x0d84  Themes - ok
18:35:31.0572 0x0d84  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER     C:\Windows\system32\mmcss.dll
18:35:31.0619 0x0d84  THREADORDER - ok
18:35:31.0634 0x0d84  [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks          C:\Windows\System32\trkwks.dll
18:35:31.0681 0x0d84  TrkWks - ok
18:35:31.0712 0x0d84  [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:35:31.0744 0x0d84  TrustedInstaller - ok
18:35:31.0775 0x0d84  [ B2388462329ACD17AF50D8701E0C1B18, 959D7B7CCB526367645BAA11C56C88C9AD741EE338BAD6513C54FC7ED43F3AC0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:35:31.0790 0x0d84  tssecsrv - ok
18:35:31.0822 0x0d84  [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
18:35:31.0837 0x0d84  tunmp - ok
18:35:31.0884 0x0d84  [ 30A9B3F45AD081BFFC3BCAA9C812B609, 57204F1F72FEFA086FF1D8A14487D56F4DEDD3C50FBB6903E0C4AC749EA720DE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:35:31.0915 0x0d84  tunnel - ok
18:35:31.0931 0x0d84  [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:35:31.0962 0x0d84  uagp35 - ok
18:35:31.0993 0x0d84  [ FAF2640A2A76ED03D449E443194C4C34, CC2517DCFE6962EB2EDEB93E44CB53B113974C9C69A050E3F36385C8D78E810B ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:35:32.0040 0x0d84  udfs - ok
18:35:32.0071 0x0d84  [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:35:32.0102 0x0d84  UI0Detect - ok
18:35:32.0118 0x0d84  [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:35:32.0149 0x0d84  uliagpkx - ok
18:35:32.0165 0x0d84  [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci         C:\Windows\system32\drivers\uliahci.sys
18:35:32.0196 0x0d84  uliahci - ok
18:35:32.0227 0x0d84  [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata          C:\Windows\system32\drivers\ulsata.sys
18:35:32.0243 0x0d84  UlSata - ok
18:35:32.0258 0x0d84  [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
18:35:32.0290 0x0d84  ulsata2 - ok
18:35:32.0305 0x0d84  [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:35:32.0352 0x0d84  umbus - ok
18:35:32.0368 0x0d84  [ 7093799FF80E9DECA0680D2E3535BE60, 1CBFCCA84CB9212176BF5A1D32334BD54E58A2668A4746252738800468AD4AD4 ] upnphost        C:\Windows\System32\upnphost.dll
18:35:32.0414 0x0d84  upnphost - ok
18:35:32.0446 0x0d84  [ A565B509000BD3E42A9B93B9FFD40D3D, A22734F2DDAAD743D479D40EA91024F1A16A18D9D6C9FC4F90F3930AD040BFA3 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:35:32.0477 0x0d84  usbaudio - ok
18:35:32.0524 0x0d84  [ 858CC93477F9A9383E07861892600FF9, C72B25E7F6AF46AC22F8D2A1FA0345B290AAE642442C8A388EA75944334BB289 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:35:32.0555 0x0d84  usbccgp - ok
18:35:32.0570 0x0d84  [ 9247F7E0B65852C1F6631480984D6ED2, E3360A0EE891B8BADEF5FF53F796C79D6AD218961087F866E451F3B6F278672A ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:35:32.0633 0x0d84  usbcir - ok
18:35:32.0648 0x0d84  [ 82C3790E4E6F35087EF00994C7A72988, 95FA022BDAC65DCD2DA52C8FCC1F2C186B321F4599F40CB90262E24FD10AE16C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:35:32.0695 0x0d84  usbehci - ok
18:35:32.0711 0x0d84  [ BE2EB33AF6EE2E5DA07EB987E0A321F5, 0FCFABA080C553451AE4FAFB54DFE57639251D97DA204C07EC66F469826F3B46 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:35:32.0758 0x0d84  usbhub - ok
18:35:32.0773 0x0d84  [ EBA14EF0C07CEC233F1529C698D0D154, FBA35D53A90FD6C3F91DA5ECE10EF29858CB4CB512AA20548225F83E9FE0A23D ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:35:32.0820 0x0d84  usbohci - ok
18:35:32.0851 0x0d84  [ 28B693B6D31E7B9332C1BDCEFEF228C1, 6B756E6D7459F755C76BC3F497643F6818F107304B789952B233C6585434F3A8 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:35:32.0882 0x0d84  usbprint - ok
18:35:32.0914 0x0d84  [ C024814884CE9E6C2E6ED76A63AC3B9A, 39C9EB54998547B0B65EEE6391AA326B02C7CA52FAE9CEB98D538FEC8D9F1858 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:35:32.0945 0x0d84  usbscan - ok
18:35:32.0976 0x0d84  [ 05AF574F0BC4A29D8AB000FC886E80CC, BB279552CD692F4EC463547C77AFBA906E8F24D844B5131645B0EA70578DEB14 ] usbser          C:\Windows\system32\drivers\usbser.sys
18:35:33.0007 0x0d84  usbser - ok
18:35:33.0038 0x0d84  [ 2702146BBD36B2AF1514CCC1F914646C, 6943396692E64782F04EA2FE40D3C6B6B5CC4E6DD3CFCB5739015AB509EEB3AE ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:35:33.0085 0x0d84  USBSTOR - ok
18:35:33.0085 0x0d84  [ 308F6DDC052C970D679DA37D8A305279, E0F4C3C8F27E21C186289B115ECAB771777BC7E848F29D683C53C9F936F30848 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:35:33.0116 0x0d84  usbuhci - ok
18:35:33.0163 0x0d84  [ BF7A051DCCBA57C95541135B29CE0FB4, F3570ED5B57CB64A8222164038D53D1C2009013C50CFDE2E6105E8D4F642FEA6 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:35:33.0194 0x0d84  usbvideo - ok
18:35:33.0241 0x0d84  [ C690C8B45DB67DBA284B72D1FD649D2C, 52432616E19ADB450247D8A0FA75265BD74F1FACE6A063830F0E604C8E415CC0 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
18:35:33.0257 0x0d84  usb_rndisx - ok
18:35:33.0366 0x0d84  [ F4D8F67474DDA4FEF3935393AAA0173F, 5EB1700895E33972816DE4C2B920769CCE5580B83CAB8B2D7A8A6264F3A42B80 ] USER_ESRV_SVC_WILLAMETTE C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
18:35:33.0397 0x0d84  USER_ESRV_SVC_WILLAMETTE - ok
18:35:33.0428 0x0d84  [ D76E231E4850BB3F88A3D9A78DF191E3, 98CAD31C41AD155EA853DF850D94FA29543C3A7D26262D1B6881281D033CEBAF ] UxSms           C:\Windows\System32\uxsms.dll
18:35:33.0491 0x0d84  UxSms - ok
18:35:33.0584 0x0d84  [ 1999B15CE2B8776B463561B7F939C8C5, 8EAB82F4B259BE13597E775B3798D5B539840ADE045E1C0BCF2B7B8E39409C83 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
18:35:33.0616 0x0d84  VBoxAswDrv - ok
18:35:33.0647 0x0d84  [ C5E70C4E64666DB9D69C9F2FDAE22428, 759696619EEAF757AB28098FD9BF8EE045FFDECCBC249084BF01C60863CD3AAA ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
18:35:33.0678 0x0d84  VClone - ok
18:35:33.0725 0x0d84  [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] vds             C:\Windows\System32\vds.exe
18:35:33.0787 0x0d84  vds - ok
18:35:33.0818 0x0d84  [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:35:33.0865 0x0d84  vga - ok
18:35:33.0896 0x0d84  [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:35:33.0959 0x0d84  VgaSave - ok
18:35:33.0990 0x0d84  [ 8294B6C3FDB6C33F24E150DE647ECDAA, FEBD9536EF61F700DFD5D9CB815808C8415D5B23590B3CE17B12D84F4670EA4D ] viaide          C:\Windows\system32\drivers\viaide.sys
18:35:34.0021 0x0d84  viaide - ok
18:35:34.0037 0x0d84  [ 2B7E885ED951519A12C450D24535DFCA, 249009EBC1D306D51FDFA4A89588462AA2D8B6DF0A20BE250B60DD73200CB7F3 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:35:34.0052 0x0d84  volmgr - ok
18:35:34.0099 0x0d84  [ CEC5AC15277D75D9E5DEC2E1C6EAF877, EA989E257C4409F9AF3B35C4D7ED9134D930FE3733B077C4F3AA5497796F2CB0 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:35:34.0146 0x0d84  volmgrx - ok
18:35:34.0177 0x0d84  [ 582F710097B46140F5A89A19A6573D4B, 6F695B17BF476D027D3012352F3D4DFD0E0815823DA51A136767ECEF6D64A1CA ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:35:34.0224 0x0d84  volsnap - ok
18:35:34.0255 0x0d84  [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:35:34.0286 0x0d84  vsmraid - ok
18:35:34.0349 0x0d84  [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] VSS             C:\Windows\system32\vssvc.exe
18:35:34.0458 0x0d84  VSS - ok
18:35:34.0489 0x0d84  [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] W32Time         C:\Windows\system32\w32time.dll
18:35:34.0552 0x0d84  W32Time - ok
18:35:34.0583 0x0d84  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7, D682FBF78CF987609AF35A019E7C90CBE02800D7DFC272FFDD71D82AA362FA7A ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:35:34.0645 0x0d84  WacomPen - ok
18:35:34.0676 0x0d84  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
18:35:34.0723 0x0d84  Wanarp - ok
18:35:34.0723 0x0d84  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:35:34.0754 0x0d84  Wanarpv6 - ok
18:35:34.0801 0x0d84  [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
18:35:34.0817 0x0d84  WcesComm - ok
18:35:34.0926 0x0d84  [ B4E4C37D0AA6100090A53213EE2BF1C1, 67107F542F3C937FA5D9B28BA2EBFE994FFE287F16C0BFCF79AD20B95C13F78B ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:35:34.0957 0x0d84  wcncsvc - ok
18:35:34.0988 0x0d84  [ EA4B369560E986F19D93F45A881484AC, B61411D64901C9CB8C80402CD1E8808F5A0FACA38206C8D584C7C1019F5ADF5A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:35:35.0035 0x0d84  WcsPlugInService - ok
18:35:35.0066 0x0d84  [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd              C:\Windows\system32\drivers\wd.sys
18:35:35.0082 0x0d84  Wd - ok
18:35:35.0113 0x0d84  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:35:35.0160 0x0d84  Wdf01000 - ok
18:35:35.0176 0x0d84  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:35:35.0222 0x0d84  WdiServiceHost - ok
18:35:35.0238 0x0d84  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:35:35.0269 0x0d84  WdiSystemHost - ok
18:35:35.0363 0x0d84  [ 5B8CAF0FE216A57C95E8471A3BE051D6, DB1AB99FCB6B9FD1B22A052DE533D80B3826AD4D0D4890105EF09479FD9A04AB ] WebClient       C:\Windows\System32\webclnt.dll
18:35:35.0410 0x0d84  WebClient - ok
18:35:35.0472 0x0d84  [ 8D40BC587993F876658BF9FB0F7D3462, 23748E11F5CCE3D4978D748780283FA5A1154F53FF70D924CB2128FF8A4705F7 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:35:35.0503 0x0d84  Wecsvc - ok
18:35:35.0534 0x0d84  [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:35:35.0566 0x0d84  wercplsupport - ok
18:35:35.0581 0x0d84  [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:35:35.0612 0x0d84  WerSvc - ok
18:35:35.0628 0x0d84  WinDefend - ok
18:35:35.0628 0x0d84  WinHttpAutoProxySvc - ok
18:35:35.0706 0x0d84  [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:35:35.0753 0x0d84  Winmgmt - ok
18:35:36.0330 0x0d84  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869, 22D53818F4A4ACE441E121151CFD7CB1EDF5E8303DF9E113C9BB304B418A96EF ] WinRM           C:\Windows\system32\WsmSvc.dll
18:35:36.0424 0x0d84  WinRM - ok
18:35:36.0486 0x0d84  [ EC339C8115E91BAED835957E9A677F16, 3BBE6D4F1731198E8F0CFEE67C4CCA5C31E6968F8E02EF9E029C1847A26F513B ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:35:36.0517 0x0d84  Wlansvc - ok
18:35:36.0673 0x0d84  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:35:36.0751 0x0d84  wlidsvc - ok
18:35:36.0782 0x0d84  [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:35:36.0798 0x0d84  WmiAcpi - ok
18:35:36.0845 0x0d84  [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:35:36.0876 0x0d84  wmiApSrv - ok
18:35:36.0892 0x0d84  WMPNetworkSvc - ok
18:35:36.0923 0x0d84  [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:35:36.0938 0x0d84  WPCSvc - ok
18:35:36.0970 0x0d84  [ 490A18B4E4D53DC10879DEAA8E8B70D9, D069D8C22CF78A0970E85C0B9879E08FF19458FAA75AE447BCF9236731F64252 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:35:37.0016 0x0d84  WPDBusEnum - ok
18:35:37.0048 0x0d84  [ 5E2401B3FC1089C90E081291357371A9, 224D378EEBFB721CBC24896CAE01B31DC54B6ED82C19C5B954E96D5E98B83C59 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
18:35:37.0079 0x0d84  WpdUsb - ok
18:35:37.0250 0x0d84  [ 4CF27ED8D93A30BAA6F4DF50E62B7675, BDD0BD5C8DF13E0617429775F717E7078537C85921750BD3FE8401D7302166FD ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:35:37.0297 0x0d84  WPFFontCache_v0400 - ok
18:35:37.0313 0x0d84  [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:35:37.0360 0x0d84  ws2ifsl - ok
18:35:37.0375 0x0d84  [ 9EA3E6D0EF7A5C2B9181961052A4B01A, F39BAF1FC7DD1600C0052C2A6AA3BCBC8CA3DA96D1AC7B42B0F2810D051EE1B0 ] wscsvc          C:\Windows\System32\wscsvc.dll
18:35:37.0391 0x0d84  wscsvc - ok
18:35:37.0391 0x0d84  WSearch - ok
18:35:37.0484 0x0d84  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:35:37.0578 0x0d84  wuauserv - ok
18:35:37.0609 0x0d84  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:35:37.0656 0x0d84  WudfPf - ok
18:35:37.0703 0x0d84  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:35:37.0734 0x0d84  WUDFRd - ok
18:35:37.0765 0x0d84  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:35:37.0796 0x0d84  wudfsvc - ok
18:35:37.0828 0x0d84  ================ Scan global ===============================
18:35:37.0859 0x0d84  [ 0CF5A36772FCACDA29DE19E3B6843BBB, BB179387AC1F9A20ED6B2418CEF593BE26C2DDD3536B0C9C155F014F40C4BD25 ] C:\Windows\system32\basesrv.dll
18:35:37.0890 0x0d84  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
18:35:37.0921 0x0d84  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
18:35:37.0968 0x0d84  [ E8E05C05FBFEBD47FB7DBF7233F15302, 3099E64022E0E5347F7C8EFAD6D6E577157FC6B49386F3203E5438B38AE1EE36 ] C:\Windows\system32\services.exe
18:35:37.0984 0x0d84  [ Global ] - ok
18:35:37.0984 0x0d84  ================ Scan MBR ==================================
18:35:37.0999 0x0d84  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:35:38.0264 0x0d84  \Device\Harddisk0\DR0 - ok
18:35:38.0264 0x0d84  ================ Scan VBR ==================================
18:35:38.0280 0x0d84  [ 2BBAF48B011C99DE4BEA250000B53396 ] \Device\Harddisk0\DR0\Partition1
18:35:38.0280 0x0d84  \Device\Harddisk0\DR0\Partition1 - ok
18:35:38.0280 0x0d84  [ 5FB1895A9C3775E313520D64BF81FB36 ] \Device\Harddisk0\DR0\Partition2
18:35:38.0280 0x0d84  \Device\Harddisk0\DR0\Partition2 - ok
18:35:38.0280 0x0d84  [ EB633969FD1576A6C1778175CE47200B ] \Device\Harddisk0\DR0\Partition3
18:35:38.0280 0x0d84  \Device\Harddisk0\DR0\Partition3 - ok
18:35:38.0280 0x0d84  ================ Scan generic autorun ======================
18:35:38.0498 0x0d84  [ B0F9B5758250E7EDF501E5A3FE54B749, 2EF59EAD38F21C9799ABD76108B8547F42C1BC8CF18905CD6224BD6197BB5547 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:35:38.0670 0x0d84  RtHDVCpl - ok
18:35:38.0764 0x0d84  [ 64339C8E6CCFED317C9B375E5F4635AA, 53BD2FB75B07A5FEEE379AFCFD3E213D5B4C3C509E64F57714B09AE3D41419F8 ] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
18:35:38.0826 0x0d84  Skytel - ok
18:35:38.0935 0x0d84  [ 059E588FDF6B7E83227D45D026D21874, 211B5E85D84562E11F3A676686E7C716BB59912F7764A49D9164277EB3991AC3 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
18:35:39.0013 0x0d84  NvBackend - ok
18:35:39.0060 0x0d84  [ 233A10D4B3F6897899112E4EC60F1906, 1F7E768E57064938114DF2EFC5B219EB0D30A7D9E574924E9CED054462505AF0 ] C:\Windows\WindowsMobile\wmdc.exe
18:35:39.0091 0x0d84  Windows Mobile Device Center - ok
18:35:39.0294 0x0d84  [ 2F722690B624C9AD160EDC24DCA880DF, DB0D8B6A929550F8A7B0B518CEBFCAB077B07CECA55B2800C1A752F990B05E7C ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
18:35:39.0528 0x0d84  AvastUI.exe - ok
18:35:39.0544 0x0d84  DivXMediaServer - ok
18:35:39.0575 0x0d84  [ EBC0E8C0A4DDA2C32A7D5863462A321A, 2F410138DB66D0219254339F1F098E401CEDAA032596F1F67BC54F394256FC68 ] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
18:35:39.0590 0x0d84  amd_dc_opt - detected UnsignedFile.Multi.Generic ( 1 )
18:35:39.0778 0x0d84  Detect skipped due to KSN trusted
18:35:39.0778 0x0d84  amd_dc_opt - ok
18:35:40.0152 0x0d84  [ 2E0D87473D0C7C3F6ED2787DC54CE8B2, 410C49219EB17903EE70BA4CAC4E6BA41A1D9A915790E027480C8B6D3953F99A ] C:\Program Files (x86)\MWS Reader 5\mwsr5.exe
18:35:40.0558 0x0d84  MWS Reader 5 - detected UnsignedFile.Multi.Generic ( 1 )
18:35:40.0714 0x0d84  Detect skipped due to KSN trusted
18:35:40.0714 0x0d84  MWS Reader 5 - ok
18:35:40.0760 0x0d84  [ 5153C06FC9D4D094D1A785545928B134, 0037C935722663F9EF028F841DE222FC6418E9D60939AB60C965807E67A458DC ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:35:40.0792 0x0d84  SunJavaUpdateSched - ok
18:35:40.0885 0x0d84  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:35:40.0948 0x0d84  Sidebar - ok
18:35:40.0948 0x0d84  WindowsWelcomeCenter - ok
18:35:40.0979 0x0d84  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:35:41.0026 0x0d84  Sidebar - ok
18:35:41.0026 0x0d84  WindowsWelcomeCenter - ok
18:35:41.0041 0x0d84  GAINWARD - ok
18:35:41.0088 0x0d84  [ 65437DAD4F238EA9549408A783002222, 756C846C2DD8209E9161C2DD701E46DF73E1C757F2B66CAE7A579ADF8EF7E000 ] C:\Windows\ehome\ehTray.exe
18:35:41.0104 0x0d84  ehTray.exe - ok
18:35:41.0166 0x0d84  [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe
18:35:41.0260 0x0d84  Sidebar - ok
18:35:41.0260 0x0d84  WindowsWelcomeCenter - ok
18:35:41.0260 0x0d84  Waiting for KSN requests completion. In queue: 67
18:35:42.0274 0x0d84  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe (  ), 0x41000 ( enabled : updated )
18:35:42.0289 0x0d84  Win FW state via NFP2: enabled ( trusted )
18:35:42.0445 0x0d84  ============================================================
18:35:42.0445 0x0d84  Scan finished
18:35:42.0445 0x0d84  ============================================================
18:35:42.0445 0x1174  Detected object count: 0
18:35:42.0445 0x1174  Actual detected object count: 0
         
Ok, sorry.

Viele Grüße
Wiebke

Alt 05.11.2016, 11:50   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
PayPal Phishing Mail - ZIP-Anhang - Standard

PayPal Phishing Mail - ZIP-Anhang



Wichtige Online-Passwörter von einem sauberen Gerät aus ändern.

Schritt 1

  • Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass Deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Untersuchen.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 05.11.2016, 17:33   #11
nameweg
 
PayPal Phishing Mail - ZIP-Anhang - Standard

PayPal Phishing Mail - ZIP-Anhang



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 05.11.2016
Suchlaufzeit: 17:44:04
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.11.05.08
Rootkit-Datenbank: v2016.10.31.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x64
Dateisystem: NTFS
Benutzer: Dodo

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 366957
Abgelaufene Zeit: 20 Min., 47 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Deaktiviert
Rootkits: Aktiviert
Tiefer Rootkit-Suchlauf: Aktiviert
Heuristik: Deaktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 5
PUP.Optional.FaceMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\facemoods.facemoodsHlpr, In Quarantäne, [a60600bc9efc21158f01335c54aed12f], 
PUP.Optional.FaceMoods, HKLM\SOFTWARE\CLASSES\WOW6432NODE\facemoods.facemoodsHlpr.1, In Quarantäne, [a60600bc9efc21158f01335c54aed12f], 
PUP.Optional.Conduit, HKLM\SOFTWARE\DIVX\INSTALL\SETUP\WIZARDLAYOUT\ConduitToolbar, In Quarantäne, [c3e93488d6c41d1987fab616bd45d32d], 
PUP.Optional.SysTweak, HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\SOFTWARE\Systweak, In Quarantäne, [1e8e7646f4a6ed497c998a6caa5a2ed2], 
PUP.Optional.Spigot, HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0AF5279C-C66B-46F6-A95E-B81EB16A0686}, In Quarantäne, [e5c7ad0f5d3d989e65a500b662a113ed], 

Registrierungswerte: 2
PUP.Optional.Spigot, HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0AF5279C-C66B-46F6-A95E-B81EB16A0686}|URL, hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}, In Quarantäne, [e5c7ad0f5d3d989e65a500b662a113ed]
PUP.Optional.Spigot, HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0AF5279C-C66B-46F6-A95E-B81EB16A0686}|OSDFileURL, file:///C:/Program%20Files%20(x86)/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, In Quarantäne, [4864209c0a90db5b69a2a80e2ad95ea2]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 4
PUP.Optional.ASK, C:\Users\Dodo\AppData\Local\Temp\APNLogs, In Quarantäne, [dad2fbc17f1b37ff30c39e32659d6c94], 
PUP.Optional.ASK, C:\Windows\Temp\APNLogs, In Quarantäne, [b2fa2696d4c6b97dfbf89a36748e17e9], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub, In Quarantäne, [3b717e3eebaf80b6623822a18a782cd4], 

Dateien: 18
PUP.Optional.ASK, C:\Users\Dodo\AppData\Local\Temp\APNLogs\ic.log, In Quarantäne, [dad2fbc17f1b37ff30c39e32659d6c94], 
PUP.Optional.ASK, C:\Windows\Temp\APNLogs\ic.log, In Quarantäne, [b2fa2696d4c6b97dfbf89a36748e17e9], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub\Stb7e61239d-b8ae-4bda-8d96-318eca9e9284.log, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub\Stb0d68722f-a32b-41e5-993b-8af2c0c031f3.log, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub\Stb0d913461-bca7-46e5-b6fd-eafd6007ebf9.log, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub\Stb169cfb5e-5bec-4db9-abb1-5b7820b08858.log, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub\Stb26c8b56f-c01a-4120-94b9-e0081bed3acd.log, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub\Stb2e230dbb-4df2-4445-869d-04feba90fcdd.log, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub\Stb4d10d580-30ad-4ebf-9506-21ab46a29028.log, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub\Stb55b8f740-83b9-4603-a432-f290144c8e2f.log, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub\Stb6aa6f0e3-7730-4069-af55-d511d6f7e088.log, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub\Stb96908242-909b-4c99-a0d7-66e65103b34f.log, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub\Stbd7a3ad55-a9c0-4d29-aad1-ccc42e417782.log, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub\Stbe105ac3e-b019-429b-a336-52b0fc8e7046.log, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub\Stbe8059ff0-5b47-4d2b-bce2-a759cbfc40fb.log, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub\Stbef681e53-616e-4873-80a2-b97b338e743c.log, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Users\Dodo\AppData\Local\Temp\APN-Stub\Stbf4a24058-89d8-46cf-8d93-ee895a4cab28.log, In Quarantäne, [2488aa128f0b3204ccce952e45bde818], 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\Stb8daf7089-8b80-4b6e-acbf-7894d6b2ecf1.log, In Quarantäne, [3b717e3eebaf80b6623822a18a782cd4], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 30-10-2016
durchgeführt von Dodo (05-11-2016 18:27:36)
Gestartet von C:\Users\Dodo\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) (2009-08-28 20:26:27)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2904693490-1559453303-1626246330-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-2904693490-1559453303-1626246330-1002 - Limited - Enabled)
Dodo (S-1-5-21-2904693490-1559453303-1626246330-1000 - Administrator - Enabled) => C:\Users\Dodo
Gast (S-1-5-21-2904693490-1559453303-1626246330-501 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

@BIOS Ver.2.05 (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.05 - GIGABYTE)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)
ANNO 1503 (HKLM-x32\...\{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}) (Version:  - )
Anno 1602 (HKLM-x32\...\ANNO1602) (Version:  - )
Atom Zombie Smasher (HKLM-x32\...\Atom Zombie Smasher_is1) (Version:  - Blendo Games)
Audials TV (HKLM-x32\...\{24EE4523-711A-4BD1-95EA-F73A8A6950D3}) (Version: 1.3.10803.300 - RapidSolution Software AG)
AudialsOne (HKLM-x32\...\{64E7AA85-CCA8-48CE-8F46-98649E908DF0}) (Version: 4.2.13200.0 - RapidSolution Software AG)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber Deutschland)
Audiograbber Lame-MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2241 - AVAST Software)
Batman: Arkham City™ (HKLM-x32\...\GFWL_{57520FA0-AC56-469B-9983-FF1000008300}) (Version: 1.0.0000.131 - WB Games)
Batman: Arkham City™ (x32 Version: 1.0.0000.131 - WB Games) Hidden
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.62.0000 - 2K Games)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Braid (Version 1.015) (HKLM-x32\...\Braid_is1) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series Benutzerregistrierung (HKLM-x32\...\Canon MP550 series Benutzerregistrierung) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
Civilization III (HKLM-x32\...\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}) (Version:  - )
Cogs (HKLM-x32\...\Cogs) (Version:  - )
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crayon Physics Deluxe version 55 (HKLM-x32\...\{4CA1E8E2-B2A9-40C1-8EC4-BBCB23BAAA19}_is1) (Version: 55 - Kloonigames, Ltd)
Darkspore™ (HKLM-x32\...\{B1AAE4BF-C98E-467E-94C7-4E1F51DD86E0}) (Version: 1.00.0000 - Electronic Arts)
Die Siedler (HKLM-x32\...\Die Siedler_is1) (Version:  - )
Die Siedler II Gold Edition (HKLM-x32\...\Die Siedler II Gold Edition_is1) (Version:  - )
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
DOOM 3: BFG Edition (HKLM-x32\...\Steam App 208200) (Version:  - id Software)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
Dropbox (HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DVBViewer TERRATEC Edition (HKLM-x32\...\DVBViewer TERRATEC Edition_is1) (Version:  - CM&V)
Energy Saver Advance B9.0316.1 (HKLM-x32\...\{7ED169D4-5053-4166-93DF-53B12AE6C539}) (Version: 1.10.0000 - GIGABYTE)
Eufloria (HKLM-x32\...\Steam App 41210) (Version:  - Rudolf Kremers & Alex May)
EXPERTool 7.5 (HKLM-x32\...\EXPERTool_is1) (Version:  - Gainward Co., Ltd)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Far Cry (HKLM-x32\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ihr Firmenname)
Far Cry (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Foxit PDF Editor (HKLM-x32\...\Foxit PDF Editor) (Version:  - )
Foxit PDF IFilter (HKLM\...\{03D3BAD4-28ED-4EF2-A369-D148A240D0B3}) (Version: 1.0.1729 - Foxit Software)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.6.321 - Foxit Software Inc.)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Ltd.)
FreeCAD 0.12 (HKLM-x32\...\{81ABC4A0-DE63-11DE-8A39-0800200C9A66}) (Version: 0.12.5284 - Juergen Riegel (FreeCAD@juergen-riegel.net))
GameRanger (HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\GameRanger) (Version:  - GameRanger Technologies)
GameSpy Comrade (HKLM-x32\...\{894084B6-BC69-43B7-BF06-B93AECFEA520}) (Version: 2.1.1.214 - GameSpy)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel(R) Driver Update Utility 2.6 (x32 Version: 2.6.0.32 - Intel) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{3e714701-b89c-4cf2-bf3b-41b2c105ffdc}) (Version: 2.6.0.32 - Intel)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
James Cameron's AVATAR(tm): DAS SPIEL (HKLM-x32\...\{7E19B002-4CA3-4C9F-BA92-91D101B97219}) (Version: 1.02.00 - Ubisoft)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH)
K-Lite Codec Pack 6.5.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.5.0 - )
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lexware Info Service (HKLM-x32\...\{59624372-3B85-47f4-9B04-4911E551DF1E}) (Version: 2.61.00.0033 - Lexware GmbH & Co. KG)
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Machinarium (HKLM-x32\...\Machinarium) (Version: 23.10.09 - Amanita Design, s.r.o.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47CD-87CD-13E68B676E4F}) (Version: 1.2.20608.0 - Electronic Arts)
MAXQDA 11 (Release 11.0.10) (HKLM-x32\...\MAXQDA11) (Version: (Release 11.0.10) - VERBI Software.Consult.Sozialforschung GmbH)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (de-DE, Hedda) (HKLM-x32\...\{ACFCC7B5-C028-40AE-A5F5-9778B41F22A2}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro) (HKLM-x32\...\{C7CDC27F-0952-4DF1-9E41-B75140933BC6}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 de)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MWS Reader 5 (HKLM-x32\...\MWS Reader 5_is1) (Version: 5.2.621 - directINNOVATION UG (haftungsbeschränkt))
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
PC Connectivity Solution (HKLM-x32\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.21.0 - Nokia)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PDF-Viewer (HKLM\...\{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1) (Version: 2.0.54.0 - Tracker Software Products Ltd)
PixiePack Codec Pack (HKLM-x32\...\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}) (Version: 1.1.1200.0 - None)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
RAGE (HKLM-x32\...\Steam App 9200) (Version:  - id Software)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5780 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0149 - REALTEK Semiconductor Corp.)
Risen 2 - Dark Waters (HKLM-x32\...\{CC4473E6-AB7D-406B-ADAE-BF9C61CEC5FE}) (Version: 1.00 - Deep Silver)
Risen 2 - ModStarter 2.0.0.0 (Online Mods DB version) (HKLM-x32\...\Risen 2 - ModStarter_is1) (Version:  - LordOfWAR)
Sam and Max - Season One - Episode 104 - Abe Lincoln Must Die! (HKLM-x32\...\Episode 104 - Abe Lincoln Must Die!) (Version: 1.1.0.0-free - Telltale Games)
SecuROM Diagnostic Tool (HKLM-x32\...\SecuROM Diagnostic Tool) (Version:  - Sony DADC Austria)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Shadowgrounds 1.05b (HKLM-x32\...\Shadowgrounds_is1) (Version:  - Frozenbyte, Inc.)
Shadowgrounds Survivor 1.09 (HKLM-x32\...\Shadowgrounds Survivor_is1) (Version:  - Frozenbyte, Inc.)
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.61 - Firaxis Games) Hidden
Siedler3 (HKLM-x32\...\Siedler3Deinstall) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steuer 2009 (HKLM-x32\...\{410AB9BC-B057-4D39-9260-660EE1B4BED2}) (Version: 16.12.00.0001 - Haufe-Lexware GmbH & Co. KG)
Super Crossfire version 1.0 (HKLM-x32\...\{AE71B0D5-8873-4110-BD84-F5D5174EC342}_is1) (Version: 1.0 - Radiangames)
TERRATEC Cinergy 2400i DT (64 Bit) (HKLM-x32\...\{1C778F3E-3E83-4029-AC79-9D8D9D9A9F7F}) (Version: 1.1.0.284 - TERRATEC)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
The Evil Within (HKLM-x32\...\Steam App 268050) (Version:  - Tango Gameworks)
The Path (HKLM-x32\...\Steam App 27000) (Version:  - Tale of Tales)
The Void (HKLM-x32\...\The Void_is1) (Version:  - )
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red)
Tomahawk (HKLM-x32\...\Tomahawk) (Version: 0.7.0 - Tomahawk-player.org)
Tomb Raider: Legend 1.0 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )
TSL Alpha Demo - Public Demo RC1 (HKLM-x32\...\The Silver Lining_is1) (Version:  - Phoenix Online Studios)
Update Manager B08.1027.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.3.0 - Azureus Software, Inc.)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - TerraTec  (MicNgBas) Media  (04/21/2009 1.1.0.0284) (HKLM\...\7F9086B0202998E0E80985C36F977C0EE8003CC8) (Version: 04/21/2009 1.1.0.0284 - TerraTec )
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
X-Chat 2.8.6-2 (HKLM-x32\...\X-Chat 2_is1) (Version: 2.8.6-2 - SilvereX)
Xrodon (HKLM-x32\...\{74A80415-EBB2-447A-8A99-00F5E0009F42}) (Version: 1.00.0000 - Xrodon)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Dodo\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dodo\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {00196EAE-E245-41CF-B6ED-8BEBD5F01D1E} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {007F3B2A-9C8B-44C9-9A83-2FBE9ECC66A2} - System32\Tasks\{13A6A191-3663-41E3-9576-41A3A866C14D} => pcalua.exe -a "C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe" -d G:\Download -c "G:\Download\THX-magnusk.pdf"
Task: {35681ACE-8384-44E5-83EF-4543D760B244} - System32\Tasks\{A400AD13-F3CA-4375-8487-6548FC80F354} => pcalua.exe -a "D:\EADM\EAD 4.0.0.462 release prod Installer.exe" -d D:\EADM
Task: {3863B40E-DD9B-459A-BDD3-BC1942913111} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2904693490-1559453303-1626246330-1000UA => C:\Users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-19] (Facebook Inc.)
Task: {53B3B3C0-75E0-4105-A1C4-E63E21351CE3} - System32\Tasks\Microsoft\Windows\RestartManager\{069F86EF-0613-46ab-89FE-9FFFEA19D058} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {5E8F5383-E25E-42DF-9F73-41D2CCA677BB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
Task: {625C803B-8AAE-4588-9BFA-D3D75104F973} - System32\Tasks\{6BEE6734-2B5E-49EA-AD31-4ECBD3B5EA75} => pcalua.exe -a G:\Download\Stronghold_v1_1.exe -d G:\Programme\Firefox
Task: {63E7BF33-DBCF-4CBE-A904-A5A778A6BF2D} - System32\Tasks\{C887397C-BEFB-4952-8948-C10E48E2F8F1} => pcalua.exe -a "H:\Half-Life 2\Uninstall Half-Life 2 Deutsche Sprachergänzung.exe"
Task: {6ACC99D0-8FAD-4F21-B90C-C7E98E1EA4E6} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {822DF6DC-1E5F-4D3C-B30E-F3FD75E99A86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {93F3766D-D5C5-43D2-A678-0FADD259F429} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D78DD80C-76E7-4FC2-B131-F85CD97C3E72} - System32\Tasks\{083BE5DF-3794-43C8-8EC9-993D93C7972D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\EAInstaller\Peggle\Cleanup.exe" -c uninstall_game -autologging
Task: {F24A3454-F638-4394-BA61-8E25075477C1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2904693490-1559453303-1626246330-1000Core => C:\Users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-19] (Facebook Inc.)
Task: {F2FA68DA-056A-4A1A-AA8B-9E9197119310} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-27] (AVAST Software)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2904693490-1559453303-1626246330-1000Core.job => C:\Users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2904693490-1559453303-1626246330-1000UA.job => C:\Users\Dodo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2011-10-20 09:45 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2009-10-02 19:53 - 2009-10-17 16:09 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-06-08 17:04 - 2016-06-08 17:04 - 00117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-06-08 17:04 - 2016-06-08 17:04 - 00256152 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\analyzer.dll
2015-03-17 22:27 - 2015-11-27 12:37 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-17 22:27 - 2015-11-27 12:37 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-05 17:20 - 2016-11-05 17:20 - 03130832 _____ () C:\Program Files\AVAST Software\Avast\defs\16110500\algo.dll
2016-08-02 15:56 - 2016-08-02 15:56 - 00507808 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2010-11-16 10:35 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll
2014-02-12 14:04 - 2015-11-27 12:37 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:DB1803DC62E828FE [98]
AlternateDataStreams: C:\ProgramData\TEMP:24721E3C [1950]
AlternateDataStreams: C:\ProgramData\TEMP:B606BA34 [112]
AlternateDataStreams: C:\ProgramData\TEMP:F84B8DB5 [120]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\sony.com -> sony.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dodo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: AeLookupSvc => 2
MSCONFIG\Services: DAUpdaterSvc => 2
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: ehstart => 2
MSCONFIG\Services: EMDMgmt => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: GEST Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 2
MSCONFIG\Services: WPFFontCache_v0400 => 3
MSCONFIG\startupfolder: C:^Users^Dodo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.lnk => C:\Windows\pss\DesktopVideoPlayer.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dodo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk => C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dodo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon
MSCONFIG\startupreg: Comrade.exe => C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
MSCONFIG\startupreg: DivXMediaServer => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ6.5\ICQ.exe" silent
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: NSU_agent => "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
MSCONFIG\startupreg: PDFPrint => "C:\Program Files (x86)\PDF24\pdf24.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{BD8AE32A-5F95-4215-B1A0-951EF03C769F}C:\program files (x86)\gigabyte\gbtupd\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\gbtupd\runupd.exe
FirewallRules: [UDP Query User{FEF84EF3-A695-42D3-8C4D-DD871F348E23}C:\program files (x86)\gigabyte\gbtupd\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\gbtupd\runupd.exe
FirewallRules: [{E9F3A9B7-AC9C-4CEE-9F1F-85454768615C}] => (Allow) G:\Spiele\Assasins Creed\Game\AssassinsCreed_Dx9.exe
FirewallRules: [{4B921A4F-07A7-4178-A329-3408A42FBA63}] => (Allow) G:\Spiele\Assasins Creed\Game\AssassinsCreed_Dx9.exe
FirewallRules: [{6613C863-2E63-43E8-AADA-8F7634AC2049}] => (Allow) G:\Spiele\Assasins Creed\Game\AssassinsCreed_Dx10.exe
FirewallRules: [{60D687C5-D6E4-42CB-B049-CCEA7C5D3B4A}] => (Allow) G:\Spiele\Assasins Creed\Game\AssassinsCreed_Dx10.exe
FirewallRules: [{F6C3BAD7-A911-4E06-968D-1584B5349BD1}] => (Allow) G:\Spiele\Assasins Creed\Game\AssassinsCreed_Launcher.exe
FirewallRules: [{3FCD362C-2BCB-472F-96AA-B3BF84F945B7}] => (Allow) G:\Spiele\Assasins Creed\Game\AssassinsCreed_Launcher.exe
FirewallRules: [{DFB0C412-B53F-49F9-9D4B-6AAF64EFC566}] => (Allow) G:\Spiele\Crysis\Bin32\Crysis.exe
FirewallRules: [{CEB8FE34-14B7-403A-BD39-7DE1514DFEE6}] => (Allow) G:\Spiele\Crysis\Bin32\Crysis.exe
FirewallRules: [{941ADF80-EC9F-4511-9235-D79B71CCF13F}] => (Allow) G:\Spiele\Crysis\Bin32\CrysisDedicatedServer.exe
FirewallRules: [{3369D2E1-C304-4E51-BC68-7366E2C51995}] => (Allow) G:\Spiele\Crysis\Bin32\CrysisDedicatedServer.exe
FirewallRules: [{D47FF97B-BFB0-4D8E-86DC-4CBC90DF177B}] => (Allow) G:\Spiele\Crysis\Bin64\Crysis.exe
FirewallRules: [{F4E00767-D0D6-406F-B695-78F3B8CBC3AE}] => (Allow) G:\Spiele\Crysis\Bin64\Crysis.exe
FirewallRules: [{71C596B9-69CA-4AFC-8681-3B60DAD28DE8}] => (Allow) G:\Spiele\Crysis\Bin64\CrysisDedicatedServer.exe
FirewallRules: [{2CAFB032-F219-456A-AB81-E95E403C5075}] => (Allow) G:\Spiele\Crysis\Bin64\CrysisDedicatedServer.exe
FirewallRules: [{F4DB1775-3D3A-4FA9-8064-2994D7366BA3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{41FEF90B-7F87-41CC-A2EA-5B5CAB2F8D7B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DBA3E4E4-8413-489B-A382-BCC878D7AEA3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CB6FF849-FE89-4E94-A2D2-9C9E80DF9A6A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{6D03F3D9-B469-49BC-B765-348F00F88807}] => (Allow) H:\Sacred\system\s2gs.exe
FirewallRules: [{6361E0B3-54D5-467F-AAEA-4FF0DC01B33E}] => (Allow) H:\Sacred\system\s2gs.exe
FirewallRules: [{0714E996-AD87-475D-AEA7-2AD85B4D8058}] => (Allow) H:\Sacred\system\sacred2.exe
FirewallRules: [{5A9A6E5D-5F62-4C7C-BD73-CDA8151DAEAC}] => (Allow) H:\Sacred\system\sacred2.exe
FirewallRules: [TCP Query User{51922FDC-E5DB-43BF-A1A1-8873013000C8}C:\program files (x86)\gigabyte\gbtupd\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\gbtupd\runupd.exe
FirewallRules: [UDP Query User{2D1B9619-7039-4BAE-9760-85330E4464F7}C:\program files (x86)\gigabyte\gbtupd\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\gbtupd\runupd.exe
FirewallRules: [TCP Query User{34368187-06BE-4791-8396-92D29EDEE86C}G:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe] => (Allow) G:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe
FirewallRules: [UDP Query User{9F586A91-DF71-4D54-A494-E4B3FCB7194C}G:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe] => (Allow) G:\spiele\borderlands\gearbox software\borderlands\binaries\borderlands.exe
FirewallRules: [TCP Query User{5BF5D91E-FDBD-4070-B3AE-D24CD0C00A0B}G:\programme\audialsone4\audialsone.exe] => (Allow) G:\programme\audialsone4\audialsone.exe
FirewallRules: [UDP Query User{BBB3F4A8-D899-4C59-B800-E8D2ADA5B658}G:\programme\audialsone4\audialsone.exe] => (Allow) G:\programme\audialsone4\audialsone.exe
FirewallRules: [{1F540F62-7137-472D-97A1-82833F26EA40}] => (Allow) G:\Spiele\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{DE95CCA7-1E91-4F66-B1C4-90CACB78C3C8}] => (Allow) G:\Spiele\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{25697D15-E2A8-460A-B277-4B14D1ECDA88}] => (Allow) G:\Spiele\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{18D1B51A-F366-4E17-9DAA-5C6E1DC4361A}] => (Allow) G:\Spiele\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{1B4B7DF0-F13A-4B21-8C5A-5AABD4ED9D1E}] => (Allow) H:\Spiele\Avatar\bin\Avatar.exe
FirewallRules: [{9E50C082-195C-4814-B726-7DA353ABCF43}] => (Allow) H:\Spiele\Avatar\bin\Avatar.exe
FirewallRules: [{D4DF43D4-0C66-4FDC-9DDA-1EA64AB6C6D9}] => (Allow) H:\Spiele\Avatar\bin\AvatarLauncher.exe
FirewallRules: [{90BE629C-8FC7-4477-A8B8-4625A34F41C7}] => (Allow) H:\Spiele\Avatar\bin\AvatarLauncher.exe
FirewallRules: [TCP Query User{0214F3A7-95B1-4772-A02C-0F6C4BA8897A}G:\programme\qip\qip.exe] => (Allow) G:\programme\qip\qip.exe
FirewallRules: [UDP Query User{22C6C730-EE54-4CF2-968D-D8E2A36705D3}G:\programme\qip\qip.exe] => (Allow) G:\programme\qip\qip.exe
FirewallRules: [TCP Query User{0EF7921E-5BCD-4CC2-B9B0-2B4CEEF9DD92}G:\programme\qip\qip.exe] => (Block) G:\programme\qip\qip.exe
FirewallRules: [UDP Query User{22A86623-2E00-4BE5-B62E-8AF2B721DB3E}G:\programme\qip\qip.exe] => (Block) G:\programme\qip\qip.exe
FirewallRules: [TCP Query User{B3EEFF8F-A685-4EE3-865B-7A0698842837}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe] => (Allow) C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe
FirewallRules: [UDP Query User{9972FA76-0545-4720-B804-F950C66BAD44}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe] => (Allow) C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe
FirewallRules: [TCP Query User{57C37BE3-B0EB-4D55-A4B4-F84B4C5588DD}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [UDP Query User{B456813D-E6D5-4AB7-9F33-095C5A10EC87}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [TCP Query User{4D80F5E1-5FB1-4533-AB03-B265781FAC2F}G:\programme\firefox\firefox.exe] => (Allow) G:\programme\firefox\firefox.exe
FirewallRules: [UDP Query User{C301A87E-3E15-4D7E-BF9F-21F64C54AED7}G:\programme\firefox\firefox.exe] => (Allow) G:\programme\firefox\firefox.exe
FirewallRules: [{AFE8C676-94B6-47DE-B7DD-245CCFB6A34B}] => (Allow) G:\Spiele\Civ4\Civilization4.exe
FirewallRules: [{FD8185CB-BB5B-466D-A713-4007CE7BFA7A}] => (Allow) G:\Spiele\Civ4\Civilization4.exe
FirewallRules: [TCP Query User{979F57F6-BFB7-455B-B092-0C2079C23338}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{F7621FB3-8A4E-437C-B2F4-A154AEF7889E}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{51A96407-BE60-450E-9C9B-9AE1692AABAE}G:\spiele\return to castle wolfenstein\et.exe] => (Block) G:\spiele\return to castle wolfenstein\et.exe
FirewallRules: [UDP Query User{ECB1A91D-8E1D-4FA6-8434-195ECDA54EF4}G:\spiele\return to castle wolfenstein\et.exe] => (Block) G:\spiele\return to castle wolfenstein\et.exe
FirewallRules: [TCP Query User{2B7B8B6B-02ED-46E2-B1E2-A3EC67CD9711}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{5C3CBD2E-38DA-436A-9631-1A094FF843CF}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{0C5843E5-2184-4636-BE5A-0198B1EE144D}] => (Allow) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{D00F4137-9BDB-4644-A84B-41B3D2FBD99F}] => (Allow) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{10192BEE-0D17-40AF-9C85-1B8CC56679D1}] => (Allow) LPort=1542
FirewallRules: [{CF8A2690-7633-493D-B237-755992909B21}] => (Allow) LPort=1542
FirewallRules: [{17E3763F-5EA8-4E36-8E92-B12BB74925AF}] => (Allow) LPort=53
FirewallRules: [{F45FF53D-2156-4C0C-933F-0B403EC5A167}] => (Allow) LPort=80
FirewallRules: [{8CE03B20-23BE-4579-82DF-C1DE5D3ADCB1}] => (Allow) LPort=80
FirewallRules: [{E5DFA1E1-25DC-4320-923B-9667745BD060}] => (Allow) LPort=80
FirewallRules: [{0DCC0D3D-92F7-42C1-A5D3-759490FB5D0D}] => (Allow) G:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [{C305DE5C-EA8B-4D84-8358-6B6E7C1BE004}] => (Allow) G:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe
FirewallRules: [TCP Query User{2B7FBBD1-B376-48EE-A0CC-35B6FB1EF2F9}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{4305BF48-D73E-4164-9096-55B8094065D9}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{33511513-13E0-421D-9A8B-8EBF878F9EAE}G:\spiele\wc3ft\war3.exe] => (Allow) G:\spiele\wc3ft\war3.exe
FirewallRules: [UDP Query User{5801BF73-F567-4658-AF26-81126149E477}G:\spiele\wc3ft\war3.exe] => (Allow) G:\spiele\wc3ft\war3.exe
FirewallRules: [{79CEA734-18C3-4539-8668-FAC948DC6FE3}] => (Allow) G:\Spiele\wc3ft\Frozen Throne.exe
FirewallRules: [{19E101DC-DAEE-4C01-968F-C62F6C635C59}] => (Allow) G:\Spiele\wc3ft\Frozen Throne.exe
FirewallRules: [TCP Query User{0E36FF4E-998A-4EFF-AEA1-E369A2648EE9}G:\spiele\wc3ft\war3.exe] => (Allow) G:\spiele\wc3ft\war3.exe
FirewallRules: [UDP Query User{055EA4FF-6497-4D22-A6B8-EEE9F62B1442}G:\spiele\wc3ft\war3.exe] => (Allow) G:\spiele\wc3ft\war3.exe
FirewallRules: [TCP Query User{6861D84F-279D-4E3D-BB97-603BBF565B7C}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{DF287267-7BEB-404C-863C-9BEB7F59F3AC}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{EAA2E3A4-3290-40E2-9030-C2D8A5A3CD4B}] => (Allow) G:\Spiele\ANNO1602\1602.exe
FirewallRules: [{257D3558-E6DF-492A-914C-3141E8923C9E}] => (Allow) G:\Spiele\ANNO1602\1602.exe
FirewallRules: [TCP Query User{59AF9E7C-C430-43DB-B28F-5C3EA19632F7}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{A4CCC909-5A07-4E95-9C6B-0A94879FE1EE}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{47C36DBC-4902-436D-9F6F-EC29B5CA4DCF}G:\spiele\age of empires\empires2.exe] => (Block) G:\spiele\age of empires\empires2.exe
FirewallRules: [UDP Query User{CC1B33F2-E6A3-422E-9E83-437D73C63106}G:\spiele\age of empires\empires2.exe] => (Block) G:\spiele\age of empires\empires2.exe
FirewallRules: [{008AC44C-0E7C-46DA-8BC9-A8F575CAABCD}] => (Allow) G:\Spiele\Civ4 - Complete\Civilization4.exe
FirewallRules: [{9F0C3483-D46D-4F45-A047-707F38A5E834}] => (Allow) G:\Spiele\Civ4 - Complete\Civilization4.exe
FirewallRules: [{8D4441B5-E153-43EA-BB02-D9C385DBDC14}] => (Allow) G:\Spiele\Civ4 - Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{6AE4B54C-E6F3-4030-9707-A81D0ED3A593}] => (Allow) G:\Spiele\Civ4 - Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{2E8D0071-B48B-4A90-B95A-7C64199F0E3C}] => (Allow) G:\Spiele\Civ4 - Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{9B0CAAB0-7F12-4D61-8F5B-4CEF89B8038E}] => (Allow) G:\Spiele\Civ4 - Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [TCP Query User{D6EB5AF5-8ED8-4539-A3AD-14F544C6298A}G:\spiele\civ4 - complete\civilization4.exe] => (Block) G:\spiele\civ4 - complete\civilization4.exe
FirewallRules: [UDP Query User{60EB019F-6174-48C2-B994-5BBF177D9F00}G:\spiele\civ4 - complete\civilization4.exe] => (Block) G:\spiele\civ4 - complete\civilization4.exe
FirewallRules: [TCP Query User{91D5CD34-966A-40CC-85FD-0CE2D7A8C9C2}C:\program files (x86)\slysoft\winamp\winamp.exe] => (Allow) C:\program files (x86)\slysoft\winamp\winamp.exe
FirewallRules: [UDP Query User{95FD8E5A-ECC4-4307-B965-52F216EF7286}C:\program files (x86)\slysoft\winamp\winamp.exe] => (Allow) C:\program files (x86)\slysoft\winamp\winamp.exe
FirewallRules: [TCP Query User{106033D7-0B9E-4FB0-9EA4-09C5BA02F372}G:\spiele\civ4\civilization4.exe] => (Block) G:\spiele\civ4\civilization4.exe
FirewallRules: [UDP Query User{61963017-EE5B-4CDC-A749-1535CE105379}G:\spiele\civ4\civilization4.exe] => (Block) G:\spiele\civ4\civilization4.exe
FirewallRules: [TCP Query User{A06E0C9A-C7BE-448E-8ECD-ACE19B33ABDF}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{645D38B9-00FD-4A83-8666-06238BA80E47}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{C547955E-2C85-424D-BC00-3BB38DEFD201}C:\program files (x86)\qip 2010\qip.exe] => (Block) C:\program files (x86)\qip 2010\qip.exe
FirewallRules: [UDP Query User{9538098C-F967-4103-A971-8A8FECD45E25}C:\program files (x86)\qip 2010\qip.exe] => (Block) C:\program files (x86)\qip 2010\qip.exe
FirewallRules: [TCP Query User{0011D549-4ED7-4DA1-8D7A-9AFF8228FB78}C:\program files (x86)\qip 2010\qip.exe] => (Allow) C:\program files (x86)\qip 2010\qip.exe
FirewallRules: [UDP Query User{10F9C05E-D083-4FB1-917C-5AE51448ED0B}C:\program files (x86)\qip 2010\qip.exe] => (Allow) C:\program files (x86)\qip 2010\qip.exe
FirewallRules: [TCP Query User{1D639947-3EF6-439D-8081-F5F6483C37D3}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{FD2D6B95-4586-4218-969D-6B248B94A61F}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{8BA6552F-AB3E-4B51-BFBC-399C6335EEB4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{C28BC18A-7B7B-4DB3-8591-65682E785376}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{B1D7BDD0-E167-47B3-996E-C50853992FE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\monkey2\Monkey2.exe
FirewallRules: [{FB62B986-6C83-4B11-8059-861220F2B884}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\monkey2\Monkey2.exe
FirewallRules: [TCP Query User{4584F86E-B3BD-4FFE-8D11-41267273EDDE}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{839D915B-9ED3-4936-B041-EC17DF91A283}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{81147C50-22EB-47B8-BC42-86090D95CE3C}G:\programme\x-chat 2\xchat.exe] => (Allow) G:\programme\x-chat 2\xchat.exe
FirewallRules: [UDP Query User{1D249207-A7B6-4353-95A5-6E06B8C20E32}G:\programme\x-chat 2\xchat.exe] => (Allow) G:\programme\x-chat 2\xchat.exe
FirewallRules: [{CC5FAC6E-492B-497F-BC15-4F0956E96EC7}] => (Allow) G:\Spiele\Darkspore\DarksporeBin\Darkspore.exe
FirewallRules: [{C5DDDB51-6693-41E9-B009-FE79BD6FDC27}] => (Allow) G:\Spiele\Darkspore\DarksporeBin\Darkspore.exe
FirewallRules: [TCP Query User{51CD10E3-3AD5-45D5-88CA-A558065A7EB7}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{E1CD9B5D-7912-4CDB-9037-9DF0D486D6D1}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [TCP Query User{91EC461E-A1F5-45B2-B9FF-08DA441CC1C4}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [UDP Query User{03A21F6A-721A-400C-9179-478DD8E4C57F}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe
FirewallRules: [TCP Query User{7D6A124A-C65F-4F79-B782-6F6016D8852A}H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Allow) H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe
FirewallRules: [UDP Query User{97F217D5-50BE-4F01-8571-CE5EF17656B5}H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Allow) H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe
FirewallRules: [TCP Query User{E69E12F9-4236-407A-A984-7584CBB4A634}H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Allow) H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe
FirewallRules: [UDP Query User{5F6F26F1-0864-42B5-A61A-71C6D97712A2}H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe] => (Allow) H:\spiele\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe
FirewallRules: [{6D534BC7-5220-46EE-BFFE-A4500A9176E6}] => (Allow) H:\Spiele\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{E24BC96A-A0DA-4953-9701-0F1FFB9141A5}] => (Allow) H:\Spiele\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{4CFAFD75-1AC7-4421-9F18-30D91305C949}] => (Allow) H:\Spiele\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{AAC6C58B-27D4-4E7B-A2FD-79215BBD955B}] => (Allow) H:\Spiele\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{E8643DF7-83FA-45F4-831C-5ED0BE7D6C77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blackwell legacy\blackwell1.exe
FirewallRules: [{B75F3118-4598-4E72-BDB6-2829E0391876}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blackwell legacy\blackwell1.exe
FirewallRules: [{BBC9605A-36EF-4D85-8732-D4D0CDFC69C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blackwell unbound\Unbound.exe
FirewallRules: [{1F74DD4C-22B6-4793-A98F-5FA5F5A2B25D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blackwell unbound\Unbound.exe
FirewallRules: [{692B3D70-09FE-4677-881B-494D90F76751}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blackwell convergence\Convergence.exe
FirewallRules: [{2E83F4F3-5965-42CF-AADB-A5A4BBDF0BDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blackwell convergence\Convergence.exe
FirewallRules: [{74B1B4CA-074B-4EE7-8F53-13D2B5A1B58D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nuclear dawn\ndsrv.exe
FirewallRules: [{820883AF-EDFA-47D7-B4D2-73B4754BACC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nuclear dawn\ndsrv.exe
FirewallRules: [{D64E0BB9-CCB1-4723-84C7-0026FEEA7D83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nuclear dawn\bin\SDKLauncher.exe
FirewallRules: [{19248A0C-D1E6-4D8B-99F7-1B9F835C1035}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nuclear dawn\bin\SDKLauncher.exe
FirewallRules: [{EF2BD3A3-39D8-4CB1-8C17-10645D130A6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rbs\Really Big Sky.exe
FirewallRules: [{E95B6D9C-6B9B-4FF4-A444-147E920E3F78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rbs\Really Big Sky.exe
FirewallRules: [{8443F0B7-E8DD-4F5D-9D3F-722F0E845D9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\aquaria\Aquaria.exe
FirewallRules: [{A18FA233-FFF8-41DA-AE6C-218F594A8967}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\aquaria\Aquaria.exe
FirewallRules: [TCP Query User{9839678D-1AA5-4A75-9210-C6F51D27B1C3}G:\spiele\farcry\bin32\farcry.exe] => (Block) G:\spiele\farcry\bin32\farcry.exe
FirewallRules: [UDP Query User{419B84F5-25E5-4451-BDC0-04B757B607F9}G:\spiele\farcry\bin32\farcry.exe] => (Block) G:\spiele\farcry\bin32\farcry.exe
FirewallRules: [{52E30F4F-1705-445E-B248-A8B6EA949311}] => (Allow) C:\Users\Dodo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B7AADC19-49D7-41E8-8003-F68208F41941}] => (Allow) C:\Users\Dodo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D1329306-140B-4D2F-84E7-2B9A101ACB65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Puzzle Agent 2\Grickle102.exe
FirewallRules: [{76702735-32A9-4185-B81D-C6097B05C663}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Puzzle Agent 2\Grickle102.exe
FirewallRules: [{55C7E51C-4E4A-4EDE-99AD-092562A86BFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anomaly Warzone Earth\AnomalyWarzoneEarth.exe
FirewallRules: [{42AA2EDB-DAA1-4ACC-8AA6-40D76FDCD466}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anomaly Warzone Earth\AnomalyWarzoneEarth.exe
FirewallRules: [{4C80B975-4F9A-4911-8A62-BDF4207D53F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Children of the Nile\CoTN.exe
FirewallRules: [{A320BF7C-1F37-42F2-800B-C933894FCDDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Children of the Nile\CoTN.exe
FirewallRules: [{3A625B2F-68EE-4BB5-A0D1-B90740DFF1EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unmechanical\Binaries\Win32\UDK.exe
FirewallRules: [{3409CF9E-1D62-4F11-8034-2D1A72C8301B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unmechanical\Binaries\Win32\UDK.exe
FirewallRules: [{7C269F47-6FE7-4F33-B0A5-95EFE8F2EE6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Krater\run_game.exe
FirewallRules: [{8FD7900F-9F74-44AB-BA7A-3ED744863EF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Krater\run_game.exe
FirewallRules: [{C6B53DF2-9D36-4AAD-8D75-8DD5F3CA90BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dream Machine\the_dream_machine.exe
FirewallRules: [{898DFB1A-343E-4899-9A02-350F4820EFE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dream Machine\the_dream_machine.exe
FirewallRules: [TCP Query User{7046F82D-4763-47B1-A71E-D8B175EEA9BE}C:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe] => (Block) C:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe
FirewallRules: [UDP Query User{5C6CDBB0-4C48-4CAB-875F-EC8FE93A52D8}C:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe] => (Block) C:\program files (x86)\steam\steamapps\common\unmechanical\binaries\win32\udk.exe
FirewallRules: [{19D8FCCD-FB9E-4173-90C6-666A653C36EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nuclear dawn\nucleardawn.exe
FirewallRules: [{BBCE5C2D-9934-4E0C-B053-A00B654337EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nuclear dawn\nucleardawn.exe
FirewallRules: [{EB92C349-3CEC-4D0B-8045-69423EA15D71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{B246163B-E0C3-4A30-B7D9-C1F78D199850}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{DA149523-62FC-4F87-BE0D-2D55A32EC730}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{2B36C248-4C13-42A9-B00C-1A07FD0E2458}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{68CBA541-39B9-4A52-B31A-DEE84CF0DF56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{692854D9-4952-4D20-8778-10CC99B7C5AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [TCP Query User{5712E80B-63D1-4381-93DA-041B9118B949}C:\program files (x86)\tomahawk\tomahawk.exe] => (Allow) C:\program files (x86)\tomahawk\tomahawk.exe
FirewallRules: [UDP Query User{9FA226DC-9B7F-42F5-A198-622B9E0920B1}C:\program files (x86)\tomahawk\tomahawk.exe] => (Allow) C:\program files (x86)\tomahawk\tomahawk.exe
FirewallRules: [TCP Query User{B4D9386F-A3F1-42AC-868D-F8A34C442122}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{AF6F1952-EA27-4997-9A50-B3091AC02439}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{572160F8-D9BF-481B-BEEC-963FB5944C42}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{112C5841-DFBE-4918-9AA3-4623753F9927}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{98FD4D3E-9F1B-45FD-8565-14DD1695F659}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{BA6C23F3-02E8-46AA-8EC5-08DB90E76ED8}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [{96DC8AE7-D131-43FC-AEC9-059A404431E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Eufloria\Eufloria.exe
FirewallRules: [{16B6223D-F4F2-4009-BDE5-97361F69786D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Eufloria\Eufloria.exe
FirewallRules: [TCP Query User{A12FF843-122D-41B7-88F8-847A24AFCDCF}C:\program files (x86)\steam\steam.exe] => (Block) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{CF1327EE-6988-48B6-A9BD-A2983AFDB1D1}C:\program files (x86)\steam\steam.exe] => (Block) C:\program files (x86)\steam\steam.exe
FirewallRules: [{9C5BF215-DB4F-4C37-86CD-F8B9B04B7BF7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B2542680-7704-4171-A418-EB3FB115F890}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6C9C33FD-F653-4368-8896-27F40C654BB6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{7FE9725A-2E2B-451A-AB71-F37922F31474}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{7F5AEC49-3D62-4C04-A994-A6008174868B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fractal\fractal.exe
FirewallRules: [{7D63FB58-4E02-4EEC-8E9B-27D9B082B6A7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fractal\fractal.exe
FirewallRules: [{A857C3B1-C26C-4B85-BF32-C74EE4A8ACDB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Path\PathViewer.exe
FirewallRules: [{024314D0-8C4A-4A03-B072-850C46F66F5C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Path\PathViewer.exe
FirewallRules: [{37D862E0-073E-446A-9211-0500A5C1FE84}] => (Allow) C:\Program Files (x86)\webcam 7\wLite.exe
FirewallRules: [{6F6CD146-0BEF-4ADF-BFA7-C49711C4B194}] => (Allow) C:\Program Files (x86)\webcam 7\wLite.exe
FirewallRules: [{4299BEC9-AB85-48EB-947D-205804FC55F7}] => (Allow) C:\Program Files (x86)\webcam 7\wService.exe
FirewallRules: [{796E5F06-0E0E-4D73-877E-6A867DCD6631}] => (Allow) C:\Program Files (x86)\webcam 7\wService.exe
FirewallRules: [{7A1A59D7-A5B6-41BB-8883-98DC6DD56A2B}] => (Allow) C:\Users\Dodo\AppData\Local\vghd\bin\Virtuagirl_Downloader.exe
FirewallRules: [{B5F18611-4BC3-4630-8D2B-7A04D32259CC}] => (Allow) C:\Users\Dodo\AppData\Local\vghd\bin\Virtuagirl_Downloader.exe
FirewallRules: [TCP Query User{2FE753AC-5569-4401-BA6C-E537AF5E4F77}G:\spiele\dragon age\bin_ship\daorigins.exe] => (Block) G:\spiele\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{89D60E64-0C6F-424A-A80D-ECC66138AB60}G:\spiele\dragon age\bin_ship\daorigins.exe] => (Block) G:\spiele\dragon age\bin_ship\daorigins.exe
FirewallRules: [{F133E6F8-0579-46BA-9A82-236FB2DAFECD}] => (Allow) C:\Users\Dodo\AppData\Local\vghd\bin\Virtuagirl_Downloader.exe
FirewallRules: [{C442AC3E-2B86-481A-BA7A-4F9402828439}] => (Allow) C:\Users\Dodo\AppData\Local\vghd\bin\Virtuagirl_Downloader.exe
FirewallRules: [{58D04961-E240-4CFB-A53A-7C6AB341B265}] => (Allow) H:\Spiele\Peggle Deluxe\Peggle.exe
FirewallRules: [{E4938D0A-8EDE-4C0D-84D7-1FDFD6F8D96C}] => (Allow) H:\Spiele\Peggle Deluxe\Peggle.exe
FirewallRules: [{BC3945F0-0C9C-4401-9258-0910CFD2E8EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{823DBA16-C311-4074-81FA-98900BFB5652}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{46981D27-5B9F-4A26-B472-C707AAC5F8EC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E536A8DD-7CBD-4DCF-87FD-BB95BB1403B9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E5033104-B807-465B-923E-8D18AF12FAD4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RAGE\Rage.exe
FirewallRules: [{5FA6B2C8-EDBC-415B-A3A6-543FEF3D5421}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RAGE\Rage.exe
FirewallRules: [{CFF478BF-2D97-4333-A1BA-32F3EBC2F753}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RAGE\Rage64.exe
FirewallRules: [{6179D8CC-8475-4192-AA35-663436648C84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RAGE\Rage64.exe
FirewallRules: [TCP Query User{971206DB-22ED-4C6C-9A3D-0EC5147535AB}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{38259DE5-A5C9-4992-8FA2-F9B2C1FC0C3A}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{8FADC12F-AB22-49D9-B2E1-F67B425E6876}] => (Allow) C:\Users\Dodo\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{AEAC4E7A-B3B2-4F84-8A5F-19586BD0AB97}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3C4544C2-C354-42A5-A680-C7EA69B58C02}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{3A1AA0E9-5AA1-47AA-8279-0983A2D04102}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{B2791C9F-114B-4374-9381-DC5C31020127}] => (Allow) C:\Users\Dodo\AppData\Local\Apps\2.0\MBJK7BLZ.BKV\DC17LPBR.VHM\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
FirewallRules: [{5E46F96F-9D0F-4F56-BB4C-9881843C2DA5}] => (Allow) C:\Users\Dodo\AppData\Local\Apps\2.0\MBJK7BLZ.BKV\DC17LPBR.VHM\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
FirewallRules: [{9E71FD1C-770C-41A1-A34F-049DBE0B9D74}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{17C19D37-574B-4DE6-A6E5-8AA71B71C741}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{55764CB9-03C6-4A52-B68F-DE8B1A99C221}] => (Allow) G:\Programme\Firefox\firefox.exe
FirewallRules: [{9C20345D-1F41-49DE-AC80-D99A8375ADF9}] => (Allow) G:\Programme\Firefox\firefox.exe
FirewallRules: [{1A2CEDEC-AE4A-427D-9DE8-EA07C916902E}] => (Allow) H:\Spiele\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{9F5F4334-B405-4500-BB3E-C9DAD97073D9}] => (Allow) H:\Spiele\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{B3BD9A7F-BCD1-45D2-A876-FF1DAD999DEB}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{2FF291CB-8C43-4249-BC61-D66698E8D7F6}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{A365A11A-1749-4877-AAAF-CB3685E30777}] => (Allow) LPort=26675
FirewallRules: [{85A3DF43-2958-4928-994F-F7464C0AE4BE}] => (Allow) G:\Programme\Firefox\firefox.exe
FirewallRules: [{69B8B30C-3B59-4F9E-8F45-708177EE2447}] => (Allow) G:\Programme\Firefox\firefox.exe
FirewallRules: [{ADC8690D-77A0-4FA6-8BAE-441341D79222}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8FFD3624-5BE2-47AC-975E-28CFB00A9441}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{C2A4D8C4-2024-4235-9660-24C702100459}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{8AA8022F-6DE5-4340-B2C5-54B281CC94DD}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{6C51C4E8-6B20-41D4-A834-EF8214896C68}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{78CA2536-2D3B-4EBC-9274-07F0C8D91A28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheEvilWithin\EvilWithin.exe

==================== Wiederherstellungspunkte =========================

24-08-2016 16:24:08 Windows Update
24-08-2016 18:00:36 Windows Update
02-10-2016 11:37:38 Installed Microsoft Server Speech Platform Runtime (x86)
02-10-2016 11:38:15 Installed Microsoft Server Speech Text to Speech Voice (de-DE, Hedda)
02-10-2016 11:38:43 Installed Microsoft Server Speech Text to Speech Voice (en-US, ZiraPro)

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/31/2016 03:31:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung versabus-5.exe, Version 1.99.9.9, Zeitstempel 0x5315892f, fehlerhaftes Modul versabus-5.exe, Version 1.99.9.9, Zeitstempel 0x5315892f, Ausnahmecode 0xc0000005, Fehleroffset 0x0000113e,
Prozess-ID 0x17a0, Anwendungsstartzeit 01d233838643d350.

Error: (10/17/2016 03:06:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\DODO\DESKTOP\TOR BROWSER\BROWSER\TORBROWSER\DATA\BROWSER\PROFILE.DEFAULT\PREFS-1.JS> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog

Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/28/2016 06:01:59 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\DODO\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\MNXO088K.DEFAULT\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog

Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (09/21/2016 02:13:29 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={EC095443-4F74-4960-82CA-C41D36085170}: Der Benutzer "ANONYMOUS\Dodo" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 815.

Error: (09/11/2016 12:34:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 48.0.2.6079, Zeitstempel 0x57bd3628, fehlerhaftes Modul mozglue.dll, Version 48.0.2.6079, Zeitstempel 0x57bd2857, Ausnahmecode 0x80000003, Fehleroffset 0x0000efe5,
Prozess-ID 0x738, Anwendungsstartzeit 01d20bbb9c60d9e1.

Error: (09/05/2016 05:51:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\AVAST Software\Avast\Setup\4815a8ed-a18f-4ec2-a6b8-9f54c0e558ee.dll".
Die abhängige Assemblierung "Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (08/29/2016 05:23:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Ini2TABDelim.exe, Version 0.0.0.1, Zeitstempel 0x4faefdca, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.19594, Zeitstempel 0x56ac2a1d, Ausnahmecode 0x0eedfade, Fehleroffset 0x0002012f,
Prozess-ID 0x1228, Anwendungsstartzeit 01d20211a6ad6459.

Error: (08/24/2016 08:09:22 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Windows.Presentation, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020

Error: (08/24/2016 07:52:36 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: PresentationFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020

Error: (08/24/2016 06:11:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "PNRPsvc" in der DLL "C:\Windows\system32\pnrpperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.


Systemfehler:
=============
Error: (11/05/2016 06:10:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
i8042prt

Error: (11/05/2016 06:10:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (11/05/2016 09:15:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
i8042prt

Error: (11/05/2016 09:15:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (11/04/2016 07:56:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
i8042prt

Error: (11/04/2016 07:56:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (11/03/2016 05:50:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
i8042prt

Error: (11/03/2016 05:50:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (11/03/2016 01:28:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
i8042prt

Error: (11/03/2016 01:28:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.


CodeIntegrity:
===================================
  Date: 2016-11-05 17:57:24.616
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-11-05 17:57:24.363
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-11-05 17:57:24.108
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-11-05 17:57:23.856
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-11-05 17:57:23.602
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-11-05 17:57:23.348
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-11-05 17:57:23.063
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-11-05 17:57:22.802
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-11-05 17:57:22.546
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-11-05 17:57:22.289
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Prozentuale Nutzung des RAM: 46%
Installierter physikalischer RAM: 6141.58 MB
Verfügbarer physikalischer RAM: 3255.39 MB
Summe virtueller Speicher: 12478.13 MB
Verfügbarer virtueller Speicher: 9467.48 MB

==================== Laufwerke ================================

Drive c: (Charles) (Fixed) (Total:519.45 GB) (Free:331.51 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive g: (Charleene) (Fixed) (Total:97.66 GB) (Free:9.91 GB) NTFS
Drive h: (Charly) (Fixed) (Total:314.41 GB) (Free:68.59 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 875289B3)
Partition 1: (Active) - (Size=519.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=314.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 05.11.2016, 17:36   #12
nameweg
 
PayPal Phishing Mail - ZIP-Anhang - Standard

PayPal Phishing Mail - ZIP-Anhang



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016
durchgeführt von Dodo (Administrator) auf ANONYMOUS (05-11-2016 18:26:59)
Gestartet von C:\Users\Dodo\Desktop
Geladene Profile: Dodo (Verfügbare Profile: Dodo & Administrator)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 9 (Standard-Browser: "G:\Programme\Firefox\firefox.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) G:\Programme\Firefox\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6963744 2009-01-20] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2016-01-29] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-27] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [MWS Reader 5] => C:\Program Files (x86)\MWS Reader 5\mwsr5.exe [13272064 2015-05-11] (directINNOVATION UG (haftungsbeschränkt))
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2438656 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\Run: [GAINWARD] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2181672 2009-05-12] (Gainward Co.)
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\MountPoints2: {15e1e7c6-0317-11e6-a629-00241d8b6ae7} - K:\AutoRun.exe
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\MountPoints2: {15e1e7cb-0317-11e6-a629-00241d8b6ae7} - K:\AutoRun.exe
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\MountPoints2: {2d7223c2-db87-11e4-878e-00241d8b6ae7} - K:\AutoRun.exe
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\MountPoints2: {dc4b95d1-5b65-11e3-8a94-00241d8b6ae7} - F:\auvisio.exe
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [3079168 2009-04-11] (Microsoft Corporation) <==== ACHTUNG
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\vghd\\VGHD.SCR
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-27] (AVAST Software)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2015-08-07]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{52529908-1B7A-4824-B72C-C96AEFA12052}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F77FACE0-805A-4608-B792-CCC2E5C32A90}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.qip.ru
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
HKU\S-1-5-21-2904693490-1559453303-1626246330-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM-x32 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
SearchScopes: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000 -> DefaultScope {0AF5279C-C66B-46F6-A95E-B81EB16A0686} URL = 
SearchScopes: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2009-11-08] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-27] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25] (CANON INC.)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2009-11-08] (Microsoft Corporation)
BHO-x32: Kein Name -> {6B5863A0-C43F-4C0A-982B-CC0E9125783F} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-31] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-27] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-31] (Oracle Corporation)
Toolbar: HKLM - Kein Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Keine Datei
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25] (CANON INC.)
Toolbar: HKU\S-1-5-21-2904693490-1559453303-1626246330-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  Keine Datei
DPF: HKLM-x32 {15BE8BEE-4105-4A79-B385-25068AA967DB} hxxp://dizun95pzobbc.cloudfront.net/VBIMDPlayer.CAB
DPF: HKLM-x32 {32E7B36C-7960-4A42-B83B-D8AFD0AAEF2B} hxxp://dizun95pzobbc.cloudfront.net/INDBrowser.CAB

FireFox:
========
FF ProfilePath: C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default [2016-11-05]
FF user.js: detected! => C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\user.js [2010-03-31]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\mnxo088k.default -> hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF Homepage: Mozilla\Firefox\Profiles\mnxo088k.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\mnxo088k.default -> hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> ftp", "94.23.205.32"
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> http", "94.23.205.32"
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> socks", "94.23.205.32"
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> ssl", "94.23.205.32"
FF NetworkProxy: Mozilla\Firefox\Profiles\mnxo088k.default -> ssl_port", 3128
FF Extension: (stealthy) - C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\Extensions\stealthyextension@gmail.com.xpi [2016-08-04]
FF Extension: (Flagfox) - C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(74) [2013-03-22] [ist nicht signiert]
FF Extension: (Free YouTube Download (Free Studio) Menu) - C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011-10-28] [ist nicht signiert]
FF Extension: (Video DownloadHelper) - C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-11]
FF Extension: (Adblock Plus) - C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-31]
FF SearchPlugin: C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\searchplugins\disconnectsearch.xml [2015-11-20]
FF SearchPlugin: C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\searchplugins\google-images.xml [2015-02-11]
FF SearchPlugin: C:\Users\Dodo\AppData\Roaming\Mozilla\Firefox\Profiles\mnxo088k.default\searchplugins\google-maps.xml [2015-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-04] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-27]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: (Citavi Picker) - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-02] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-26] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-09-07] (CANON INC.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll [Keine Datei]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-2904693490-1559453303-1626246330-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2904693490-1559453303-1626246330-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dodo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-27]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-27] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5554152 2015-11-27] (Avast Software)
S4 DAUpdaterSvc; G:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S4 GEST Service; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [68136 2009-02-06] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2016-01-29] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert]
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2016-01-29] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099720 2016-07-23] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2009-10-17] ()
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek) [Datei ist nicht signiert]
S4 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [Datei ist nicht signiert]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-27] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64712 2015-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-27] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [214008 2015-11-27] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65224 2015-11-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-27] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2011-06-07] ()
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-06-07] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 MicNgBas; C:\Windows\System32\DRIVERS\MicNgBas.sys [89896 2012-10-31] (Micronas GmbH)
R3 MicNgCap; C:\Windows\System32\DRIVERS\MicNgCap.sys [99624 2012-10-31] (Micronas GmbH)
R3 MicNgTun; C:\Windows\System32\DRIVERS\MicNgTun.sys [339240 2012-10-31] (Micronas GmbH)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-11-27] (AVAST Software)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31264 2009-11-16] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31264 2009-11-16] (RapidSolution Software AG)
S4 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [163644 2010-07-20] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Datei ist nicht signiert]
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [77952 2009-02-03] (Protection Technology (StarForce))
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [107384 2007-02-08] (Protection Technology (StarForce))
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2010-12-21] () [Datei ist nicht signiert]
S2 TBPanel; kein ImagePath
R3 USBSTOR; C:\Windows\SysWOW64\DRIVERS\USBSTOR.SYS [0 2012-08-28] () <==== ACHTUNG (Null Byte Datei/Ordner)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-11-27] (Avast Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-05 18:24 - 2016-11-05 18:24 - 00005724 _____ C:\Users\Dodo\Desktop\mbam.txt
2016-11-04 18:34 - 2016-11-04 18:37 - 00194958 _____ C:\TDSSKiller.3.1.0.11_04.11.2016_18.34.50_log.txt
2016-11-03 19:33 - 2016-11-03 19:35 - 00194958 _____ C:\TDSSKiller.3.1.0.11_03.11.2016_19.33.22_log.txt
2016-11-03 19:32 - 2016-11-03 19:33 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Dodo\Desktop\tdsskiller.exe
2016-11-01 19:09 - 2016-11-05 18:27 - 00023660 _____ C:\Users\Dodo\Desktop\FRST.txt
2016-11-01 19:09 - 2016-11-01 19:10 - 00079924 _____ C:\Users\Dodo\Desktop\Addition.txt
2016-11-01 19:08 - 2016-11-05 18:26 - 00000000 ____D C:\FRST
2016-11-01 19:07 - 2016-11-01 19:07 - 02408960 _____ (Farbar) C:\Users\Dodo\Desktop\FRST64.exe
2016-11-01 13:44 - 2016-11-02 10:32 - 00000000 ____D C:\Users\Dodo\AppData\Roaming\molecule-51
2016-11-01 13:39 - 2016-11-01 13:39 - 00000000 ____D C:\Users\Dodo\AppData\Roaming\current-7
2016-11-01 13:36 - 2016-11-02 10:32 - 00000000 ____D C:\ProgramData\sonet-26
2016-10-31 14:00 - 2016-11-01 13:34 - 00000000 ____D C:\ProgramData\photon-61
2016-10-27 18:14 - 2016-10-31 13:58 - 00000000 ____D C:\ProgramData\ry
2016-10-17 18:53 - 2016-10-17 18:53 - 00567776 _____ C:\Users\Dodo\Desktop\FLT_WCPVLL8818_0.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-05 18:23 - 2014-08-09 18:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-05 18:11 - 2010-08-25 21:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-05 18:10 - 2006-11-02 16:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-05 18:10 - 2006-11-02 16:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-05 18:10 - 2006-11-02 16:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-05 18:08 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\PLA
2016-11-05 18:07 - 2015-10-07 10:49 - 00000012 _____ C:\Windows\bthservsdp.dat
2016-11-05 18:07 - 2006-11-02 16:42 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-05 17:59 - 2010-08-25 21:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-05 17:49 - 2013-01-13 11:53 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-05 17:04 - 2014-02-19 16:59 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2904693490-1559453303-1626246330-1000UA.job
2016-11-05 17:04 - 2014-02-19 16:59 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2904693490-1559453303-1626246330-1000Core.job
2016-11-05 16:16 - 2008-01-21 12:10 - 01692202 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-05 16:16 - 2008-01-21 12:09 - 00719864 _____ C:\Windows\system32\perfh007.dat
2016-11-05 16:16 - 2008-01-21 12:09 - 00165892 _____ C:\Windows\system32\perfc007.dat
2016-11-05 16:16 - 2006-11-02 14:33 - 00000000 ____D C:\Windows\inf
2016-11-04 20:23 - 2011-09-13 08:56 - 00000000 ____D C:\Users\Dodo\AppData\Roaming\vlc
2016-11-04 07:58 - 2013-07-29 17:34 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-01 20:37 - 2013-10-31 21:14 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-31 19:56 - 2015-10-13 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-31 19:56 - 2013-10-01 16:12 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-31 19:55 - 2015-10-13 17:06 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-10-31 14:00 - 2014-08-09 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-10-31 14:00 - 2014-08-09 18:11 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-10-31 14:00 - 2012-12-12 22:32 - 00000908 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-10-27 18:14 - 2016-08-17 14:51 - 00000000 ____D C:\Users\Dodo\Desktop\BNE-Projekt-Computer
2016-10-26 18:50 - 2013-01-13 11:53 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-26 18:50 - 2012-04-03 11:35 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-26 18:50 - 2011-11-11 12:53 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-26 18:50 - 2011-05-19 19:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-26 18:50 - 2009-08-29 10:18 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-24 19:36 - 2011-09-28 13:14 - 00000000 ____D C:\Users\Dodo\AppData\Roaming\dvdcss
2016-10-22 17:06 - 2012-05-05 11:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-17 15:05 - 2015-08-19 19:34 - 00000000 ____D C:\Users\Dodo\Desktop\Tor Browser
2016-10-06 18:34 - 2010-06-10 19:04 - 00000000 ____D C:\Users\Dodo\dwhelper

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2011-01-19 12:30 - 2011-01-19 12:30 - 142700671 _____ () C:\Program Files\openofficeorg1.cab
2011-01-19 12:34 - 2011-01-19 12:34 - 3003392 _____ () C:\Program Files\openofficeorg33.msi
2011-01-19 12:33 - 2011-01-19 12:33 - 0475016 _____ () C:\Program Files\setup.exe
2011-01-19 11:15 - 2011-01-19 11:15 - 0000290 _____ () C:\Program Files\setup.ini
2014-06-30 10:45 - 2014-07-24 18:35 - 0002181 _____ () C:\Users\Dodo\AppData\Roaming\FoxitReaderUpdateInfo.txt
2015-03-31 19:43 - 2015-03-31 19:44 - 0019408 _____ () C:\Users\Dodo\AppData\Roaming\UserTile.png
2010-09-08 22:44 - 2015-02-11 19:38 - 0001356 _____ () C:\Users\Dodo\AppData\Local\d3d9caps.dat
2009-08-28 21:31 - 2012-06-04 17:18 - 0001460 _____ () C:\Users\Dodo\AppData\Local\d3d9caps64.dat
2009-08-30 01:25 - 2016-08-02 07:44 - 0204800 _____ () C:\Users\Dodo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-02-15 19:31 - 2010-02-15 19:31 - 0028150 _____ () C:\Users\Dodo\AppData\Local\dd_depcheckdotnetfx30.txt
2009-09-05 09:37 - 2015-07-03 18:19 - 0466942 _____ () C:\Users\Dodo\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2015-07-03 13:54 - 2015-07-03 13:54 - 0000002 _____ () C:\Users\Dodo\AppData\Local\dd_dotnetfx35error.txt
2009-09-05 09:36 - 2009-09-05 09:36 - 0000002 _____ () C:\Users\Dodo\AppData\Local\dd_dotnetfx35error_lp.txt
2015-07-03 13:54 - 2015-07-03 18:31 - 0739230 _____ () C:\Users\Dodo\AppData\Local\dd_dotnetfx35install.txt
2009-09-05 09:36 - 2015-07-03 14:04 - 0161434 _____ () C:\Users\Dodo\AppData\Local\dd_dotnetfx35install_lp.txt
2010-02-15 19:31 - 2010-02-15 19:31 - 0000718 _____ () C:\Users\Dodo\AppData\Local\dd_dotnetfx3error.txt
2010-02-15 19:31 - 2010-02-15 19:31 - 0032020 _____ () C:\Users\Dodo\AppData\Local\dd_dotnetfx3install.txt
2015-07-03 14:04 - 2015-07-03 14:04 - 0976830 _____ () C:\Users\Dodo\AppData\Local\dd_NET_Framework35_LangPack_MSI14EA.txt
2009-09-05 09:37 - 2009-09-05 09:37 - 0811580 _____ () C:\Users\Dodo\AppData\Local\dd_NET_Framework35_LangPack_MSI1B84.txt
2015-07-03 14:03 - 2015-07-03 14:04 - 2824480 _____ () C:\Users\Dodo\AppData\Local\dd_NET_Framework35_x64_MSI1436.txt
2015-07-03 18:31 - 2015-07-03 18:31 - 2824524 _____ () C:\Users\Dodo\AppData\Local\dd_NET_Framework35_x64_MSI60B5.txt
2012-02-15 17:17 - 2012-02-15 17:17 - 0436462 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI0841.txt
2011-12-04 13:21 - 2011-12-04 13:21 - 0361158 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI0BB0.txt
2015-07-03 13:53 - 2015-07-03 13:53 - 0368912 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI0C5E.txt
2011-04-08 23:11 - 2011-04-08 23:11 - 0374186 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI0F99.txt
2011-11-11 19:08 - 2011-11-11 19:08 - 0365012 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI1037.txt
2013-03-22 20:53 - 2013-03-22 20:53 - 0377928 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI110B.txt
2013-03-22 20:53 - 2013-03-22 20:53 - 0386394 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI1142.txt
2010-04-20 16:42 - 2010-04-20 16:43 - 0445814 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI291D.txt
2013-12-29 21:05 - 2013-12-29 21:05 - 0417886 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI2BB1.txt
2012-02-02 15:15 - 2012-02-02 15:15 - 0359074 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI3337.txt
2011-11-09 15:03 - 2011-11-09 15:03 - 0365304 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI386F.txt
2010-12-05 14:52 - 2010-12-05 14:52 - 0359244 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI3974.txt
2009-10-31 18:10 - 2009-10-31 18:11 - 0420394 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI3BD7.txt
2012-11-26 18:38 - 2012-11-26 18:38 - 0367402 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI4261.txt
2011-11-09 12:37 - 2011-11-09 12:37 - 0359238 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI48D1.txt
2011-11-11 12:06 - 2011-11-11 12:06 - 0365780 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI4D51.txt
2009-11-04 23:04 - 2009-11-04 23:04 - 0330262 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI54E1.txt
2013-03-25 22:52 - 2013-03-25 22:53 - 0375386 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI56C3.txt
2013-03-25 22:53 - 2013-03-25 22:53 - 0387932 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI56FB.txt
2013-07-29 17:34 - 2013-07-29 17:34 - 0389020 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI57A2.txt
2015-07-03 18:19 - 2015-07-03 18:19 - 0368912 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI57A3.txt
2011-09-08 15:26 - 2011-09-08 15:27 - 0381366 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI5E05.txt
2011-09-08 15:27 - 2011-09-08 15:27 - 0365718 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI5E92.txt
2011-09-10 14:53 - 2011-09-10 14:54 - 0464442 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI616D.txt
2009-12-06 13:34 - 2009-12-06 13:34 - 0335136 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI652B.txt
2011-04-29 22:46 - 2011-04-29 22:47 - 0463016 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI6572.txt
2013-10-27 18:03 - 2013-10-27 18:03 - 0375088 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI65F1.txt
2013-10-27 18:03 - 2013-10-27 18:03 - 0386866 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI6607.txt
2011-06-16 19:17 - 2011-06-16 19:18 - 0474996 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistMSI6B7F.txt
2012-02-15 17:17 - 2012-02-15 17:17 - 0011360 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI0841.txt
2011-12-04 13:21 - 2011-12-04 13:21 - 0011218 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI0BB0.txt
2015-07-03 13:53 - 2015-07-03 13:53 - 0011234 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI0C5E.txt
2011-04-08 23:11 - 2011-04-08 23:11 - 0013674 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI0F99.txt
2011-11-11 19:08 - 2011-11-11 19:08 - 0011370 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI1037.txt
2013-03-22 20:53 - 2013-03-22 20:53 - 0086532 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI110B.txt
2013-03-22 20:53 - 2013-03-22 20:53 - 0086436 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI1142.txt
2010-04-20 16:42 - 2010-04-20 16:43 - 0011642 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI291D.txt
2013-12-29 21:05 - 2013-12-29 21:05 - 0011152 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI2BB1.txt
2012-02-02 15:15 - 2012-02-02 15:15 - 0011474 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI3337.txt
2011-11-09 15:03 - 2011-11-09 15:03 - 0017426 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI386F.txt
2010-12-05 14:52 - 2010-12-05 14:52 - 0011138 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI3974.txt
2009-10-31 18:10 - 2009-10-31 18:11 - 0011442 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI3BD7.txt
2012-11-26 18:38 - 2012-11-26 18:38 - 0011202 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI4261.txt
2011-11-09 12:37 - 2011-11-09 12:37 - 0011138 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI48D1.txt
2011-11-11 12:06 - 2011-11-11 12:06 - 0011402 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI4D51.txt
2009-11-04 23:04 - 2009-11-04 23:04 - 0011218 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI54E1.txt
2013-03-25 22:52 - 2013-03-25 22:53 - 0012336 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI56C3.txt
2013-03-25 22:53 - 2013-03-25 22:53 - 0012416 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI56FB.txt
2013-07-29 17:34 - 2013-07-29 17:34 - 0015074 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI57A2.txt
2015-07-03 18:19 - 2015-07-03 18:19 - 0011234 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI57A3.txt
2011-09-08 15:26 - 2011-09-08 15:27 - 0011616 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI5E05.txt
2011-09-08 15:27 - 2011-09-08 15:27 - 0011424 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI5E92.txt
2011-09-10 14:53 - 2011-09-10 14:54 - 0019922 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI616D.txt
2009-12-06 13:34 - 2009-12-06 13:34 - 0433234 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI652B.txt
2011-04-29 22:46 - 2011-04-29 22:47 - 0014818 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI6572.txt
2013-10-27 18:03 - 2013-10-27 18:03 - 0011360 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI65F1.txt
2013-10-27 18:03 - 2013-10-27 18:03 - 0011408 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI6607.txt
2011-06-16 19:17 - 2011-06-16 19:18 - 0216228 _____ () C:\Users\Dodo\AppData\Local\dd_vcredistUI6B7F.txt
2009-10-19 17:11 - 2009-10-19 17:11 - 0000092 _____ () C:\Users\Dodo\AppData\Local\fusioncache.dat
2015-12-14 18:14 - 2015-12-14 18:14 - 0012282 _____ () C:\Users\Dodo\AppData\Local\recently-used.xbel
2009-09-05 09:36 - 2015-07-03 18:31 - 0009286 _____ () C:\Users\Dodo\AppData\Local\uxeventlog.txt
2009-08-30 12:56 - 2010-05-13 10:46 - 0000126 ___SH () C:\ProgramData\.zreglib

Einige Dateien in TEMP:
====================
C:\Users\Dodo\AppData\Local\Temp\AskSLib.dll
C:\Users\Dodo\AppData\Local\Temp\cct.dll
C:\Users\Dodo\AppData\Local\Temp\Checkupdate.exe
C:\Users\Dodo\AppData\Local\Temp\DivXSetup.exe
C:\Users\Dodo\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Dodo\AppData\Local\Temp\drm_dyndata_7340007.dll
C:\Users\Dodo\AppData\Local\Temp\drm_dyndata_7380006.dll
C:\Users\Dodo\AppData\Local\Temp\drm_dyndata_7400004.dll
C:\Users\Dodo\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Dodo\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Dodo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdxp5jk.dll
C:\Users\Dodo\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Dodo\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Dodo\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Dodo\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Dodo\AppData\Local\Temp\installerdll19094257.dll
C:\Users\Dodo\AppData\Local\Temp\installerdll19105177.dll
C:\Users\Dodo\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.2-R0.3-56-g3779cff-b3072jnks.dll
C:\Users\Dodo\AppData\Local\Temp\JavaIC.dll
C:\Users\Dodo\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Dodo\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Dodo\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Dodo\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Dodo\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Dodo\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Dodo\AppData\Local\Temp\msscct32.dll
C:\Users\Dodo\AppData\Local\Temp\NEventMessages.dll
C:\Users\Dodo\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Dodo\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Dodo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Dodo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Dodo\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Dodo\AppData\Local\Temp\nvStInst.exe
C:\Users\Dodo\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Dodo\AppData\Local\Temp\rootsupd.exe
C:\Users\Dodo\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Dodo\AppData\Local\Temp\Setup.exe
C:\Users\Dodo\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Dodo\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Dodo\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Dodo\AppData\Local\Temp\vlc-2.2.4-win32.exe
C:\Users\Dodo\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Dodo\AppData\Local\Temp\YSearchUtil.dll
C:\Users\Dodo\AppData\Local\Temp\_is5031.exe
C:\Users\Dodo\AppData\Local\Temp\_is6D.exe
C:\Users\Dodo\AppData\Local\Temp\_isA5A1.exe
C:\Users\Dodo\AppData\Local\Temp\_isAE38.exe
C:\Users\Dodo\AppData\Local\Temp\_isC279.exe
C:\Users\Dodo\AppData\Local\Temp\{45133924-D489-4140-962D-7C19ED9581DA}-GoogleEarth-Win-Plugin-7.1.1.1888.exe
C:\Users\Dodo\AppData\Local\Temp\{74BDD73E-0CBC-4D0E-B129-9DC543A17B6B}-GoogleEarth-Win-Plugin-7.1.2.2041.exe


Einige mit null Byte Größe Dateien/Ordner:
==========================
C:\Windows\SysWOW64\Drivers\ntmap.sys
C:\Windows\SysWOW64\Drivers\UMP3.sys
C:\Windows\SysWOW64\Drivers\usbstor.sys

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-11-05 18:17

==================== Ende von FRST.txt ============================
         
Ich hoffe, das ist richtig so.

Vielen Dank!

Wiebke

Alt 05.11.2016, 17:39   #13
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
PayPal Phishing Mail - ZIP-Anhang - Standard

PayPal Phishing Mail - ZIP-Anhang



Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
CloseProcesses:
2016-11-01 13:44 - 2016-11-02 10:32 - 00000000 ____D C:\Users\Dodo\AppData\Roaming\molecule-51
2016-11-01 13:39 - 2016-11-01 13:39 - 00000000 ____D C:\Users\Dodo\AppData\Roaming\current-7
2016-11-01 13:36 - 2016-11-02 10:32 - 00000000 ____D C:\ProgramData\sonet-26
2016-10-31 14:00 - 2016-11-01 13:34 - 00000000 ____D C:\ProgramData\photon-61
2016-10-27 18:14 - 2016-10-31 13:58 - 00000000 ____D C:\ProgramData\ry
EmptyTemp:
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Entfernen-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 05.11.2016, 20:25   #14
nameweg
 
PayPal Phishing Mail - ZIP-Anhang - Standard

PayPal Phishing Mail - ZIP-Anhang



Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 30-10-2016
durchgeführt von Dodo (05-11-2016 21:14:53) Run:1
Gestartet von C:\Users\Dodo\Desktop
Geladene Profile: Dodo (Verfügbare Profile: Dodo & Administrator)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
CloseProcesses:
2016-11-01 13:44 - 2016-11-02 10:32 - 00000000 ____D C:\Users\Dodo\AppData\Roaming\molecule-51
2016-11-01 13:39 - 2016-11-01 13:39 - 00000000 ____D C:\Users\Dodo\AppData\Roaming\current-7
2016-11-01 13:36 - 2016-11-02 10:32 - 00000000 ____D C:\ProgramData\sonet-26
2016-10-31 14:00 - 2016-11-01 13:34 - 00000000 ____D C:\ProgramData\photon-61
2016-10-27 18:14 - 2016-10-31 13:58 - 00000000 ____D C:\ProgramData\ry
EmptyTemp:
*****************

Prozess erfolgreich geschlossen.
C:\Users\Dodo\AppData\Roaming\molecule-51 => erfolgreich verschoben
C:\Users\Dodo\AppData\Roaming\current-7 => erfolgreich verschoben
C:\ProgramData\sonet-26 => erfolgreich verschoben
C:\ProgramData\photon-61 => erfolgreich verschoben
C:\ProgramData\ry => erfolgreich verschoben

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20785277 B
Java, Flash, Steam htmlcache => 24722772 B
Windows/system/drivers => 874063468 B
Edge => 0 B
Chrome => 0 B
Firefox => 464334819 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 2986353 B
LocalService => 66228 B
LocalService => 0 B
NetworkService => 370780 B
NetworkService => 0 B
Dodo => 4125404206 B
UpdatusUser => 0 B
Administrator => 1288006 B

RecycleBin => 0 B
EmptyTemp: => 5.1 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 21:17:34 ====
         
Bitte schön.

Und danke sehr!

Viele Grüße
Wiebke

Alt 06.11.2016, 10:49   #15
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
PayPal Phishing Mail - ZIP-Anhang - Standard

PayPal Phishing Mail - ZIP-Anhang



Bitte ein frisches Log bevor wie den letzten Kontrollscan beginnen:

Schritt 1



Bitte starte FRST erneut, und drücke auf Untersuchen.
Bitte poste mir den Inhalt des Logs.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu PayPal Phishing Mail - ZIP-Anhang
anhang, avast, bedrohungen, brauche, dateien, durchführen, gefunde, gen, gescannt, gestartet, gesuch, gesucht, hilfe, mail, mehrere, neu, paypal, paypal phishing, phishing, phishing mail, phishing paypal mail, schonmal, stunde, verstecken, vorgang, zip-anhang



Ähnliche Themen: PayPal Phishing Mail - ZIP-Anhang


  1. Ist Mail von Paypal Phishing?
    Überwachung, Datenschutz und Spam - 07.09.2015 (5)
  2. Paypal-Phishing Mail: Anhang mit iphone 5 geoeffnet
    Smartphone, Tablet & Handy Security - 10.08.2015 (2)
  3. Paypal-Phishing Mail: Anhang mit iphone 5 geoeffnet
    Plagegeister aller Art und deren Bekämpfung - 10.08.2015 (5)
  4. PayPal phishing Mail. Link gefolgt.
    Plagegeister aller Art und deren Bekämpfung - 11.07.2015 (22)
  5. Phishing-Mail-Link angeklickt (Paypal-Phishing-Mail)
    Plagegeister aller Art und deren Bekämpfung - 29.11.2014 (9)
  6. auf phishing mail von paypal geantwortet und daten freigegeben:-(
    Plagegeister aller Art und deren Bekämpfung - 26.09.2014 (19)
  7. Windows 7, PayPal Phishing Mail.
    Log-Analyse und Auswertung - 26.07.2014 (21)
  8. Phishing E-Mail von PayPal mit dem Betreff: "Das Problem: Ihr Paypal Sperrung"
    Diskussionsforum - 21.07.2014 (0)
  9. Pdf-Datei aus PayPal-Phishing Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 10.05.2014 (13)
  10. Paypal Phishing Mail
    Alles rund um Mac OSX & Linux - 19.04.2014 (2)
  11. Phishing-Mail (Paypal) - Anhang geöffnet !
    Plagegeister aller Art und deren Bekämpfung - 18.03.2014 (5)
  12. PayPal Phishing Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 11.01.2014 (11)
  13. Meine erste Paypal Phishing Mail
    Diskussionsforum - 15.08.2013 (5)
  14. Auf Paypal Phishing-Mail reingefallen - weiteres Vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (23)
  15. PayPal Phishing-Mail
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (9)
  16. Sehr gut gemachte Paypal Phishing Mail
    Diskussionsforum - 19.12.2012 (11)
  17. Paypal Phishing Mail Geöffnet + PASSWORD eingegeben
    Überwachung, Datenschutz und Spam - 17.01.2011 (1)

Zum Thema PayPal Phishing Mail - ZIP-Anhang - Hallo, ich habe eine PayPal Mail bekommen und dummerweise den Anhang geöffnet. Eine ZIP-Datei. Danach stellte Avast mehrere Bedrohunhen fest und wollte, dass ich neu starte. Danach hat Avast stundenlang - PayPal Phishing Mail - ZIP-Anhang...
Archiv
Du betrachtest: PayPal Phishing Mail - ZIP-Anhang auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.