Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.12.2016, 23:42   #1
Lumis
 
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden - Standard

PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden



Hallo zusammen,
das ich Trojaner habe, habe ich erst am Samstag gemerkt, als ich plötzlich Bestätigungsmails über Käufe mittels Paypal erhielt, die nicht von mir waren. Es wurde Guthaben für eine Spieleplattform erworben. Paypal teilte mir später mit, dass die Käufe mit meiner IP (!) getätigt wurden.

Mein PC wird von McAffee Livesafe und gültigem Abo "gesichert", wurde auch davon gescannt, aber nichts gefunden. Ich installierte Microsoft Security Essentials, welches im Schnelltest die Trojaner Multiinjector.A!rfn und Neurevt fand. Ich ließ diese vom Programm löschen (ich finde leider kein Log-File) und machte einen Screenshot. Später sah ich, dass bei Neurevt "nicht gefunden" stand. Er hat wahrscheinlich seine Position verändert.

Nachdem mein PC heute kaum zum Laufen zu bringen war (und im Online-Monitor der Fritz Box 7490 unerklärliche Datenmengen sendete und empfing) habe ich mich intensiver mit dem Thema befasst und erkannt, dass ich wohl früher Profis hätte zur Rate ziehen sollen.

Er funktioniert jetzt soweit, ich schreibe auch von diesem Rechner und im Moment sendet er auch keine unerklärlichen Daten. Das heißt nichts, ich weiss.

Sorry, dass ich die Logs aus FRS anhängen musste, ich habe es hier mit # im Editor versucht, aber in der Vorschau wurde das nicht getrennt voneinander angezeigt.

Ich danke Euch schon einmal recht herzlich für Eure Hilfe!

Grüße,

Lumis

Edit: ich habe auch Addition.txt hochgeladen, es erscheint aber nicht. Habe ich etwas falsch gemacht?
Angehängte Dateien
Dateityp: txt FRST.txt (69,0 KB, 85x aufgerufen)

Alt 07.12.2016, 15:42   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden - Standard

PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 07.12.2016, 17:26   #3
Lumis
 
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden - Standard

PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 05-12-2016
durchgeführt von Lutz (06-12-2016 22:36:44)
Gestartet von C:\Users\Lutz\Desktop\Fliegen
Windows 7 Home Premium Service Pack 1 (X64) (2010-12-02 18:09:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3438443834-875338260-1882614465-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3438443834-875338260-1882614465-1004 - Limited - Enabled)
Gast (S-1-5-21-3438443834-875338260-1882614465-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3438443834-875338260-1882614465-1002 - Limited - Enabled)
Lutz (S-1-5-21-3438443834-875338260-1882614465-1000 - Administrator - Enabled) => C:\Users\Lutz

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_BasicWeb (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
6500_E709_Help_BasicWeb (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
A2A Wings of POWER 3 Spitfire (HKLM-x32\...\A2A Wings of POWER 3 Spitfire) (Version:  - )
Accu-Sim for the WoP3 Spitfire (HKLM-x32\...\Accu-Sim for the WoP3 Spitfire) (Version:  - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player Packages (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Adobe Flash Player Packages) (Version:  - ) <==== ACHTUNG
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11.72.0.337 - Innovative Solutions)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
Aerosoft's - Airbus X (HKLM-x32\...\{2336573C-3213-48AA-A306-8309BA9BD92C}) (Version: 1.21 - Aerosoft)
aerosoft's - Approaching Innsbruck X (HKLM-x32\...\{70864384-DD19-44CB-A999-A917F32F623D}) (Version: 1.10 - aerosoft)
aerosoft's - Balearic Islands X for FSX (HKLM-x32\...\{04B73EB2-7538-4CC4-BBD6-5463E508B69B}) (Version: 1.01 - aerosoft)
Aerosoft's - Corfu X (HKLM-x32\...\{8A073262-FB25-4224-AE36-C2725A616E05}) (Version: 1.10 - Aerosoft)
Aerosoft's - DHC-6 Twin Otter X (HKLM-x32\...\{3A8DED06-80E7-4555-AA1F-FF4A2A4D353C}) (Version: 1.11 - Aerosoft)
aerosoft's - FlightSim Commander 9 (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: 9.6.0.4 - aerosoft)
Aerosoft's - German Airfields 1 (HKLM-x32\...\{61C63F60-152B-4D28-B357-6DB81837FA9B}) (Version: 1.00 - Aerosoft)
Aerosoft's - German Airfields 2 (HKLM-x32\...\{1C5510F5-5452-4411-A54C-3DA055D8A793}) (Version: 1.00 - Aerosoft)
Aerosoft's - German Airfields 3 (HKLM-x32\...\{417FC1D9-A946-4638-B02C-FD9AE0E96E95}) (Version: 1.10 - Aerosoft)
aerosoft's - German Airports 2 X - FSX (HKLM-x32\...\{01C3630A-7FD2-46DF-B514-A4B829B0021A}) (Version: 1.00 - aerosoft)
aerosoft's - German Airports 3 - Bremen X (HKLM-x32\...\{C1F98ADD-81BF-45E1-A36B-515CA20B61AF}) (Version: 1.04 - aerosoft)
aerosoft's - German Airports 3 - Hamburg X (HKLM-x32\...\{EA6E7823-9E5B-4EDD-9750-C3C87FDF0460}) (Version: 1.03 - aerosoft)
Aerosoft's - HelgolandX (HKLM-x32\...\{61957FA7-34C1-4F46-871C-A0FD49848832}) (Version: 1.00 - Aerosoft)
Aerosoft's - Luxembourg Airports (HKLM-x32\...\{F293A032-EB67-4ADC-8646-F1AA7F9E0143}) (Version: 3.01 - Aerosoft)
Aerosoft's - Mallorca X Evolution - FSX (HKLM-x32\...\Mallorca X Evolution - FSX) (Version: 1.01 - Aerosoft)
aerosoft's - Mega Airport Amsterdam FSX (HKLM-x32\...\{0A297C87-BF52-43FD-AD75-EE72228E4457}) (Version: 1.04 - aerosoft)
aerosoft's - Mega Airport Barcelona X (HKLM-x32\...\{A8736347-B854-400E-A060-19321AD85B98}) (Version: 1.01 - aerosoft)
aerosoft's - Mega Airport Frankfurt X (HKLM-x32\...\{BAEE0C24-C8C2-4820-9DF4-887909F1A286}) (Version: 1.01 - aerosoft)
aerosoft's - Mega Airport London Heathrow X (HKLM-x32\...\{2F4AF40B-433A-494E-BB41-816D113F32BA}) (Version: 1.10 - aerosoft)
aerosoft's - Mega Airport Stockholm Arlanda X (HKLM-x32\...\{3B6F6E35-900C-4FE3-B2F6-067443353CD1}) (Version: 1.00 - aerosoft)
Aerosoft's - MyTraffic 2013 (HKLM-x32\...\{37F50C53-EDED-4FFE-9877-532A335C5C18}) (Version: 1.00 - Aerosoft)
aerosoft's - Nice Cote dAzur X (HKLM-x32\...\{90447E05-DE8E-470D-8D3E-C871D2AE74AF}) (Version: 1.03 - aerosoft)
aerosoft's - OMSI 2 - Drei Generationen (HKLM-x32\...\{C88376AA-BF64-40F4-9AD6-F8A18DA394F2}) (Version: 1.00 - aerosoft)
aerosoft's - OMSI 2 - Hamburg (HKLM-x32\...\{5BF6B590-F7F5-46B5-B5F4-B0CA93423AD6}) (Version: 2.01 - aerosoft)
aerosoft's - Venice X (HKLM-x32\...\{74F493A2-1264-4BF2-A135-0184C68BD580}) (Version: 1.00 - aerosoft)
Aerosoft's - VFR Germany 2 (HKLM-x32\...\{3BB7B4D3-C534-4700-AA1B-B01A8EA5F27C}) (Version: 1.00 - Aerosoft)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Amazon Amazon Music) (Version: 4.0.0.1205 - Amazon Services LLC)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 173 - Abelssoft)
Any Video Converter 3.1.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Appigo Sync (HKLM-x32\...\{89A060BA-6CF3-4BDB-A94C-91C9BEF21C6A}) (Version: 1.2.0.0 - Appigo, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ArcSoft MediaImpression (HKLM-x32\...\{2C39F7CF-E022-4C0D-B1BA-AF6DDD931054}) (Version: 1.2.28.567 - ArcSoft)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version:  - Kunos Simulazioni)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.63.2.50050 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.63.4 - AVG Technologies) Hidden
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{4CE925AF-6519-4FEB-BEBD-DE2BFE2944EB}) (Version: 2.0.0.36 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
C64Classix (HKLM-x32\...\C64Classix) (Version:  - )
C90B King Air HD SERIES FSX (HKLM-x32\...\C90B King Air HD SERIES FSX) (Version: 1.00.00.00 - Carenado)
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty(R) - World at War(TM) (x32 Version: 1.0 - Activision) Hidden
Carenado C208B Grand Caravan (HKLM-x32\...\Carenado C208B Grand Caravan) (Version: 1.00.00.00 - Carenado)
Carenado C208B Super Cargomaster Expansion Pack HD (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Carenado C208B Super Cargomaster Expansion Pack HD) (Version:  - )
Carenado C340 II FSX (HKLM-x32\...\Carenado C340 II FSX) (Version: 1.00.00.00 - Carenado)
Carenado CT210M Centurion II FSX (HKLM-x32\...\Carenado CT210M Centurion II FSX) (Version: 1.00.00.00 - Carenado)
Carenado SR22T HD SERIES FSX/P3D (HKLM-x32\...\Carenado SR22T HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)
Carenado TBM850 HD SERIES FSX/P3D (HKLM-x32\...\Carenado TBM850 HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
Chromium (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Chromium) (Version: 44.0.2386.0 - Chromium)
Conexant Polaris Unused CIR Function (HKLM\...\VID_1D19&PID_6109&MI_00) (Version: 1.0.0.0 - Conexant Systems)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Curse Client (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version:  - CyberGhost S.R.L.)
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.4930 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.4930 - Ihr Firmenname) Hidden
Dataplex (HKLM\...\{6AD0B283-6BDB-47C0-9728-C1BA7A83CB8A}) (Version: 1.3.0.0 - NVELO, Inc.)
Desktopicon amazon.de (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DodoSim Bell 206 FSX (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\DodoSim Bell 206 FSX) (Version:  - )
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version:  - )
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DORNIER 228 FSX/P3D (HKLM-x32\...\DORNIER 228 FSX/P3D) (Version: 1.0 - Carenado)
DRAGON 1.7 (HKLM-x32\...\DRAGON) (Version: 1.7 - PREPAID-USENET LIMITED)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
Dropbox (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
EDEKA Foto (HKLM-x32\...\EDEKA Foto) (Version: 6.1.5 - CEWE Stiftung u Co. KGaA)
EKCH Copenhagen Airport, Kastrup X (HKLM-x32\...\{9D5BFBF1-EB38-4AE1-A833-4F564B999CE3}) (Version: 2.0 - Scansim)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
Elite Dangerous Launcher version 0.4.5499.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.5499.0 - Frontier Developments)
Empire: Total War (HKLM\...\Steam App 10500) (Version:  - The Creative Assembly)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
European Ship Simulator (HKLM-x32\...\Steam App 299250) (Version:  - Excalibur)
EVE Online (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\{e9a55721-260b-4e0e-99ed-977140edf3ef}) (Version: 1.0.0 - CCP)
Fahrzeit Vol.1 'Metronom Frühschicht' 1.0 (HKLM-x32\...\ABFE3B59-DCAA-4EF5-82D5-5A07FE08E789_is1) (Version: 1.0 - 3DZUG)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Flight1 ATR 72-500 for FSX (Includes SP1) (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Flight1 ATR 72-500 for FSX (Includes SP1)) (Version:  - )
Flight1 Citation Mustang (HKLM-x32\...\f1mustang_FSX) (Version: 1.01 - Flight One Software)
Flight1 Downloader (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Flight1 Downloader) (Version:  - )
FMW 1 (Version: 1.143.1 - AVG Technologies) Hidden
Fokker 70-100 FSX (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Fokker 70-100 FSX) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.9.37.426 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Fresco Logic USB3.0 Host Controller (HKLM\...\{6E9E1B70-59C4-403E-ABFB-C08012BC7F8A}) (Version: 3.0.89.14 - Fresco Logic Inc.)
FSXFollow 1.1 (HKLM-x32\...\FSXFollow) (Version: 1.1 - PositionGames)
Fw190A (HKLM-x32\...\Fw190A) (Version:  - )
Glary Utilities 5.6 (HKLM-x32\...\Glary Utilities 5) (Version: 5.6.0.13 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoogleClean (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C08EF142}_is1) (Version: 5.0.000 - Abelssoft)
Grob SPn ---  rel. 3.00 (HKLM-x32\...\Grob SPn ---  rel. 3.00) (Version:  - )
Grob SPn --- UPDATE to rel. 3.1.1 (HKLM-x32\...\Grob SPn --- UPDATE to rel. 3.1.1) (Version:  - )
Guardian Of Data v2.2 (HKLM-x32\...\Guardian Of Data_is1) (Version:  - ASCOMP Software GmbH)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Officejet 6500 E709 Series (HKLM\...\{4C8C6D37-CA3C-4EF6-A1E5-0D188E7B6021}) (Version: 14.0 - HP)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iFunbox (v1.95.901.639), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v1.95.901.639 - )
Inkscape 0.48.1  (HKLM-x32\...\Inkscape) (Version: 0.48.1 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Interaktive Sprachreise - Español Sprachkurs 1 (HKLM-x32\...\ISRS1_15_676867) (Version:  - digital publishing AG)
Iomega QuikProtect (HKLM\...\Iomega QuikProtect) (Version: 1.3.4.19745 - EMC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
JFritz 0.7.5 Rev. 1 (HKLM-x32\...\{AF5B3ED5-70D3-48CF-A00F-FC29F5261A37}_is1) (Version:  - JFritz Team)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.63.1 - JMicron Technology Corp.)
Just Flight - Phenom 100 for FSX (HKLM-x32\...\{C6A0A43F-EBBA-4A32-BFE2-01BA3CFCD26C}) (Version: 1.00.0000 - Just Flight)
JustFlight DC-3 Legends of Flight (HKLM-x32\...\JustFlight DC-3 Legends of Flight) (Version:  - )
Kernel Outlook PST Viewer ver 10.09.01 (HKLM-x32\...\Kernel Outlook PST Viewer_is1) (Version:  - Nucleus Data Recovery .com)
Lanikai (64-bit) (3.1.1) (HKLM-x32\...\Lanikai (64-bit) (3.1.1)) (Version: 3.1.1 (en-US) - Mozilla)
LenovoEMC Storage Manager (HKLM\...\LenovoEMC Storage Manager) (Version: 1.4.3.9580 - EMC)
LFKJ Ajaccio Napoleon Bonaparte (HKLM-x32\...\LFKJ_AJACCIO_NAPOLEON_BONAPARTE_is1) (Version: 1.0.0.0 - SimMarket)
Live 8.2.6 (HKLM-x32\...\Live 8.2.6) (Version:  - )
Live Lite 4 for M-Audio 4.0.4 (HKLM-x32\...\Live Lite 4 for M-Audio 4.0.4) (Version:  - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.79 (HKLM\...\Logitech Gaming Software) (Version: 8.79.77 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
MAGIX 3D Maker (embedded MSI) (HKLM-x32\...\{2D266DB5-0C7E-45D3-939E-79DD342EC081}) (Version: 6.0.0.10 - MAGIX AG)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf CD & DVD 9 (HKLM-x32\...\MAGIX_MSI_Fotos_auf_CD_DVD_9) (Version: 9.0.4.4 - MAGIX AG)
MAGIX Fotos auf CD & DVD 9 (x32 Version: 9.0.4.4 - MAGIX AG) Hidden
MAGIX Online Druck Service (HKLM-x32\...\{9BA2456A-EBDD-4B22-B379-80785D465517}) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX_{341D13B7-3C84-4D68-90B7-1F4B6C2BCB21}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed 2 (MSI) (HKLM-x32\...\{9BB8F86C-A246-4D3E-9EF5-1117CE67C6F4}) (Version: 6.0.1.4 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{DA6B1FF0-27E8-4272-8D06-37C53FCFD507}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe MX Plus Sonderedition (HKLM-x32\...\MAGIX_{E41712A1-DEEB-4D10-BCF1-046BA0611F94}) (Version: 11.0.5.0 - MAGIX AG)
MAGIX Video deluxe MX Plus Sonderedition (x32 Version: 11.0.5.0 - MAGIX AG) Hidden
MAGIX Web Designer 6 (HKLM-x32\...\MAGIX_MSI_Web_Designer_6) (Version: 6.0.1.14443 - MAGIX AG)
MAGIX Web Designer 6 (x32 Version: 6.0.1.14443 - MAGIX AG) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.9042 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.164 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation)
Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MilViz - Northrop T-38 Talon (HKLM-x32\...\MilViz - Northrop T-38 Talon1.1 Full) (Version: 1.1 Full - The SW)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.00.705 - Huawei Technologies Co.,Ltd)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
My Net View (HKLM-x32\...\{7F9C9908-69E3-4474-A081-256F27995A18}) (Version: 1.0.12.0 - Western Digital)
MyKeyFinder (HKLM-x32\...\MyKeyFinder_is1) (Version: 2014 - Abelssoft)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
NeoSetup Updater (HKLM-x32\...\RPD_is1) (Version: 3.9.0.0 - Innovative Solutions)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Nokia Connectivity Cable Driver (HKLM-x32\...\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia Ovi Suite (HKLM-x32\...\Nokia Ovi Suite) (Version: 3.1.1.78 - Nokia)
Nokia Ovi Suite (x32 Version: 3.1.1.78 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM-x32\...\{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}) (Version: 02.07.004.45780 - Nokia Corporation)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.90 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OMSI 2 (HKLM-x32\...\Steam App 252530) (Version:  - MR-Software GbR)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
Orbiter 2010-P1 (HKLM-x32\...\{4D27CE85-F519-42C1-B4AB-C0BD976FB0BA}) (Version: 1.1.0.0 - Martin Schweiger)
Ovi Desktop Sync Engine (x32 Version: 1.5.266.0 - Nokia) Hidden
OviMPlatform (x32 Version: 2.7.72.0 - Nokia) Hidden
PA-28-181 ARCHER II FSX (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\PA-28-181 ARCHER II FSX) (Version:  - )
PA28RT ARROW IV FSX (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\PA28RT ARROW IV FSX) (Version:  - )
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
Phoenix R/C® (HKLM-x32\...\PhoenixRC) (Version: 5.0.v - Runtime Games Ltd)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
Pinnacle Instant DVD Recorder (HKLM-x32\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.6.0.118 - Pinnacle Systems)
Pinnacle Studio 12 (HKLM-x32\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.1.3.6605 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.029 - Pinnacle Systems)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
PMB-Aktualisierungsprogramm (HKLM-x32\...\{A0BB1E68-1DD0-4acd-AD82-EDA0E49F0615}) (Version: 5.6.01.03300 - Sony Corporation)
PMDG 737 6700 NGX RTM (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.00.3219 - PMDG Simulations, LLC.)
PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.)
PMDG 747-400/400F for FSX (HKLM-x32\...\{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}) (Version: 2.10.0040 - Precision Manuals Development Group)
PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.10.6155 - PMDG Simulations, LLC.)
PMDG744X_GE_AF (HKLM-x32\...\{70D78DCD-8369-4857-BFEF-021C9899DA75}) (Version: 1.10.0000 - Precision Manuals Development Group)
PMDG744X_GE_BR2 (HKLM-x32\...\{4A7EA2A2-221D-437C-8727-B033E6679124}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDG744X_GE_LH (HKLM-x32\...\{20372FAA-3AF4-4B3D-9B1D-564CDEA5957C}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDG744X_GE_OZ2 (HKLM-x32\...\{4DA93734-2293-4016-B8B9-720BDEBFCD80}) (Version: 1.10.0000 - Precision Manuals Development Group)
PMDG744X_PW_FJ2 (HKLM-x32\...\{F66D065A-162C-4539-84BB-9A8B51BAEAD9}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDG744X_PW_IB (HKLM-x32\...\{1D67FB28-58DA-4425-B426-99E894468197}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDG744X_PW_KA (HKLM-x32\...\{1681B05D-683B-422B-9565-98B1DBF29713}) (Version: 1.10.0000 - Precision Manuals Development Group)
PMDG744X_RR_QF (HKLM-x32\...\{EC65FAF7-F12F-4C81-9E9D-2FE1115CFBA9}) (Version: 1.10.0000 - Precision Manuals Development Group)
PMDG744XF_GE_BRF (HKLM-x32\...\{1AF39B3E-954C-4ADB-BD31-D29F653D4B22}) (Version: 1.00.0000 - Precision Manuals Development Group)
PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pro Evolution Soccer 2015 (HKLM\...\Steam App 287680) (Version:  - KONAMI Digital Entertainment)
Project CARS (HKLM-x32\...\Steam App 234630) (Version:  - Slightly Mad Studios)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Quick Startup 5.3.1.96 (HKLM-x32\...\Quick Startup) (Version: 5.3.1.96 - Glarysoft Ltd)
Real Environment Xtreme + Overdrive (HKLM-x32\...\{256FA569-AAAA-43D5-B1D8-57406A9D3A9A}) (Version: 2.5.2010.1027 - Real Environment Simulations, Inc.)
RealDownloader (x32 Version: 18.1.3.103 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.4.144 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.58.411.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RollerCoaster Tycoon 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
RollerCoaster Tycoon World (HKLM\...\Steam App 282560) (Version:  - Nvizzio Creations)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samplitude Music Studio 17 (HKLM-x32\...\MAGIX_MSI_ms17dlx) (Version: 17.0.0.0 - MAGIX AG)
Samplitude Music Studio 17 (x32 Version: 17.0.0.0 - MAGIX AG) Hidden
Samplitude Music Studio 2013 (HKLM-x32\...\MAGIX_{C02AB3DD-D476-4EF0-B59B-D4D58A71A5F9}) (Version: 19.0.0.10 - MAGIX AG)
Samplitude Music Studio 2013 (Version: 19.0.0.10 - MAGIX AG) Hidden
Samplitude Music Studio 2013 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Screenshot Captor 3.03.01 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
Secure Eraser v4.0 (HKLM-x32\...\Secure Eraser_is1) (Version:  - ASCOMP Software GmbH)
Shark007 STANDARD Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 3.0.1 - Shark007)
Shark007 STANDARD x64Components (HKLM\...\STANDARD x64Components_is1) (Version: 3.0.1 - Shark007)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.00 - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Pirates! (HKLM-x32\...\Steam App 3920) (Version:  - Firaxis Games)
SiSoftware Sandra Lite 2012.SP5c (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 18.74.2012.10 - SiSoftware)
Skype Toolbars (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.5.0 - SmartSound Software Inc) Hidden
SMPlayer 0.6.9 (HKLM-x32\...\SMPlayer) (Version: 0.6.9 - RVM)
Soccer Manager 2016 (HKLM-x32\...\Steam App 407120) (Version:  - Soccer Manager Ltd)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - Creative Technology Limited)
Spintires (HKLM-x32\...\Steam App 263280) (Version:  - Oovee® Game Studios)
Spotify (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
SRWare Iron Version SRWare Iron 21.0.1200.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 21.0.1200.0 - SRWare)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
supra IPCam (HKLM-x32\...\{B0024EE6-6018-4FD6-BC5C-DFE6F0375A95}) (Version: 1.8.4.0 - SUPRA Foto-Elektronik-Vertriebs-GmbH)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Train Fever (HKLM-x32\...\Steam App 304730) (Version:  - Urban Games)
Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version:  - Dovetail Games)
TransOcean - The Shipping Company (HKLM-x32\...\Steam App 289930) (Version:  - Deck 13 Hamburg)
Treiber-Studio 2013 (HKLM\...\{7BD95F83-10BC-43FB-9654-D1702EC2B555}) (Version: 8.0.415 - Publish Data)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4500.45 - TuneUp Software) Hidden
TVCenter (HKLM\...\{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}) (Version: 6.4.2.880 - PCTV Systems)
TwonkyMedia (HKLM-x32\...\TwonkyMediaTwonkyMedia) (Version: 6.0.39.0 - PacketVideo)
UK2000 Gatwick Xtreme FSX  (HKLM-x32\...\UK2000 Gatwick Xtreme FSX) (Version: 3.00 - UK2000 Scenery)
Ultimate Terrain X - Europe (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Ultimate Terrain X - Europe) (Version:  - )
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
USB Media Adaptor for Microsoft Windows (HKLM-x32\...\USB Media Adaptor) (Version:  - )
Vasco da Gama 5 HDPro (HKLM-x32\...\{067D2172-F8F3-477D-B4EE-0B0AA967D544}) (Version: 5.20.0000 - MotionStudios)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader (x32 Version: 1.2.0 - RealNetworks) Hidden
Video Grabber (HKLM\...\VID_1D19&PID_6109&MI_01) (Version: 1.0.0.0 - Conexant Systems)
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Bass Machine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Rock Drums (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita String Ensemble (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita World Percussion (Version: 1.0.0.0 - MAGIX AG) Hidden
Vivaldi (HKLM-x32\...\Vivaldi) (Version: 1.5.658.56 - Vivaldi)
Vivaldi (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Vivaldi) (Version: 1.1.453.52 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
vShare.tv plugin 1.3 (HKLM-x32\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ACHTUNG
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Watermark Image software version 1.9.9.3 (HKLM-x32\...\Watermark Image_is1) (Version:  - )
WD Link (HKLM-x32\...\WD Link) (Version: 1.00.03 - Western Digital)
WD Quick View (HKLM-x32\...\{19A2103A-A588-421C-B4CD-30E02FA401A3}) (Version: 1.6.3.4 - Western Digital)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wireshark 1.6.1 (HKLM-x32\...\Wireshark) (Version: 1.6.1 - The Wireshark developer community, hxxp://www.wireshark.org)
Wise Folder Hider 1.53 (HKLM-x32\...\Wise Folder Hider_is1) (Version: 1.53 - WiseCleaner.com, Inc.)
WoLoSoft SuperEdi 4.3.1 (HKLM-x32\...\SuperEdi_is1) (Version: 4.3.1 - WoLoSoft International)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xtreme FSX PC 2.8.0.0 (HKLM-x32\...\Xtreme FSX PC) (Version: 2.8.0.0 - FSPS)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{04d81769-8002-4b11-b48d-3e6c2c21a025}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{05bc9a36-21d8-486e-a2dc-b4f063a56008}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{084ab9bc-d32b-4c22-b969-60e2a16868e7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{09a35d61-ec85-4aa1-8b3e-b392a5966344}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{1185dfb4-b03c-42ab-93e9-5006faf85fea}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{191fb2f6-c15d-4a75-ad24-e87d987f6b72}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{19d01be8-cdd7-47e9-81cc-ca4e868b59ee}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{1aaf5769-b4d7-4e4a-9178-a1b2ee412d05}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{1d47af89-1345-463f-b6f7-fc7bf23b754e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{214ace60-285c-4524-b7aa-c699e724b8d2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{21760e92-8a0f-4f01-ba84-e745e9d34115}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{24d6a94c-110d-43c3-8c8b-441aa3cae286}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{26f62c12-38d0-4cb3-88d2-c774961c6704}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{2787ee41-647c-4ed9-95f5-fb01f7ca5098}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{4274700d-5697-4158-87a0-915d3583633e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{447b5088-476d-4e17-a031-d982064588c6}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{4bdfd52a-c9cc-4eca-a472-529b8beed1c9}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{503b8954-030c-4c02-8b7b-d22bebc05f38}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{503dfae7-19b8-4963-a9a0-2acd3598d571}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{522eb9c7-d1a2-43c7-8623-125312449816}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{62f6f3f3-39bf-4339-b385-3faa8c0859fc}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{64dcd37c-6014-4dc0-9c69-02295abb2890}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{6595589b-261d-4dd5-ba63-68a553e40b51}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{6ac3ae6d-eb71-481d-a89d-899f46acdb0d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{6ae5ef15-470d-48a2-900e-0189cdf8ffbf}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{6b0cdc28-f7f0-4a4f-bb2e-0176a49a06bd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{6c62dc8b-dcec-40e4-8a0f-9dd350e77d7b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{70226c5a-ae82-4905-b186-01ada693a175}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{79bd353f-6e09-4e70-9a97-4c71711033b7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{79c83bfb-366f-4baf-b017-454cf8dff90a}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{7c3d3156-bd5c-445f-bac2-4756e374c11b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{7c55d38c-f135-43bc-aa33-459c3086755e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{7c8c38d6-5814-4d2a-a012-eb989e2efb37}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{8d179a5a-3950-4e8f-a9e8-2149b702fcf1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{8fe16fc5-40dc-487b-bb9a-d3b66acc0cf3}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{908cc787-3106-48d6-8921-a09b6ef98166}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{97df3c16-9ed8-47e0-a4ef-95ac48bcb88f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{9b6c38cb-cd0d-4bcc-b5b3-9d5bcc7cbfe9}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{a06038cd-518a-4760-aba3-5235ecd95b1d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{a1ac59fb-a02d-4649-aa82-a2bc488699ce}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{a2e43181-a9e6-400e-97dc-82e244c18f85}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{a761a701-af33-4805-970d-a17db83d6535}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ab6c9590-0341-4941-bd9e-83baa685cf1f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ad7a45fc-f682-44a4-82e0-d6d8a728a016}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{b60e8a40-e50b-4830-bbda-94e237749874}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{b618d331-3a28-426b-be3e-9a2c04a8d2b7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{b8e490ae-be4e-487d-9339-d78d6d7f3739}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{b997f64d-91ca-4cf2-a128-dafaba1dacf2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{b9ef413a-5682-4f47-a938-75d8b52c4595}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ba7f4f0b-a36b-4b15-b3a1-3bb6c8da4390}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ba9284d1-4dff-4065-8f31-0dc741a720ce}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{bd37d3c7-fcd6-40fc-936a-341ea3a36357}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{be989282-1c1e-4515-868a-317f33eda17f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{c6765c7b-394f-4b94-8774-5a2ab413856f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{cc2029a1-a1ba-43a1-97eb-8c4791053181}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{cc6dff49-7a5d-4e6c-a742-2f0d0e4504d2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{dcd01d5c-81ce-4f2f-9eee-c625a5d3a70b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{e22e6d55-df7d-430c-9a6e-a521877d9e63}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{e3e74351-b8bb-4a14-bfe3-9cd2ce280618}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{e92f2613-fd44-4bf2-88b9-aa488cd881bb}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ef715f28-ee88-452a-9bef-566124e936cf}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{f3a433b0-9802-4841-93ae-5e578b1673d0}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {06C7574E-7E73-4F47-A2EA-2FFABECD4ADE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {07996DB4-129C-4F75-8158-B9DD98DFB6F1} - System32\Tasks\{1FEE1EFD-5BE9-480F-AF0C-C2C0344A1630} => E:\Program Files (x86)\Matrix Games\Uncommon Valor\start.exe
Task: {09AFD1CB-746B-4985-922F-D35A1B9E6BF8} - System32\Tasks\{22C953FD-90E9-4CE8-B2B3-82E6D793B2AB} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-05-17] (Skype Technologies S.A.)
Task: {09D74595-A61D-461B-9B6F-59BBC7160D58} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3438443834-875338260-1882614465-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.)
Task: {1940FF79-2C54-4203-AEA4-AF07AE78A871} - System32\Tasks\{3EE7C121-4A7B-49B0-9D74-44D92D444EA4} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\jre-8u91-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
Task: {233C5B3D-EE00-46E3-B5C0-3B0D10D1D996} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-13] (Adobe Systems Incorporated)
Task: {24721D18-852B-4F33-B2E5-D6AE4315700A} - System32\Tasks\{467E043D-D2B3-489B-B92A-9F0CB6FEDD64} => pcalua.exe -a "C:\Program Files (x86)\OkayFreedom\setuptool.exe" -d "C:\Program Files (x86)\OkayFreedom"
Task: {2890947D-296B-4C10-B39C-06038784272F} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-08-18] (Glarysoft Ltd)
Task: {2E03AD65-6C75-416C-AF13-B819AC01C819} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {300C1EA2-E9FE-40F2-A858-2FCD59C8D95A} - System32\Tasks\{75A6B6D7-647D-42F5-A293-5D4420F57EF7} => pcalua.exe -a C:\Users\Lutz\Downloads\vcredist_x64(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {3E0BA044-717C-44CA-A230-C0A0E9608558} - System32\Tasks\{E8789EBD-96FE-4E00-9384-33F050458B82} => E:\Program Files (x86)\Matrix Games\Uncommon Valor\uncommonvalor.exe
Task: {414D97F2-E33D-4B2F-91C7-9D2337326F5D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {460FB276-EBCC-4B2A-9F06-DFB8741E6DEE} - System32\Tasks\{037ED4FC-AEDC-4B7F-8659-7E4E99BB364E} => pcalua.exe -a C:\Users\Lutz\Downloads\Fokker70-100-SP2.exe -d C:\Users\Lutz\Downloads
Task: {4A9A0799-E4E3-4231-B666-8BBC87ABD1D8} - System32\Tasks\{2191C3FC-2D8A-4319-B8E3-6E81637CB2F4} => E:\Program Files (x86)\Matrix Games\Uncommon Valor\uncommonvalor.exe
Task: {4BCC6BD6-C99A-4544-9757-C9CEEE48F0CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-03] (Google Inc.)
Task: {4EAB6E52-8128-49B4-BF0C-C378A0C28527} - System32\Tasks\{38597039-AE79-46D8-925F-8E2B6093EEF8} => E:\Program Files (x86)\Matrix Games\Uncommon Valor\start.exe
Task: {5013F281-F998-4854-BC2D-6E164B066060} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-04-23] (McAfee, Inc.)
Task: {53C06319-69AF-4FBA-95AE-9066890ACEF1} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {591975F3-49FE-4E98-8748-54E977FE5BBD} - System32\Tasks\NeoSetup Updater => C:\Program Files (x86)\Innovative Solutions\NeoSetup Updater\NeoSetup_Updater.exe [2015-06-26] (Innovative Solutions)
Task: {6147FA48-9E89-41B3-852E-511278DE3F1A} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-08-18] (Glarysoft Ltd)
Task: {6B3E7727-BF5E-4A6F-97FB-C9027C2AA286} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18] (ArcSoft Inc.)
Task: {6DDA85FF-A476-4586-856D-EDEDBBD7E173} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-03] (Google Inc.)
Task: {71A76E68-95C5-4547-82C6-AF23D822412E} - System32\Tasks\{6121CC0B-6581-489E-908C-3F0450821362} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\jre-8u111-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
Task: {7A2F978F-3368-4426-BF80-F531EC961C83} - System32\Tasks\InstallShield Update Service => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-02-17] (InstallShield Software Corporation)
Task: {837D85D4-21E4-4F2D-8D11-B9ED717BD77B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3438443834-875338260-1882614465-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.)
Task: {8F74DB31-DA82-4889-BCF7-B08E5DD2705A} - System32\Tasks\{434EC527-19D8-4152-AAE0-EAADDABFA758} => pcalua.exe -a C:\Users\Lutz\Downloads\setup.exe -d C:\Users\Lutz\Downloads
Task: {8FBAD392-F023-4AD8-8256-06BA4AC4D2E8} - System32\Tasks\{41D0D454-F664-4B57-927A-8D7434112D05} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\Temp1_um304x86.zip\um304x86\setup.exe <==== ACHTUNG
Task: {940424C1-22E3-4D2C-AE92-DCCF1EDEBC96} - System32\Tasks\{0DF8895D-E20F-4191-9EA0-500C282D8D76} => E:\Program Files (x86)\Matrix Games\Uncommon Valor\start.exe
Task: {97294692-DF92-4376-91AB-73DC9957A794} - System32\Tasks\{AC696D6F-E62F-448A-BE83-794BD22DDB39} => Chrome.exe hxxp://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?page=tsMain
Task: {97DC5329-4509-4BEB-A8DF-1E2CB824EDE8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {990B475B-9764-4149-9510-9FF97D2A6A4F} - System32\Tasks\{96C8B12C-FED4-4877-9404-AED55A581635} => pcalua.exe -a "C:\Users\Lutz\Documents\downloads\complete\carenado\PA-28-181 ARCHER II.exe" -d C:\Users\Lutz\Documents\downloads\complete\carenado
Task: {99BDBCF5-660B-41EE-8308-C2651B1D9300} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {9E9E5679-73F1-41F1-ACD5-0A94CC77FDDE} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3438443834-875338260-1882614465-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.)
Task: {A91127AF-E844-43EF-8C95-BCEC6438FBBA} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] ()
Task: {A9CDBCC2-49B3-41A2-BBDA-2A893398008B} - System32\Tasks\{5795B20E-DE83-4FF0-8002-72B0D065C0F4} => pcalua.exe -a F:\setup.exe -d F:\
Task: {BD49F3FF-4CE2-4708-8187-9E3968755C34} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-07-05] ()
Task: {C1935ADB-EEDA-4DA8-913E-BD1A221A54D4} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-11-25] (AVG Technologies CZ, s.r.o.)
Task: {C1F5A065-F7E5-41FD-97D8-1F2151064B79} - System32\Tasks\{E91865F8-96CE-4304-94E8-B1368CACDDD0} => pcalua.exe -a C:\Users\Lutz\Documents\downloads\complete\1330271862\wop3_p40.EXE -d C:\Users\Lutz\Documents\downloads\complete\1330271862
Task: {C9C21059-BB15-4997-80E2-A1CB1B0A9B9B} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe [2016-04-11] (Innovative Solutions)
Task: {CAF77BA2-94DF-4D2A-BCE5-854BFBA01A06} - System32\Tasks\AdobeAAMUpdater-1.0-Lutz-PC-Lutz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {CC4A0E94-5BBD-4059-8DD9-6B5709721650} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {CE12364A-0D3C-4FE1-9AA3-079D066618AA} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3438443834-875338260-1882614465-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2016-02-03] (RealNetworks, Inc.)
Task: {CE3E0943-434B-477F-9CCF-B55CEC295B13} - System32\Tasks\Google Update => C:\Users\Lutz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D78CF1C2-B8A5-4D00-A1FC-A3858E6E9B24} - System32\Tasks\{80B6C8F2-C1FA-49FC-9E3D-C7BDA86F1B30} => pcalua.exe -a "H:\FSX - 747-400X v2.10.0040 - PMDG\FSX - 747-400X v2.10.0040 - PMDG\PMDG747_400_FSX.exe" -d "H:\FSX - 747-400X v2.10.0040 - PMDG\FSX - 747-400X v2.10.0040 - PMDG"
Task: {D82E5F2D-32D1-42E7-8D36-F15C0FABAE65} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01] (Oracle Corporation)
Task: {E1AECECA-8F96-41AC-9E7B-A17247B595CC} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {E53062DD-C8D1-4B82-B0BA-5982FAFEE707} - System32\Tasks\{0FE70729-25B3-4A5D-BFE2-55976F8FA017} => pcalua.exe -a F:\setup.exe -d F:\
Task: {E651F558-3D82-42FC-9A97-06C91B999198} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {ECE1E9F5-6992-431C-8A6F-D4C7BEC96619} - System32\Tasks\{574CE011-1F26-48FB-836C-A9F5EDF8BF1B} => pcalua.exe -a C:\Users\Lutz\Downloads\Diablo-III-Setup-deDE.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {FB4E00C8-BC32-4129-ADD6-C99C72ED3DA4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3438443834-875338260-1882614465-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.)
Task: {FBB7D511-4945-4143-9889-EAC1F3ACAA79} - System32\Tasks\{0C6B6228-F57E-42EC-A95D-E3AD20AD688C} => pcalua.exe -a "C:\Users\Lutz\Desktop\World of Warcraft Beta Setup(4).exe" -d C:\Users\Lutz\Desktop

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Lutz\Desktop\Dateien\WEB.DE.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://go.web.de/tb/ie_desktop_portal
ShortcutWithArgument: C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> -user-agent="Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.22 anonymized by Abelssoft 1691702640"
ShortcutWithArgument: C:\Users\Lutz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> -user-agent="Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.22 anonymized by Abelssoft 1691702640"

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2011-10-29 00:05 - 2016-09-16 23:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-10-29 18:28 - 2013-10-29 18:28 - 00246112 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2016-03-01 17:53 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-29 20:27 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-01 17:53 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-12-21 18:50 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2011-05-11 18:21 - 2015-12-30 16:27 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-05-11 18:21 - 2015-12-30 16:27 - 00107832 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2016-02-03 18:49 - 2016-02-03 18:49 - 00032544 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-09-26 16:23 - 2013-03-06 13:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-03-29 20:27 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-29 20:27 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-29 20:27 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-19 21:41 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-03-29 20:27 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-29 20:27 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-03-31 16:29 - 2016-06-15 02:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 00384512 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2016-03-13 14:15 - 2014-03-07 09:23 - 00565827 _____ () C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\sqlite3.dll
2016-11-28 17:42 - 2016-11-28 17:42 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2016-02-03 18:48 - 2016-02-03 18:48 - 00037688 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2016-02-03 18:48 - 2016-02-03 18:48 - 00039224 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2016-02-03 18:49 - 2016-02-03 18:49 - 00037192 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-12-21 00:15 - 2010-12-21 00:15 - 01041248 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2016-11-13 12:47 - 2016-11-13 12:47 - 19640512 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll
2015-12-02 17:58 - 2015-11-16 19:32 - 00919040 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData:gs5sys [2560]
AlternateDataStreams: C:\Users\All Users:gs5sys [2560]
AlternateDataStreams: C:\Users\Lutz:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys [2560]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [2560]
AlternateDataStreams: C:\ProgramData\TEMP:05EE1EEF [268]
AlternateDataStreams: C:\Users\Lutz\Anwendungsdaten:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\Lokale Einstellungen:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\Vorlagen:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\AppData\Local\Anwendungsdaten:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\AppData\Local\Verlauf:gs5sys [1792]
AlternateDataStreams: C:\Users\Lutz\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [3074]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2016-11-23 20:54 - 00000895 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 google-analytics.com
127.0.0.1 www.google-analytics.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeActiveFileMonitor11.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppHostSvc => 2
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: BCUService => 2
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: CGVPNCliSrvc => 3
MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: CTAudSvcService => 2
MSCONFIG\Services: DokanMounter => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: JMB36X => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: QPCopyEngine => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: VMCService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LenovoEMC Storage Manager.lnk => C:\Windows\pss\LenovoEMC Storage Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk => C:\Windows\pss\SetPointII.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Twonky Tray Control.lnk => C:\Windows\pss\Twonky Tray Control.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^simplicheck.lnk => C:\Windows\pss\simplicheck.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AntiBrowserSpy - BrowserMask => C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
MSCONFIG\startupreg: Badoo Desktop => C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
MSCONFIG\startupreg: BCU => "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
MSCONFIG\startupreg: BrowserMask => "C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe" -delayed
MSCONFIG\startupreg: Corel File Shell Monitor => D:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart /min
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: Google Update => "C:\Users\Lutz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: QuiKProtect => C:\Program Files\Iomega\Quikprotect\StartQuikProtect.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SOS Browser Monitor => "C:\Program Files (x86)\Steganos Online Shield\SteganosBrowserMonitor.exe"
MSCONFIG\startupreg: SOS_Agent => "C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe" -agent
MSCONFIG\startupreg: Spotify => "C:\Users\Lutz\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Lutz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SSS2009 Browser Monitor => "C:\Program Files (x86)\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe"
MSCONFIG\startupreg: SSS2009 File Redirection Starter => "C:\Program Files (x86)\Steganos Privacy Suite 11\fredirstarter.exe"
MSCONFIG\startupreg: SSS2009 HotKeys => "C:\Program Files (x86)\Steganos Privacy Suite 11\SteganosHotKeyService.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TrayServer => C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe
MSCONFIG\startupreg: UVS12 Preload => D:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe
MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{183864FC-C601-49A7-B3CF-E19CBB897891}] => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{39FAD13A-7155-4FF0-88C1-D4E33FDEBAD5}] => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FEFBB719-A62B-46B6-854D-98635D7CF1CA}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BBBAC07C-2D00-4C57-9322-EFE8E10106B2}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe
FirewallRules: [{94F934D9-74E5-454F-9A8A-6DDA88262FC9}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe
FirewallRules: [{78B041CD-E5E4-4056-97AE-EC9C6CBDC169}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe
FirewallRules: [{A4DCB407-4515-45BA-965B-0F696629E64D}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe
FirewallRules: [{E90C2F03-5C6F-4E30-82B7-5ABBA5CA6E20}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe
FirewallRules: [{7EED8958-3B7F-4D8B-9974-A5BF2EF2C901}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe
FirewallRules: [{5AC85760-EDED-4BF5-B3E5-4C836A06506C}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{7D30EF9B-FB83-4A9E-82A3-543B1B6DDFE9}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{DF658F46-35DE-49CC-A982-6769A212CE87}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{ACF2607B-1C7D-4E88-ACE9-2880F6F8AEF5}] => C:\Program Files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe
FirewallRules: [{991DD234-82CB-49D9-B3FE-D8051B990A4A}] => C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [{F5922D62-93B5-47AF-AFE6-167F8F607A6D}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6CE206D9-6FD9-4584-B90D-59462403F013}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F0BF4541-FB32-4102-9E94-C6218647E6DB}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3DD14BB2-8B00-412A-9A8B-27E441327A3C}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EA54779E-8533-4AB0-BF36-9CC287D4D141}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{00018741-BA45-488E-9D25-06A3F7ECDD3E}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B92FC33C-6682-4077-A98F-BE1DDAFBD5FA}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7AD07F50-745C-491D-B028-358EADCAC731}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{18F0F321-702D-4525-BA4A-C644067D541D}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F731816-12B5-488E-BCA1-E2B09576ED28}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E2A9D55-9537-4B19-9F24-D742F5CF8B11}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B3616504-B0D7-48D9-88A1-795EFD78F744}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6E57D672-708B-4411-8952-78533B7BB23A}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{16BEBC66-AE36-4BCC-9AB7-628CBC6AD0E8}] => D:\Steam\SteamApps\common\pCars\pCARS64.exe
FirewallRules: [{C77CCC54-01A8-44DA-B553-AFCC99DC5D38}] => D:\Steam\SteamApps\common\pCars\pCARS64.exe
FirewallRules: [{A26471DB-0259-4BFA-9F4E-39DB0E5C708C}] => D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CE119BB2-CEF2-422F-BAA2-8830EE795E51}] => D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5A443AD9-A50B-4FA0-BD59-AAF38AC17188}] => D:\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{8B698DAD-D2CC-4B49-8E1A-FF755DD521AF}] => D:\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{78F72C60-F084-41C5-AB3E-F5F9EF0F6918}] => D:\Steam\SteamApps\common\Spintires\SpinTires.exe
FirewallRules: [{44B7D166-C59E-4B93-A847-FCCD27613D6B}] => D:\Steam\SteamApps\common\Spintires\SpinTires.exe
FirewallRules: [{AAE69F65-F1B4-4A87-BA8E-EC0010DE00A0}] => E:\CIV 5\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{D040F1EF-374E-4CE1-9051-A8264B7CFE97}] => E:\CIV 5\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{EDF1C4A2-D1F8-46F1-92D5-435C1FD5F80F}] => D:\Steam\SteamApps\common\OMSI 2\Omsi.exe
FirewallRules: [{01E3360E-15E4-42DB-A96D-38A8E0CE23E8}] => D:\Steam\SteamApps\common\OMSI 2\Omsi.exe
FirewallRules: [{12195342-7516-44F1-AF40-36E2102986AC}] => D:\Steam\SteamApps\common\Train Fever\TrainFever.exe
FirewallRules: [{58C09F16-6775-4581-AB7C-8128EC00D8DD}] => D:\Steam\SteamApps\common\Train Fever\TrainFever.exe
FirewallRules: [{DEC04915-1CCB-4B98-90D7-9A479F8872AB}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{47C0ABC3-9B4A-417C-B10B-CABA10CA62B9}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{667CACB5-0730-4A52-851F-F250150943BF}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8C40FE4A-4266-476C-BDEC-72FD05A59718}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{182A7BE0-41D6-4DC0-B203-08FD063D2FE1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7A7B4AC7-8030-48D0-99A7-968C9884207B}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A34FF7BA-1432-47AE-A1D7-33E8F49AFD53}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F4ADC216-086B-43A7-9495-4C4AE28D0268}] => D:\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{D72AB6A4-F503-49FE-9C99-044D408349EB}] => D:\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{31E0A09C-AE74-4CF6-8DBD-72BE48A320B0}] => E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{7905E67F-8364-4418-91DC-255299987E1D}] => c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{410765E6-CC8B-47AB-84E6-1725BD42C5CF}] => D:\Steam\SteamApps\common\RollerCoaster Tycoon World\RollerCoaster Tycoon World.exe
FirewallRules: [{0D901DAE-9977-4093-B1CE-00A444CB914B}] => D:\Steam\SteamApps\common\RollerCoaster Tycoon World\RollerCoaster Tycoon World.exe
FirewallRules: [{693B1927-12F7-439F-A6DB-7F2D10989BAD}] => D:\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [{A8F1D02B-7609-4F35-B1AC-C982CAEB5B4C}] => D:\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [{0FD2DEA8-49E9-4AEA-9475-6E874CC9A403}] => D:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{1EDAC775-C4DD-49C0-B98E-C4535DB512E6}] => D:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{741C7860-05F0-4DB0-B32F-3A9A2C1ABE7E}] => C:\Program Files\Vivaldi\Application\vivaldi.exe
FirewallRules: [{CE173514-206B-497A-A31B-AFE5E5D87B22}] => D:\Steam\SteamApps\common\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [{EB0A216E-194E-458F-9EEB-8E4BC0A49CA9}] => D:\Steam\SteamApps\common\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [{507AFCCA-B48B-47D9-82C5-F197A4052843}] => D:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{335DA974-A73A-4094-BADF-C888AA52A1CE}] => D:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{63272A13-0FFB-45A3-A46C-F994C4DD7A00}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B4685677-8E59-424D-9BF3-133CD1265A3D}] => D:\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{4608D19C-EB00-4DD7-874E-C76B7B16033E}] => D:\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{84F51808-9DE4-4292-ACB5-15BBB37CB3A7}] => D:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{4E93BACC-0494-4AAD-BCFF-A6808C947F45}] => D:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C2C0A577-FED6-4D96-933F-EC4005B7CBA9}] => D:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{389E12B1-10FC-4310-82FD-EDEBAE5CEF3C}] => D:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{CB72CD40-85F8-4EF9-896B-C251911AB396}] => C:\Program Files\Vivaldi\Application\vivaldi.exe

==================== Wiederherstellungspunkte =========================

05-12-2016 19:18:36 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: AppleCharger
Description: AppleCharger
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AppleCharger
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/06/2016 09:14:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.23418, Zeitstempel: 0x5708a7e4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c54f
ID des fehlerhaften Prozesses: 0xd64
Startzeit der fehlerhaften Anwendung: 0x01d24ffd55ebab9c
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exe
Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll
Berichtskennung: 939d4875-bbf0-11e6-b1b8-0000001f0200

Error: (12/06/2016 09:13:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.23418, Zeitstempel: 0x5708a7e4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c54f
ID des fehlerhaften Prozesses: 0x1998
Startzeit der fehlerhaften Anwendung: 0x01d24ffd41f08c7b
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exe
Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll
Berichtskennung: 80df4216-bbf0-11e6-b1b8-0000001f0200

Error: (12/06/2016 08:39:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/06/2016 08:39:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/06/2016 08:39:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/06/2016 08:21:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/06/2016 08:21:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/06/2016 08:21:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/06/2016 08:11:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/06/2016 08:11:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


Systemfehler:
=============
Error: (12/06/2016 09:14:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (12/06/2016 08:32:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AppleCharger
nvelofsfltr

Error: (12/06/2016 08:32:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/06/2016 08:32:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (12/06/2016 08:30:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AppleCharger
nvelofsfltr

Error: (12/06/2016 08:29:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/06/2016 08:29:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (12/06/2016 08:28:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎06.‎12.‎2016 um 20:26:17 unerwartet heruntergefahren.

Error: (12/06/2016 08:26:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.

Error: (12/06/2016 08:25:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 16343.05 MB
Verfügbarer physikalischer RAM: 11807.58 MB
Summe virtueller Speicher: 32684.29 MB
Verfügbarer virtueller Speicher: 28241.64 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:204.98 GB) (Free:17.17 GB) NTFS
Drive d: (Volume) (Fixed) (Total:363.18 GB) (Free:16.04 GB) NTFS
Drive e: (Volume) (Fixed) (Total:363.25 GB) (Free:9.94 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5889D043)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=205 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=363.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=363.3 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
__________________

Alt 07.12.2016, 17:27   #4
Lumis
 
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden - Standard

FRST



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2016
durchgeführt von Lutz (Administrator) auf LUTZ-PC (06-12-2016 22:35:07)
Gestartet von C:\Users\Lutz\Desktop\Fliegen
Geladene Profile: Lutz (Verfügbare Profile: Lutz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\Dataplex\NveloSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [nveloApp] => C:\Program Files\Dataplex\CacheFilter\nveloApp.exe [117952 2015-01-16] (Windows (R) Win 7 DDK provider)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15112312 2016-02-09] (Logitech Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2013-06-14] (AVM Berlin)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-07-05] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Run: [] => [X]
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Run: [GUSDelayStartup] => C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe [37152 2014-08-20] (Glarysoft Ltd)
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Run: [Amazon Music] => C:\Users\Lutz\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-15] ()
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: L - L:\LaunchU3.exe -a
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {011ac20a-306a-11e0-af04-1c6f654b6b74} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {41c17a89-40af-11e3-b040-000000360200} - G:\AutoRun.exe
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {41c17a9a-40af-11e3-b040-000000360200} - G:\AutoRun.exe
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {56da7206-883a-11e3-aa2d-000000880200} - G:\AutoRun.exe
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {81f25f56-ff05-11df-bc06-1c6f654b6b74} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {85f8dda4-400b-11e3-8dbc-000000210200} - G:\AutoRun.exe
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {ad4bb9f3-7a56-11e0-93ff-1c6f654b6b74} - L:\LaunchU3.exe -a
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {ba47202e-d852-11e3-95a1-000000520200} - G:\pushinst.exe
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\acrun.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\acstart.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\arcrepair.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\chrome.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\chromesetup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\cyberghost.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\cyberghost_6.0.3.2124.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\fileencrypt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\filesplitter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hirezgamesdiagandsupport.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\integrator.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\itunes.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\lenovoemcstoragemanager.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mediaimpression.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\neosetup_updater.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\originer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoviewer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realconverter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realplay.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realtrimmer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\rnxproc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\rpsystray.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\sidebar.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\slideshowplayer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\steam.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\wddmstatus.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1B090B5E-27DB-4D25-9137-02111A82FE0C}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B95865FF-C877-44B8-8779-DE6FB2B89925}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{DF0F7ED1-4D85-4830-BFF3-E2526D9175AB}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{E102E7EA-629C-438B-9D5C-E9260B75A44E}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{F750D2D5-FD48-465B-A44E-C52A3A23968B}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{FD661E04-31D3-47C1-9D98-FFDDC4CED1F5}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKLM-x32 -> {A94277E3-1076-43b3-BF3F-54D391687391} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=9f6766b7-f7fe-11e0-bf17-1c6f654b6b74&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {FD6E7837-A203-4098-9FF7-1488A50FF4EB} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE0D20151106&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {FD6E7837-A203-4098-9FF7-1488A50FF4EB} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE0D20151106&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> DefaultScope {A94277E3-1076-43b3-BF3F-54D391687391} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_vit_15_18&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutByEyCyDtCtC0C0CyC0EtDyB0A0AyE0BtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFyDtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDtDtAyC0DyD0EtAtGyDyE0F0FtGtD0F0EtBtGtDtD0CtAtGyCyEyB0CzzyBtBzyyBtB0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0BtB0B0F0EtBtCtGtA0CyEzztGyE0DtB0CtG0AtAyE0CtGzy0A0A0DtByDzytC0ByE0EtB2QtN0A0LzutB%26cr%3D1097294414%26a%3Dwncy_vit_15_18%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {0048620A-CF1A-4D69-A9C5-5DA83311764F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {13DA3995-D9D0-4C53-9412-47ECD9BFC808} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=9f6766b7-f7fe-11e0-bf17-1c6f654b6b74&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {46ACC4B2-2869-44B6-94CA-4A3F5BEE9C04} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {A94277E3-1076-43b3-BF3F-54D391687391} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_vit_15_18&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutByEyCyDtCtC0C0CyC0EtDyB0A0AyE0BtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFyDtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDtDtAyC0DyD0EtAtGyDyE0F0FtGtD0F0EtBtGtDtD0CtAtGyCyEyB0CzzyBtBzyyBtB0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0BtB0B0F0EtBtCtGtA0CyEzztGyE0DtB0CtG0AtAyE0CtGzy0A0A0DtByDzytC0ByE0EtB2QtN0A0LzutB%26cr%3D1097294414%26a%3Dwncy_vit_15_18%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {CDF501C7-DA57-4305-B098-33C851941150} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {E5006287-6B48-45FF-AE9A-99C3E5BED4EE} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-02-03] (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-25] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-02-03] (RealDownloader)
BHO-x32: IE5BarLauncherBHO Class -> {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} -> C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll [2011-09-22] (VShare Inc.)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll [2015-09-15] (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16] (Skype Technologies S.A.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
Toolbar: HKLM-x32 - VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll [2011-09-22] (VShare Inc.)
Toolbar: HKU\.DEFAULT -> Kein Name - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -  Keine Datei
Toolbar: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> Kein Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  Keine Datei
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} hxxp://dominosrv02.wm-fahrzeugteile.de/dwa85W.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16] (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-05-24] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-05-24] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: t3851jul.default
FF ProfilePath: C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3438443834-875338260-1882614465-1000\FireFox [nicht gefunden]
FF ProfilePath: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default [2016-12-06]
FF user.js: detected! => C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\user.js [2012-11-23]
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\t3851jul.default -> Sichere Suche
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\t3851jul.default -> Sichere Suche
FF Homepage: Mozilla\Firefox\Profiles\t3851jul.default -> hxxp://heise.de/
FF Keyword.URL: Mozilla\Firefox\Profiles\t3851jul.default -> hxxp://badoo.com/startpage/?source=bsb&q=
FF Extension: (ADB Helper) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\adbhelper@mozilla.org [2016-11-03]
FF Extension: (Ghostery) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\firefox@ghostery.com.xpi [2016-11-29]
FF Extension: (Valence) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\fxdevtools-adapters@mozilla.org [2016-05-07]
FF Extension: (HTTPS Everywhere) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\https-everywhere-eff@eff.org.xpi [2016-12-02]
FF Extension: (Mailvelope) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2016-12-03]
FF Extension: (Garmin Communicator) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2016-04-28]
FF Extension: (Google Analytics Opt-out Browser Add-on) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2016-07-29]
FF Extension: (Adblock Plus) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (Bitdefender QuickScan) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-12-06]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-11-10]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\11-suche.xml [2011-12-19]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\badoo.xml [2012-12-08]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\duckduckgo.xml [2013-08-26]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\englische-ergebnisse.xml [2011-12-19]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\google-images.xml [2014-08-11]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\google-maps.xml [2014-08-11]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\McSiteAdvisor.xml [2016-03-20]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\startsear.xml [2011-07-11]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\webde-suche.xml [2011-12-19]
FF Extension: (Skype extension) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-07-05] [ist nicht signiert]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-01] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files (x86)\Steganos Privacy Suite 11\pfplugin => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 11\spmplugin3 => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-15] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014-08-01] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: (Thunderbird Address Book Synchronisation Extension) - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-07-21] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-05-28] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-13] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-08-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-08-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll [2015-09-15] (Perfect World Entertainment Inc)
FF Plugin-x32: @real.com/nppl3260;version=18.1.3.100 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2016-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-07-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-07-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.3.100 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2016-03-18] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3438443834-875338260-1882614465-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3438443834-875338260-1882614465-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-11-17] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2015-11-20] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2015-11-20] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2011-10-03] (vShare.tv )

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://heise.de/
CHR StartupUrls: Default -> "hxxp://heise.de/"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR DefaultSuggestURL: Default -> hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\pdf.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll => Keine Datei
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll => Keine Datei
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll => Keine Datei
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll => Keine Datei
CHR Plugin: (vShare.tv plug-in) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll (vShare.tv )
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll (vShare.tv )
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => Keine Datei
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll => Keine Datei
CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => Keine Datei
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll => Keine Datei
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll => Keine Datei
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => Keine Datei
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Lutz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => Keine Datei
CHR Profile: C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default [2016-12-06]
CHR Extension: (OkayFreedom) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckipplcmnfhblnpibpbehenelnkpecd [2015-05-09]
CHR Extension: (YouTube) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google-Suche) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Logitech SetPoint) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2012-12-01]
CHR Extension: (Booking.com for Chrome™) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip [2015-09-17]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-12-04]
CHR Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-11-10]
CHR Extension: (AdBlock) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-28]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2016-03-19]
CHR Extension: (vshare plugin) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2012-01-25]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Better Pop Up Blocker) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2012-03-10]
CHR Extension: (Google Mail) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-21]
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx [2011-08-31]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -user-agent=Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.22 anonymized by Abelssoft 1449098014

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-19] (Adobe Systems) [Datei ist nicht signiert]
S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 ArcService; D:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2015-09-15] (Perfect World Entertainment Inc)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-01] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1863688 2016-05-15] ()
S4 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [76336 2016-11-28] (CyberGhost S.R.L)
S4 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-12-02] (Creative Labs) [Datei ist nicht signiert]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-12-02] (Creative Labs) [Datei ist nicht signiert]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [Datei ist nicht signiert]
S4 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [Datei ist nicht signiert]
S4 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [Datei ist nicht signiert]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-11-15] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1064520 2016-04-11] ()
S4 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-02-09] (Logitech Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [187840 2016-10-24] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-05-24] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-10-29] ()
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [Datei ist nicht signiert]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 nveloSvc; C:\Windows\System32\Dataplex\nveloSvc.exe [33984 2015-01-16] (Windows (R) Win 7 DDK provider)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-13] (Electronic Arts)
S4 PCloudd; C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [221536 2013-03-27] (LenovoEMC Ltd.)
S4 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [Datei ist nicht signiert]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-12-30] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2015-12-30] ()
S4 QPCopyEngine; C:\Program Files\Iomega\Quikprotect\QpMonitor.exe [458240 2012-09-07] () [Datei ist nicht signiert]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-02-03] ()
S4 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1095440 2016-03-18] (RealNetworks, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4788496 2016-11-25] (AVG Technologies CZ, s.r.o.)
S4 TwonkyMedia; C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe [512840 2012-02-03] (PacketVideo)
S4 TwonkyWebDav; C:\Program Files (x86)\TwonkyMedia\twonkywebdav.exe [250696 2012-02-03] ()
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2016-11-25] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [48912 2016-11-25] (AVG Technologies CZ, s.r.o.)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-08-23] (Western Digital)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2013-06-10] (AVM Berlin)
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
S3 DxVGrb; C:\Windows\System32\drivers\DxVGrb.sys [227456 2014-04-08] (Dexetek )
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [44544 2010-04-17] (Fresco Logic)
S3 fwlanusb6; C:\Windows\System32\DRIVERS\fwlanusb6.sys [1330656 2013-09-13] (AVM GmbH)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-08-08] (Glarysoft Ltd)
R1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [20672 2014-08-26] (Glarysoft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKslDrv; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\MpKslDrv.sys [44928 2016-12-06] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R0 nvelodiskfltr; C:\Windows\System32\DRIVERS\nvelodiskfltr.sys [299712 2015-01-16] (Windows (R) Win 7 DDK provider)
S0 nvelofsfltr; C:\Windows\System32\DRIVERS\nvelofsfltr.sys [111296 2015-01-16] (Windows (R) Win 7 DDK provider)
R0 nveloportfltr; C:\Windows\System32\DRIVERS\nveloportfltr.sys [25280 2015-01-16] (Windows (R) Win 7 DDK provider)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 QsFsFltr; C:\Windows\System32\DRIVERS\QsFsFltr.sys [22584 2012-08-20] (Windows (R) Win 7 DDK provider)
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
S3 SSMO3v2Filter; C:\Windows\System32\drivers\MO3v2Driver.sys [23040 2010-11-22] (Sagatek Co. Ltd.) [Datei ist nicht signiert]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 utewmzu5; C:\Windows\SysWOW64\Drivers\utewmzu5.sys [7168 2015-11-26] () [Datei ist nicht signiert]
S3 ValFltr; C:\Windows\System32\drivers\ValoFltr.sys [14720 2009-04-10] (ROCCAT Development, Inc.)
R3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20048 2012-09-09] (Iomega Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] (MBB)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 pmem; \??\C:\Users\Lutz\AppData\Local\Temp\_MEI74002\drivers\winpmem64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-06 22:34 - 2016-12-06 22:35 - 00000000 ____D C:\FRST
2016-12-06 00:51 - 2016-12-06 00:51 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\QuickScan
2016-12-05 19:15 - 2016-12-05 19:15 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-12-05 19:15 - 2016-12-05 19:15 - 00001912 _____ C:\Windows\epplauncher.mif
2016-12-05 19:15 - 2016-12-05 19:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-12-05 19:15 - 2016-12-05 19:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-12-05 19:14 - 2016-12-05 19:14 - 00000000 ____D C:\Program Files (x86)\Chip Digital GmbH
2016-12-05 19:07 - 2016-12-05 19:09 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\McAfee TechCheck
2016-12-05 19:07 - 2016-12-05 19:09 - 00000000 _____ C:\Users\Lutz\Desktop\iphist.dat
2016-12-05 19:05 - 2016-12-05 19:05 - 03408408 _____ C:\Users\Lutz\Desktop\McAfee_TechCheck.exe
2016-12-05 19:02 - 2016-12-05 19:02 - 01496584 _____ C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe
2016-12-02 20:32 - 2016-12-05 20:08 - 00000000 __SHD C:\ProgramData\CPU Temp Monitor Service
2016-12-02 18:33 - 2016-12-02 18:33 - 11451644 _____ C:\Users\Lutz\Desktop\CE2300X.zip
2016-11-30 20:52 - 2016-11-30 20:52 - 00433419 ____N C:\Users\Lutz\Documents\Scan 30.11.2016, 19.14.pdf
2016-11-27 16:19 - 2016-11-27 16:19 - 00417599 _____ C:\Users\Lutz\Desktop\aktuelle-zahlen-zu-asyl-oktober-2016.pdf
2016-11-23 20:53 - 2016-11-23 20:53 - 00001079 _____ C:\Users\Public\Desktop\AntiBrowserSpy.lnk
2016-11-23 20:53 - 2016-11-23 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiBrowserSpy
2016-11-23 20:53 - 2016-11-23 20:53 - 00000000 ____D C:\Program Files (x86)\AntiBrowserSpy
2016-11-20 11:57 - 2016-11-20 11:57 - 00000222 _____ C:\Users\Lutz\Desktop\Paladins.url
2016-11-19 12:20 - 2016-11-19 13:12 - 00000000 ____D C:\Users\Lutz\Documents\Overwatch
2016-11-19 10:55 - 2016-12-06 21:11 - 00000000 ____D C:\Users\Lutz\AppData\LocalLow\Mozilla
2016-11-13 23:50 - 2016-11-13 23:50 - 00000000 ____D C:\Users\Lutz\.QtWebEngineProcess
2016-11-13 23:50 - 2016-11-13 23:50 - 00000000 ____D C:\Users\Lutz\.EVE
2016-11-13 23:49 - 2016-11-13 23:49 - 00000641 _____ C:\Users\Lutz\Desktop\EVE Launcher.lnk
2016-11-13 23:49 - 2016-11-13 23:49 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE Launcher
2016-11-13 20:28 - 2016-11-13 20:28 - 08974809 _____ C:\Users\Lutz\Desktop\EVE-Online-Einsteiger-Kompendium.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-06 22:35 - 2015-06-08 18:10 - 00000000 ____D C:\Users\Lutz\Desktop\Fliegen
2016-12-06 22:34 - 2012-09-18 16:35 - 00000000 ____D C:\Users\Lutz\Desktop\Dateien
2016-12-06 22:30 - 2011-05-13 12:13 - 00000000 ____D C:\Users\Lutz\Documents\Outlook-Dateien
2016-12-06 22:03 - 2012-04-06 09:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-06 21:16 - 2016-04-27 00:12 - 00002209 _____ C:\Users\Lutz\Desktop\Vivaldi.lnk
2016-12-06 21:14 - 2016-09-20 18:00 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-12-06 21:14 - 2015-12-22 20:02 - 00000000 ____D C:\Users\Lutz\AppData\Local\CrashDumps
2016-12-06 21:13 - 2013-11-10 09:41 - 00000000 ____D C:\Users\Lutz\AppData\Local\F87799D3-C920-4E93-B73C-2721F6CBD519.aplzod
2016-12-06 20:45 - 2009-07-14 05:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-06 20:45 - 2009-07-14 05:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-06 20:39 - 2009-07-14 18:58 - 32578676 _____ C:\Windows\system32\perfh007.dat
2016-12-06 20:39 - 2009-07-14 18:58 - 10256332 _____ C:\Windows\system32\perfc007.dat
2016-12-06 20:39 - 2009-07-14 06:13 - 00007312 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-06 20:32 - 2010-12-02 19:24 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-06 20:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-06 11:14 - 2016-10-27 18:38 - 00000000 ____D C:\Users\Lutz\Desktop\Planung 2017
2016-12-06 11:13 - 2012-04-11 23:27 - 00000058 _____ C:\Users\Lutz\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2016-12-06 10:33 - 2016-10-30 09:16 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-06 10:28 - 2014-08-16 13:46 - 00000000 ____D C:\Users\Lutz\AppData\Local\Adobe
2016-12-06 10:18 - 2014-08-08 22:27 - 00000330 _____ C:\Windows\Tasks\GlaryInitialize 5.job
2016-12-06 00:59 - 2014-08-08 22:27 - 00002970 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2016-12-06 00:59 - 2014-08-08 22:27 - 00002624 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2016-12-06 00:56 - 2014-01-27 18:42 - 00000000 ____D C:\Users\Lutz\AppData\Local\Battle.net
2016-12-05 23:02 - 2014-10-14 15:44 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-05 22:58 - 2014-08-08 22:27 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-12-05 20:32 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-05 19:56 - 2015-12-30 19:13 - 00002106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2016-12-05 19:56 - 2015-12-30 19:13 - 00002094 _____ C:\Users\Public\Desktop\Vivaldi.lnk
2016-12-05 19:56 - 2015-12-30 19:13 - 00000000 ____D C:\Program Files\Vivaldi
2016-12-05 19:54 - 2015-12-30 19:13 - 00000000 ____D C:\Users\Lutz\AppData\Local\Vivaldi
2016-12-05 19:14 - 2011-01-31 22:59 - 00000000 ____D C:\Users\Lutz\AppData\Local\Downloaded Installations
2016-12-05 19:08 - 2011-03-23 12:04 - 00000000 ____D C:\Users\Lutz\AppData\Local\Corel
2016-12-05 19:07 - 2011-03-23 12:01 - 00000000 ____D C:\Users\Lutz\Documents\My PSP Files
2016-12-04 23:02 - 2014-12-25 10:05 - 00004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-12-04 23:02 - 2011-06-22 14:52 - 00003696 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2016-12-04 21:17 - 2016-03-19 11:59 - 00003380 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3438443834-875338260-1882614465-1000
2016-12-04 21:17 - 2016-03-18 22:11 - 00003422 _____ C:\Windows\System32\Tasks\RealDownloader Update Check
2016-12-04 21:17 - 2016-03-18 17:49 - 00003360 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3438443834-875338260-1882614465-1000
2016-12-04 21:17 - 2016-03-18 17:49 - 00003224 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3438443834-875338260-1882614465-1000
2016-12-04 18:15 - 2011-04-13 00:50 - 00000000 ____D C:\Users\Lutz\.smplayer
2016-12-04 16:12 - 2010-12-02 21:52 - 00000000 ____D C:\Users\Lutz\Documents\Flight Simulator X-Dateien
2016-12-04 12:28 - 2016-09-27 21:29 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-12-04 11:30 - 2016-10-28 23:55 - 00000000 ____D C:\Program Files\CyberGhost 6
2016-12-04 11:18 - 2013-06-08 13:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-03 14:02 - 2016-04-14 22:25 - 00003432 _____ C:\Windows\System32\Tasks\NeoSetup Updater
2016-12-02 20:33 - 2012-05-02 20:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-02 20:33 - 2010-12-02 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-02 20:19 - 2016-10-28 23:55 - 00001732 _____ C:\Users\Lutz\Desktop\CyberGhost 6.lnk
2016-12-01 20:01 - 2014-08-08 22:27 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\DiskDefrag
2016-11-30 19:54 - 2012-01-25 12:00 - 00002579 _____ C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-28 18:02 - 2016-10-15 00:01 - 00000002 _____ C:\END
2016-11-25 13:45 - 2016-02-08 00:48 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2016-11-25 13:39 - 2016-02-16 21:39 - 00056080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll
2016-11-25 13:39 - 2016-02-16 21:39 - 00048912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\uxtuneup.dll
2016-11-25 13:39 - 2016-02-08 00:48 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2016-11-25 13:39 - 2016-02-08 00:48 - 00042256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2016-11-24 11:10 - 2016-05-03 21:10 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-24 11:10 - 2016-05-03 21:10 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-24 01:21 - 2013-06-30 15:48 - 00000000 ____D C:\Users\Lutz\AppData\Local\Ubisoft Game Launcher
2016-11-23 20:54 - 2016-05-03 21:10 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-23 20:54 - 2016-05-03 21:10 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-23 20:53 - 2014-08-11 15:54 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\Abelssoft
2016-11-23 20:53 - 2010-12-03 12:39 - 00000000 ____D C:\Users\Lutz\AppData\Local\Abelssoft
2016-11-23 20:30 - 2016-10-28 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
2016-11-20 11:57 - 2012-10-27 23:45 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-17 01:58 - 2010-12-03 18:39 - 00000000 ____D C:\Users\Lutz\AppData\Local\Deployment
2016-11-16 00:47 - 2015-12-09 17:18 - 00000000 ____D C:\Users\Lutz\Desktop\Planung 2016
2016-11-15 16:29 - 2016-05-03 21:11 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 16:29 - 2016-05-03 21:11 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-13 23:50 - 2010-12-02 19:09 - 00000000 ____D C:\Users\Lutz
2016-11-13 15:46 - 2013-07-30 22:22 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\vlc
2016-11-13 12:47 - 2012-04-06 09:32 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-13 12:47 - 2012-04-06 09:32 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-13 12:47 - 2011-11-06 22:32 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-13 12:47 - 2011-05-16 16:23 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-13 12:47 - 2010-12-02 21:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-10 18:13 - 2015-11-06 16:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-11-09 20:00 - 2015-12-07 17:10 - 00000000 ____D C:\Program Files\McAfee
2016-11-07 10:29 - 2015-09-12 11:50 - 00003816 _____ C:\Windows\System32\Tasks\InstallShield Update Service
2016-11-07 10:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\Users\Lutz\AppData\Roaming\Clips
2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\Users\Lutz\AppData\Roaming\Cocoa
2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\Users\Lutz\AppData\Roaming\ColorSync
2014-12-25 11:12 - 2014-12-25 11:21 - 0000012 ____T () C:\Users\Lutz\AppData\Roaming\Samsung Magician Installer.lockfile
2012-09-11 14:31 - 2012-09-11 15:59 - 11624448 _____ () C:\Users\Lutz\AppData\Roaming\Sandra.mdb
2012-09-11 15:05 - 2012-09-11 15:05 - 0186077 _____ () C:\Users\Lutz\AppData\Local\ars.cache
2012-09-11 15:06 - 2012-09-11 15:06 - 0915999 _____ () C:\Users\Lutz\AppData\Local\census.cache
2012-04-11 23:27 - 2016-12-06 11:13 - 0000058 _____ () C:\Users\Lutz\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2011-06-13 08:00 - 2011-06-13 08:00 - 0000092 _____ () C:\Users\Lutz\AppData\Local\fusioncache.dat
2012-09-11 14:53 - 2012-09-11 14:53 - 0000036 _____ () C:\Users\Lutz\AppData\Local\housecall.guid.cache
2011-07-27 18:45 - 2013-04-07 23:06 - 0007593 _____ () C:\Users\Lutz\AppData\Local\Resmon.ResmonCfg
2013-02-22 15:28 - 2013-02-22 15:28 - 0000011 _____ () C:\ProgramData\.tv6
2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\ProgramData\Colors
2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\ProgramData\Comedy Noises
2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\ProgramData\Command Line Utility
2011-02-26 19:51 - 2011-02-26 19:51 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-03-23 12:03 - 2012-08-16 19:01 - 0000900 ___SH () C:\ProgramData\KGyGaAvL.sys
2012-11-28 20:41 - 2012-11-28 20:41 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2012-11-28 20:41 - 2012-11-28 20:45 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2012-11-28 20:41 - 2012-11-28 20:41 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Lutz\CGWebInstall (1).exe
C:\Users\Lutz\CGWebInstall.exe


Einige Dateien in TEMP:
====================
C:\Users\Lutz\AppData\Local\Temp\1e1u1yk7ea.exe
C:\Users\Lutz\AppData\Local\Temp\aog71egk99q5m9_1.exe
C:\Users\Lutz\AppData\Local\Temp\ii5u9sa5.exe
C:\Users\Lutz\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Lutz\AppData\Local\Temp\ScanBy.dll


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-09-19 17:29

==================== Ende von FRST.txt ============================
         

Alt 07.12.2016, 20:12   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden - Standard

PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden



Zitat:
Ich installierte Microsoft Security Essentials, welches im Schnelltest die Trojaner Multiinjector.A!rfn und Neurevt fand
1. sollte man nicht einfach ein AV nach dem anderen raufklatschen
2. fehlt das Log dazu, keiner kann dir was dazu sagen du nur den Schädlingsnamen nennst

POste vollständige Angaben und deinstallieren einen der beiden AVs. Ich hätte McAfee weggeschmissen uns MSE behalten.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.12.2016, 21:21   #6
Lumis
 
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden - Standard

PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden



Hallo,

1. Ich habe MSE dazu installiert, weil mir McAffee nichts angezeigt hat. Ich habe McAffee draufgelassen und parallel mit dem Support gesprochen, was aber nicht zielführend war.

MSE funktioniert leider auch nicht mehr richtig. Es bricht den Scan bei ca. 30% ab und sagt alles sei ok.

2. Ich habe gegoogelt, wie man aus MSE ein Log ausliest. Das mit der Ereignisanzeige habe ich hinbekommen, das Log zu generieren in DOS leider nicht.
Was kann ich tun?

Kannst Du mir nicht einen Virenscanner empfehlen, den ich dann installiere, scanne und davon das Log poste? Oder kann ich die Ereignisanzeige posten?

Sorry, ich bin IT-Laie. Ich habe sonst mit so etwas nichts zu tun.

Vielleicht finden wir trotzdem einen Weg?

Grüße,

Lumis

Code:
ATTFilter
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-05-2016 19:15:51
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/05/2016 18:15:51.767578100 UTC
2016-12-05T18:15:51.767Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-05T18:15:51.783Z Trace session started - MpWppTracing-12052016-191551-00000003-ffffffff.bin
2016-12-05T18:15:51.783Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045Resetting SFCState failed with 0x80070015
2016-12-05T18:15:51.798Z New system volume cache created. TrustedUSN state is 1.**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 0
Number of invalid entries is 0
Number of inserts issued is 0
Number of replaces issued is 0
Number of insert failures is 0
Number of inserts with duplicate entries is 0
Number of lookups is 0
Number of lookup misses is 0
Number of fast lookup misses is 0
Number of false fast lookups is 0
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 319488
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T18:15:51.876Z Verifying RTP plugin...
2016-12-05T18:15:51.986Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll]
2016-12-05T18:15:52.017Z Loading engine...
2016-12-05T18:15:52.017Z CSignatureStatus: changed to DUE_REPORTED
2016-12-05T18:15:52.017Z Engine loaded!
2016-12-05T18:15:52.017Z Verifying license file...
2016-12-05T18:15:52.033Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll]
2016-12-05T18:15:52.033Z Product supports installmode: 0
2016-12-05T18:15:52.080Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-05T18:15:52.080Z Loaded module#0 MpComServer.
2016-12-05T18:15:52.080Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-05T18:15:52.080Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 0.0.0.0
AS Signature Version: 0.0.0.0
AV Signature Version: 0.0.0.0
************************************************************
2016-12-05T18:15:54.455Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:15:54.470Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:15:56.470Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:15:56.470Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:15:58.064Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE, pid: 2848
2016-12-05T18:15:58.064Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE, pid: 2848
2016-12-05T18:15:58.470Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:15:58.470Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:15:58.548Z Task(SignaturesUpdateService -UnmanagedUpdate) launched
2016-12-05T18:15:58.548Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 2848
2016-12-05T18:15:58.548Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 2848
2016-12-05T18:15:58.564Z [Mini-filter] Restricted access to process 2744 from pid: 4752. Original desired access: 0x1fffff.
2016-12-05T18:16:00.470Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:16:00.470Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:16:12.455Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:12.455Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:51.048Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.048Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.048Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.048Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:16:51.064Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.064Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:16:51.064Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.064Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.126Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:51.126Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.142Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:51.142Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.142Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:51.173Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:51.173Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.189Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:51.189Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.220Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:52.080Z Calling MpUpdateStart with update options = 257
2016-12-05T18:16:58.080Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.080Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.080Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.080Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.126Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.126Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.158Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.158Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.173Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.173Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.173Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.205Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.205Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.220Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.220Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.236Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.267Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.267Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.564Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.564Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.564Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.564Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:16:58.564Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.580Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:16:58.580Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.580Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.611Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.611Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.611Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.626Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.626Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.626Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.658Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.658Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.658Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.673Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.673Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.673Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:18:51.189Z Verifying engine and signature files (source: 0) ...
2016-12-05T18:18:51.236Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll]
2016-12-05T18:18:51.345Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm]
2016-12-05T18:18:51.345Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm]
2016-12-05T18:18:51.580Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm]
2016-12-05T18:18:51.595Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm]
Database:Creating offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

Database:Product:4, ProductVersion:258, Platform:6, PlatformVersion:11, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0

Database:IsEmbedded: 0, IsIEVEnabled: 1, IsServerSku: 0, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMba: 0, IsPus: 0, IsManaged: 0

Database:IsAutoSubmit:1, IsPusRem:0, LoadedAS:0, LoadedAV:1, LoadedInternal: 1, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0

Database:kLCID:1031, kOsVersion:393217, kProcessorArch:9, dwIsTest:0, kOOsVersion:393217, kOsSP:1, kOsBld:7601

2016-12-05T18:18:57.001Z Initializing MPUT in engine...
2016-12-05T18:18:57.001Z MPUT initialized in the engine successfully
2016-12-05T18:18:57.033Z CSignatureStatus: back to good
2016-12-05T18:18:57.033Z Initializing RTP plugin state...
2016-12-05T18:18:57.033Z 
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,0,0
  Proc:0,0,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:15028
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:6
  TotalStreamCon:3535
  NTFS Cache Statistics:
   TotalMisses:13154
   TotalHits:0
   InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
   Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

Signature updated on 12-05-2016 19:18:57
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
2016-12-05T18:18:57.064Z Process scan (postsignatureupdatescan) started.
2016-12-05T18:18:59.048Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:18:59.064Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:01.064Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:01.064Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:03.064Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:03.064Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:05.064Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:05.080Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:07.080Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:07.080Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:09.080Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:09.080Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-05T18:19:10.283Z Verified [C:\Windows\Temp\2C2C208E-B229-4511-AE50-D7A0BBABAA68-Sigs\gapaengine.dll]
2016-12-05T18:19:10.283Z Verified [C:\Windows\Temp\2C2C208E-B229-4511-AE50-D7A0BBABAA68-Sigs\nisbase.vdm]
2016-12-05T18:19:10.298Z Verified [C:\Windows\Temp\2C2C208E-B229-4511-AE50-D7A0BBABAA68-Sigs\nisfull.vdm]
2016-12-05T18:19:10.548Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
2016-12-05T18:19:10.548Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-05T18:19:11.080Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:11.080Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Signature updated via MicrosoftUpdateServer on 12-05-2016 19:19:11
************************************************************
2016-12-05T18:19:13.080Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:13.080Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:22.080Z Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched
2016-12-05T18:19:22.126Z [Mini-filter] Restricted access to process 4664 from pid: 7156. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x0000376121A2F41C, signame=ALFPER:HSTR/ATuneUpPf, cached=false, resource="\\?\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe"
Internal signature match:subtype=Persist, sigseq=0x0000376121A2F41C, signame=ALFPER:HSTR/ATuneUpPf, cached=false, resource="\\?\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
2016-12-05T18:19:48.580Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:19:48.580Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:19:48.580Z [Mini-filter] Restricted access to process 4664 from pid: 2848. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
2016-12-05T18:20:03.720Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T18:20:03.720Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000376121A2F41C, signame=ALFPER:HSTR/ATuneUpPf, cached=false, resource="\\?\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe"
Internal signature match:subtype=Persist, sigseq=0x0000376121A2F41C, signame=ALFPER:HSTR/ATuneUpPf, cached=false, resource="\\?\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-05T18:20:10.548Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
2016-12-05T18:20:10.548Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
2016-12-05T18:20:10.548Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
2016-12-05T18:20:10.548Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:20:10.564Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
2016-12-05T18:20:10.564Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:20:10.564Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
2016-12-05T18:20:10.564Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
2016-12-05T18:20:10.611Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.611Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.611Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:20:10.642Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.642Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.642Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-05T18:20:10.673Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.673Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.673Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:20:10.689Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.689Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.689Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Begin Resource Scan
Scan ID:{BE08F640-564C-46E7-8B59-C7229592A923}
Scan Source:7
Start Time:12-05-2016 19:20:03
End Time:12-05-2016 19:20:33
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2120,ProcessStart:131254344193437500
Explicit resource to scan
Resource Schema:process
Resource Path:pid:3344,ProcessStart:131254344203837890
Explicit resource to scan
Resource Schema:process
Resource Path:pid:6516,ProcessStart:131254352790341796
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2120,ProcessStart:131254344193437500
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:6516,ProcessStart:131254352790341796
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:service
Resource Path:chip1click
Result Count:8
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:15490869229661454334
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:6516,ProcessStart:131254352790341796
Extended Info:40956872578181
Unknown File
Identifier:12270248892783656958
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2120,ProcessStart:131254344193437500
Extended Info:9223502295520413380
Unknown File
Identifier:4443369305966379006
Number of Resources:2
Resource Schema:process
Resource Path:pid:2120,ProcessStart:131254344193437500
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
Unknown File
Identifier:7106473450117529598
Number of Resources:3
Resource Schema:process
Resource Path:pid:6516,ProcessStart:131254352790341796
Extended Info:0
Resource Schema:service
Resource Path:chip1click
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:40956872578181
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\Device\HarddiskVolume2\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\D406DAFC-378F-DA13-57D0-4776FF63C75A_1d24fed712062e7"
2016-12-05T18:20:38.580Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{B1B7A701-41E8-4356-941D-BE55B18952DD}
Scan Source:7
Start Time:12-05-2016 19:20:53
End Time:12-05-2016 19:20:59
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\D406DAFC-378F-DA13-57D0-4776FF63C75A_1d24fed712062e7
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:15715452438209101822
Number of Resources:1
Resource Schema:file
Resource Path:C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)
Extended Info:0
End Scan
************************************************************

2016-12-05T18:20:59.970Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\CHIP DIGITAL GMBH\CHIP1CLICK\CHIP 1-CLICK INSTALLER.EXE"
2016-12-05T18:25:52.080Z AutoPurgeWorker triggered with dwWork=0x3
2016-12-05T18:25:52.095Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2016-12-05T18:25:52.095Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 23161659(ms)
2016-12-05T18:25:52.142Z Product supports installmode: 0
2016-12-05T18:25:52.705Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)
2016-12-05T18:25:52.845Z Task(GetDeviceTicket -AccessKey 8A815259-715D-D228-E8EE-4D23B5D060C3 ) launched as network service
2016-12-05T18:25:52.908Z Trace buffers written: 256, events lost: 0, buffers lost: 0, days: 0
2016-12-05T18:25:52.908Z Trusted image bitmap: 0x0
2016-12-05T18:25:52.908Z Trusted image OEM name: (not found)
2016-12-05T18:25:52.908Z Start sending one time SQM data points.
2016-12-05T18:25:52.908Z Finished sending one time SQM data points.
2016-12-05T18:25:52.908Z Task(-UploadSQM -RestrictPrivileges) launched
2016-12-05T18:25:52.923Z [Mini-filter] Restricted access to process 6632 from pid: 4000. Original desired access: 0x1fffff.
2016-12-05T18:25:53.126Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T18:26:52.970Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:26:52.970Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:26:52.970Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:26:52.970Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:26:53.001Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:26:53.001Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:28:57.095Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
2016-12-05T18:28:59.845Z Process scan (poststartupscan) completed.
2016-12-05T18:29:41.861Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T18:30:40.126Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.126Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.126Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.158Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.189Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.189Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.314Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:30:40.314Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.330Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:30:40.330Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.345Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:30:40.361Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:30:40.361Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.376Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:30:40.376Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.408Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:32:17.439Z Cache Resizing**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 11945
Number of invalid entries is 0
Number of inserts issued is 12918
Number of replaces issued is 0
Number of insert failures is 1
Number of inserts with duplicate entries is 11008
Number of lookups is 33590
Number of lookup misses is 1520
Number of fast lookup misses is 31658
Number of false fast lookups is 1520
Number of invalidations is 6
Number of maintenance invalidations is 0
Current File Size is 319488
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T18:33:55.857Z Cache Resizing**********Cache stats************
No. Of buckets -> 16000
Each Bucket has max capacity of -> 1 entries
number of Entries is 15326
Number of invalid entries is 0
Number of inserts issued is 30339
Number of replaces issued is 0
Number of insert failures is 2
Number of inserts with duplicate entries is 14384
Number of lookups is 40447
Number of lookup misses is 2836
Number of fast lookup misses is 37191
Number of false fast lookups is 2836
Number of invalidations is 6
Number of maintenance invalidations is 0
Current File Size is 397312
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"

BEGIN BM telemetry
GUID:{A67FDC4B-037A-A0AF-A2F1-D81645CE767C}
TelemetryName:Behavior:Win32/EMSGen
SignatureID:51347397088536
ProcessID:2860
ProcessCreationTime:131254344201337890
SessionID:0
CreationTime:12-05-2016 19:36:08
ImagePath:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
END BM telemetry

2016-12-05T18:36:11.134Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\MyNewsBar.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\MyNewsBar.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Begin Resource Scan
Scan ID:{80DA2DF1-324A-4CBC-AC6A-62F5C59D0316}
Scan Source:7
Start Time:12-05-2016 19:38:13
End Time:12-05-2016 19:38:14
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe
Extended Info:35875764682496
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4B4F7506, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4B4F7506, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4B4F7506, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe"
Begin Resource Scan
Scan ID:{C2603F97-6D46-450D-B378-377DA8CC0F13}
Scan Source:7
Start Time:12-05-2016 19:38:35
End Time:12-05-2016 19:38:36
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe
Extended Info:25770771399865
End Scan
************************************************************
         

Alt 07.12.2016, 21:23   #7
Lumis
 
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden - Standard

PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden



Code:
ATTFilter
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECF9ABFFB, signame=ALF:Win32/Dorv.D!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Microsoft Office\Office14\WWLIB.DLL"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4B4F7506, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECF9ABFFB, signame=ALF:Win32/Dorv.D!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Microsoft Office\Office14\WWLIB.DLL"
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECF9ABFFB, signame=ALF:Win32/Dorv.D!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Microsoft Office\Office14\WWLIB.DLL"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\da60c21e21f3c1efe837e3f670a2456d88468480
Dynamic Signature Compilation Timestamp:12-05-2016 19:39:58
Persistence Type:Duration
Time remaining:216000000
2016-12-05T18:40:07.465Z Dynamic signature received
2016-12-05T18:40:07.472Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Begin Resource Scan
Scan ID:{4374AA98-BADE-4A26-9AFD-FD4804DC39D4}
Scan Source:7
Start Time:12-05-2016 19:39:57
End Time:12-05-2016 19:40:07
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Result Count:1
Unknown File
Identifier:2611507776458850302
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\Microsoft Antimalware\Scans\FilesStash\DC4BC2D8-E655-4A5E-8E73-191D2C9C1828_1d24ff02ae43485"
2016-12-05T18:40:08.266Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05EDC1DF, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05EDC1DF, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05EDC1DF, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05EDC1DF, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05EDC1DF, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05EDC1DF, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll"
Begin Resource Scan
Scan ID:{D74B64D2-981E-4C1D-9B73-4ACFCE1B3983}
Scan Source:7
Start Time:12-05-2016 19:43:28
End Time:12-05-2016 19:43:59
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll
Result Count:1
Unknown File
Identifier:3143770244384817150
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll
Extended Info:23631009530335
End Scan
************************************************************

2016-12-05T18:44:35.033Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05EDC1DF, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\Microsoft Antimalware\Scans\FilesStash\3FA67B2D-B345-4F5F-514C-67DBD6F1F3CD_1d24ff0ca50fedc"
2016-12-05T18:44:36.057Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\Device\HarddiskVolume2\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
2016-12-05T18:45:58.672Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\bf42aabbea08945f1cea20f3a72a910b81d278dc
Dynamic Signature Compilation Timestamp:12-05-2016 19:45:59
Persistence Type:Duration
Time remaining:216000000
2016-12-05T18:45:58.677Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Begin Resource Scan
Scan ID:{280EA478-9C5A-4DF5-8F6F-5DF378033637}
Scan Source:7
Start Time:12-05-2016 19:45:57
End Time:12-05-2016 19:45:58
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Result Count:1
Unknown File
Identifier:14105644664979718142
Number of Resources:1
Resource Schema:file
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
End Scan
************************************************************

2016-12-05T18:45:58.992Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\C:\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-05T18:50:39.300Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.300Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.301Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.314Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:50:39.321Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.333Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.333Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.334Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:50:39.373Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.374Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.375Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.394Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.395Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.396Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.422Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.423Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.424Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.443Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.444Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.445Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\innovative solutions\advanced uninstaller pro\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\innovative solutions\advanced uninstaller pro\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\innovative solutions\advanced uninstaller pro\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\innovative solutions\advanced uninstaller pro\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
2016-12-05T18:55:21.213Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\a926cfec24f01dd562fdf47189200a0caf50f4cd
Dynamic Signature Compilation Timestamp:12-05-2016 19:55:22
Persistence Type:Duration
Time remaining:216000000
2016-12-05T18:55:21.220Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
2016-12-05T18:55:54.168Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:55:54.171Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:55:55.149Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:55:55.150Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Begin Resource Scan
Scan ID:{4B312167-B833-48DC-9ED7-31A08D56EF89}
Scan Source:7
Start Time:12-05-2016 19:56:26
End Time:12-05-2016 19:56:32
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Extended Info:25770492256673
End Scan
************************************************************

Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
2016-12-05T18:56:41.392Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
2016-12-05T18:56:50.196Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:56:50.197Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=false, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Begin Resource Scan
Scan ID:{33069724-4379-4FB3-AFDE-E2BCB92BE233}
Scan Source:7
Start Time:12-05-2016 19:56:47
End Time:12-05-2016 19:56:52
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe
Result Count:1
Unknown File
Identifier:3848702724166123518
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe
Extended Info:5862668159986
End Scan
************************************************************

2016-12-05T18:56:53.600Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:56:53.600Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:56:54.453Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
2016-12-05T18:57:06.618Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.619Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.779Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.780Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.871Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.873Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.898Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.899Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.933Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.934Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.959Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.960Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.096Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.096Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.121Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.122Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.156Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.157Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.181Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.182Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.706Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.707Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.735Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.736Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.764Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.765Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.789Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.790Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.380Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.381Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.408Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.409Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.437Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.438Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.463Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.464Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
2016-12-05T18:57:12.358Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:12.359Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:12.388Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:12.389Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:12.425Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:12.426Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:12.457Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:12.458Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-05T18:57:18.169Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe"
Begin Resource Scan
Scan ID:{70D20DF3-35C6-43B3-AEE9-9CA4AE66EF23}
Scan Source:7
Start Time:12-05-2016 19:57:09
End Time:12-05-2016 19:57:18
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Result Count:2
Unknown File
Identifier:3340142729047834622
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:5866550236419
Unknown File
Identifier:9369635509590032382
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:5866550236419
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\792F817A-DE2B-6580-9878-88DEE7175EE4_1d24ff2919cafb2"
2016-12-05T18:57:26.683Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T18:57:53.413Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:53.413Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555A9525A1C, signame=#LowFi:Tool:Win32/BatToExeB2E, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayCrashReporter.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayCrashReporter.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe"
2016-12-05T19:00:17.196Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{F6A6BE3F-5B99-426C-88DC-EF1AFB517BE0}
Scan Source:7
Start Time:12-05-2016 20:00:13
End Time:12-05-2016 20:00:17
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe
Result Count:1
Unknown File
Identifier:1231512738186919934
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe
Extended Info:5866336595677
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume2\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\AEDC9A4F-6253-3D00-9246-D39F0372968F_1d24ff2fc2e7a30"
2016-12-05T19:00:18.388Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe"
Begin Resource Scan
Scan ID:{2E919521-0210-40CC-A70C-6063B1E61322}
Scan Source:7
Start Time:12-05-2016 20:00:32
End Time:12-05-2016 20:00:33
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe
Extended Info:25770492256673
End Scan
************************************************************

2016-12-05T19:00:34.914Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\AppData\Local\Temp\DMR\dmr_72.exe"
Begin Resource Scan
Scan ID:{0FAFE066-5F35-4D92-922C-D26252B8CB48}
Scan Source:3
Start Time:12-05-2016 20:00:34
End Time:12-05-2016 20:00:36
Explicit resource to scan
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Result Count:1
Threat Name:Trojan:Win32/Neurevt
ID:2147681664
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Extended Info:24631940408518
End Scan
************************************************************

2016-12-05T19:00:37.007Z DETECTIONEVENT Trojan:Win32/Neurevt file:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe;
2016-12-05T19:00:37.055Z DETECTION_ADD Trojan:Win32/Neurevt file:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Begin Resource Scan
Scan ID:{2E50E440-283D-4188-82E3-E9D626AA6D8D}
Scan Source:6
Start Time:12-05-2016 20:00:39
End Time:12-05-2016 20:00:41
Explicit resource to scan
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Result Count:1
Threat Name:Trojan:Win32/Neurevt
ID:2147681664
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Extended Info:24631940408518
End Scan
************************************************************

2016-12-05T19:00:43.745Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:00:43.749Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
2016-12-05T19:00:54.081Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{A2EE4E3B-7340-45E4-B28C-DE321535E8B0}
Scan Source:7
Start Time:12-05-2016 20:00:53
End Time:12-05-2016 20:00:54
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\audioenvironment.exe
Result Count:1
Unknown File
Identifier:16876926893444562942
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\audioenvironment.exe
Extended Info:5863497417884
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume2\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\EF0B4B1B-5D20-2A49-38EA-0819C6B48264_1d24ff31213b2b6"
2016-12-05T19:00:58.342Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-05T19:01:00.015Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-05T19:01:10.067Z DETECTION_MERGE Trojan:Win32/Neurevt regkey:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
2016-12-05T19:01:10.067Z DETECTION_MERGE Trojan:Win32/Neurevt runonce:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
2016-12-05T19:01:10.068Z DETECTIONEVENT Trojan:Win32/Neurevt file:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe;regkey:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service;runonce:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service;
Begin Resource Scan
Scan ID:{3EED1771-2388-4215-BA6E-58B2BC98912C}
Scan Source:6
Start Time:12-05-2016 20:00:41
End Time:12-05-2016 20:01:10
Explicit resource to scan
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Result Count:1
Threat Name:Trojan:Win32/Neurevt
ID:2147681664
Severity:5
Number of Resources:3
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Extended Info:0
Resource Schema:runonce
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Extended Info:0
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Extended Info:24631940408518
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\D:\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Begin Resource Scan
Scan ID:{657F3EFF-57DB-41B4-A776-8071770FCC2D}
Scan Source:7
Start Time:12-05-2016 20:01:09
End Time:12-05-2016 20:01:10
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Result Count:1
Unknown File
Identifier:467007837944414206
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Extended Info:631932727217916
End Scan
************************************************************

FileName:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
SHA1:a3210589830de8701c4cbde58828b1f1be9033da
2016-12-05T19:01:12.303Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:01:15.309Z MAPS Report Send (hr=0x0 httpcode=200)
Beginning threat actions
Start time:12-05-2016 20:01:11
Threat Name:Trojan:Win32/Neurevt
Threat ID:2147681664
Action:quarantine
Resource action complete:Quarantine
Schema:regkey
Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Threat ID:2147681664
Resource refcount:1
Result:0
Resource action complete:Quarantine
Schema:runonce
Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Threat ID:2147681664
Resource refcount:1
Result:0
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Threat ID:2147681664
Resource refcount:1
Result:0
Registry value to be removed:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Type:1
Value:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Action remove successful on regkey:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Resource action complete:Removal
Schema:regkey
Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Threat ID:2147681664
Resource refcount:1
Result:0
Resource action complete:Removal
Schema:runonce
Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Threat ID:2147681664
Resource refcount:1
Result:0
File owner:Lutz-PC\Lutz
File scheduled for removal on reboot
File Name:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Threat ID:2147681664
Resource refcount:1
Result:3010
Finished threat ID:2147681664
Threat result:0
Threat status flags:386
Finished threat actions
End time:12-05-2016 20:01:14
Result:0
2016-12-05T19:01:16.687Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:01:16.690Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:01:18.695Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:01:18.698Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:01:20.580Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\7136683dc89b4916a158aabfb46fdeee84b186f0
Dynamic Signature Compilation Timestamp:12-05-2016 20:01:21
Persistence Type:VDM Version
Source Version:282475797741569
Expiration Version:282475797741569
2016-12-05T19:01:20.584Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:01:20.625Z DETECTIONEVENT Trojan:Win32/MultiInjector.A!rfn containerfile:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip;file:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe;
2016-12-05T19:01:20.625Z DETECTION_ADD Trojan:Win32/MultiInjector.A!rfn containerfile:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
2016-12-05T19:01:20.625Z DETECTION_ADD Trojan:Win32/MultiInjector.A!rfn file:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe
2016-12-05T19:01:20.630Z DETECTIONEVENT Trojan:Win32/Neurevt file:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe;regkey:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service;runonce:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service;
2016-12-05T19:01:20.631Z DETECTION_ADD Trojan:Win32/Neurevt file:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
2016-12-05T19:01:20.631Z DETECTION_ADD Trojan:Win32/Neurevt regkey:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
2016-12-05T19:01:20.631Z DETECTION_ADD Trojan:Win32/Neurevt runonce:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Begin Quick Scan
Scan ID:{1384EB81-2530-4613-9AA0-804CE3B1AD4D}
Scan Source:2
Start Time:12-05-2016 19:34:31
End Time:12-05-2016 20:01:20
Result Count:25
Threat Name:Trojan:Win32/MultiInjector.A!rfn
ID:2147694523
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe
Extended Info:24633383919688
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Extended Info:0
Threat Name:Trojan:Win32/Neurevt
ID:2147681664
Severity:5
Number of Resources:3
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Extended Info:0
Resource Schema:runonce
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Extended Info:0
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Extended Info:24631940408518
Unknown File
Identifier:1589573838700542
Number of Resources:3
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe
Extended Info:5866336595677
Resource Schema:firefoxplugins
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Extended Info:0
Unknown File
Identifier:15948155041911668734
Number of Resources:3
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayCrashReporter.exe
Extended Info:5866336595677
Resource Schema:firefoxplugins
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Extended Info:0
Unknown File
Identifier:1231512738186919934
Number of Resources:3
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe
Extended Info:5866336595677
Resource Schema:firefoxplugins
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Extended Info:0
Unknown File
Identifier:8668428389951995902
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Extended Info:5865471105564
Unknown File
Identifier:17155677555219496958
Number of Resources:1
Resource Schema:queryfileregkeyvalue
Resource Path:HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\
Extended Info:536274339601368
Unknown File
Identifier:3340142729047834622
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:5866550236419
Unknown File
Identifier:9369635509590032382
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:5866550236419
Unknown File
Identifier:7242926480961830910
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Packages/NSU/Setup/NSU.msi->Data1.cab->ta_productdata_handl.D321D6CC_DBBE_4AC3_8DBD_DFF82BB39BDC
Extended Info:23631009530335
Unknown File
Identifier:12153967519442403326
Number of Resources:3
         
Code:
ATTFilter
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/InstallerServiceExec.exe
Extended Info:23633742824874
Unknown File
Identifier:14958751411939049470
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/WMFDist11-WindowsXP-X86-ENU.exe->(WExtract)->wmfdist11.exe->(SfxCab_8ead0856)->portabledevicetypes.dll
Extended Info:23631699224337
Unknown File
Identifier:17469801885471866878
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/pcswpc.exe
Extended Info:23634104720268
Unknown File
Identifier:12840072245577515006
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:5863487478424
Unknown File
Identifier:3143770244384817150
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll
Extended Info:23631009530335
Unknown File
Identifier:6182801030435045374
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:23631359159303
Unknown File
Identifier:6182801030435045374
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:23631359159303
Unknown File
Identifier:7173338355680149502
Number of Resources:7
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Microsoft Office\Office14\WWLIB.DLL
Extended Info:23634393087995
Resource Schema:firefoxplugins
Resource Path:HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0
Extended Info:0
Resource Schema:firefoxplugins
Resource Path:HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0
Extended Info:0
Resource Schema:firefoxplugins
Resource Path:HKLM\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0
Extended Info:0
Unknown File
Identifier:11114419910065782782
Number of Resources:5
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe
Extended Info:23632173561094
Resource Schema:firefoxplugins
Resource Path:HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0
Extended Info:0
Resource Schema:firefoxplugins
Resource Path:HKLM\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0
Extended Info:0
Unknown File
Identifier:10100072441477857278
Number of Resources:3
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Extended Info:9223533080976662056
Unknown File
Identifier:10801045176160616446
Number of Resources:9
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Extended Info:0
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Extended Info:0
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe
Extended Info:23632075254285
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Extended Info:0
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Extended Info:0
Unknown File
Identifier:13318595489990443006
Number of Resources:21
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606B-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606B-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Extended Info:0
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Extended Info:0
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe
Extended Info:23632520901406
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Unknown File
Identifier:15215047301790695422
Number of Resources:1
Resource Schema:samplefilerootkit
Resource Path:ems->Trigger:EMS
Extended Info:347194694280023
Unknown File
Identifier:15490869229661454334
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:6516,ProcessStart:131254352790341796
Extended Info:40956872578181
Unknown File
Identifier:12270248892783656958
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2120,ProcessStart:131254344193437500
Extended Info:9223502295520413380
End Scan
************************************************************

2016-12-05T19:01:20.655Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:01:20.658Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
Begin Resource Scan
Scan ID:{FD559BE0-B72A-4EF1-B58C-C9E73CD4BEE0}
Scan Source:7
Start Time:12-05-2016 20:01:20
End Time:12-05-2016 20:01:20
Explicit resource to scan
Resource Schema:samplefilerootkit
Resource Path:ems->Trigger:EMS
Result Count:1
Unknown File
Identifier:15215047301790695422
Number of Resources:1
Resource Schema:samplefilerootkit
Resource Path:ems->Trigger:EMS
Extended Info:0
End Scan
************************************************************

2016-12-05T19:01:20.936Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:02:20.654Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.655Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.655Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.662Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.698Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.698Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.800Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:02:20.801Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.821Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:02:20.822Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.825Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:02:20.848Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:02:20.849Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.867Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:02:20.868Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.895Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:05:33.428Z DETECTIONEVENT Trojan:Win32/Rundas.A containerfile:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip;file:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe;
2016-12-05T19:05:33.429Z DETECTION_ADD Trojan:Win32/Rundas.A containerfile:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
2016-12-05T19:05:33.429Z DETECTION_ADD Trojan:Win32/Rundas.A file:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Begin Resource Scan
Scan ID:{6BFCAC5D-F3C1-4820-B334-74AF74554906}
Scan Source:6
Start Time:12-05-2016 20:05:13
End Time:12-05-2016 20:05:33
Explicit resource to scan
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Explicit resource to scan
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Explicit resource to scan
Resource Schema:runonce
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Result Count:2
Threat Name:Trojan:Win32/MultiInjector.A!rfn
ID:2147694523
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe
Extended Info:24633383919688
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Extended Info:0
Threat Name:Trojan:Win32/Rundas.A
ID:2147717515
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Extended Info:42224134630980
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Extended Info:0
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00000555A9525A1C, signame=#LowFi:Tool:Win32/BatToExeB2E, cached=false, resource="Ereignisanzeige löschen_x86.exe->Ereignisanzeige löschen_x64.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFB1EC32E, signame=TEL:SNID:Tool:Win32/ScriptToExe!f2ko, cached=false, resource="Ereignisanzeige löschen_x86.exe->Ereignisanzeige löschen_x86.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555A9525A1C, signame=#LowFi:Tool:Win32/BatToExeB2E, cached=false, resource="Ereignisanzeige löschen_x86.exe->Ereignisanzeige löschen_x86.exe"
FileName:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe
SHA1:a2a0d4e77dd8b0ea7beb9ca844b14674be009f16
FileName:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
SHA1:0317d4b341194ed8717e403bf5833f79a93eed37
Internal signature match:subtype=Lowfi, sigseq=0x00000555A9525A1C, signame=#LowFi:Tool:Win32/BatToExeB2E, cached=true, resource="Ereignisanzeige löschen_x64.exe->Ereignisanzeige löschen_x64.exe"
FileName:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
SHA1:905f5c85dd500eba437ef22f3de59a35ee12da87
Beginning threat actions
Start time:12-05-2016 20:05:35
Threat Name:Trojan:Win32/MultiInjector.A!rfn
Threat ID:2147694523
Action:remove
Threat Name:Trojan:Win32/Rundas.A
Threat ID:2147717515
Action:unknown
File to act on SHA1:0317D4B341194ED8717E403BF5833F79A93EED37
File owner:VORDEFINIERT\Administratoren
File cleaned/removed successfully
File Name:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe
Threat ID:2147694523
Resource refcount:1
Result:0
Finished threat ID:2147717515
Threat result:0
Threat status flags:0
Finished threat ID:2147694523
Threat result:0
Threat status flags:0
Finished threat actions
End time:12-05-2016 20:05:35
Result:0
2016-12-05T19:05:35.740Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:05:38.555Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{F26CB1B9-944B-48F6-9876-398DF7F01599}
Scan Source:6
Start Time:12-05-2016 20:05:38
End Time:12-05-2016 20:05:38
Explicit resource to scan
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Result Count:1
Threat Name:Trojan:Win32/Rundas.A
ID:2147717515
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Extended Info:42224134630980
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Extended Info:0
End Scan
************************************************************

2016-12-05T19:05:40.568Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:05:40.572Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{1E89EC1F-217D-48AB-A5B6-892CE8813ACB}
Scan Source:6
Start Time:12-05-2016 20:05:38
End Time:12-05-2016 20:05:59
Explicit resource to scan
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Result Count:1
Threat Name:Trojan:Win32/Rundas.A
ID:2147717515
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Extended Info:42224134630980
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Extended Info:0
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00000555A9525A1C, signame=#LowFi:Tool:Win32/BatToExeB2E, cached=true, resource="Ereignisanzeige löschen_x64.exe->Ereignisanzeige löschen_x64.exe"
FileName:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
SHA1:905f5c85dd500eba437ef22f3de59a35ee12da87
FileName:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
SHA1:b204cc9c616acaaf3496a662453aad46eded66f3
Beginning threat actions
Start time:12-05-2016 20:06:00
Threat Name:Trojan:Win32/Rundas.A
Threat ID:2147717515
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Threat ID:2147717515
Resource refcount:1
Result:0
Resource action complete:Quarantine
Schema:containerfile
Path:\\?\C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Threat ID:2147717515
Resource refcount:1
Result:0
File to act on SHA1:B204CC9C616ACAAF3496A662453AAD46EDED66F3
File owner:VORDEFINIERT\Administratoren
File cleaned/removed successfully
File Name:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Threat ID:2147717515
Resource refcount:1
Result:0
Finished threat ID:2147717515
Threat result:0
Threat status flags:0
Finished threat actions
End time:12-05-2016 20:06:00
Result:0
2016-12-05T19:06:00.521Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:06:02.412Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:06:02.416Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:07:03.009Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:07:03.009Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:07:03.030Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:07:03.031Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:07:03.055Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:07:03.056Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:07:03.076Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:07:03.077Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Log
Stopped On 12-05-2016 20:07:35 (Exit Code = 0x0)
************************************************************
2016-12-05T19:07:35.125Z Unloaded module#0 MpComServer.
2016-12-05T19:07:35.125Z Shutdowning WscLib, update=0, snooze=0
2016-12-05T19:07:35.141Z 
****************************RTP Perf Log***************************
RTP Start:‎12‎-‎05‎-‎2016 19:18:57
Last Perf:‎12‎-‎05‎-‎2016 19:18:57
First RTP Scan:‎12‎-‎05‎-‎2016 19:18:57
Plugin States:  AV:1  AS:1  RTP:1  OA:1  BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:5
System File Cache:
  Hits:1538
  Misses:12141
BM Queue:45,632,0
  Proc:17,324,0
  File:28,390,0
Plugin Queue:0,1,0
  Threat:0,1,0
  Susp:0,1,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,3,0
  SetEngine:1,1,0
  SetState:0,1,0
  SetUser:0,0,0
  Config:0,1,0
  ProcExcl:0,1,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:17730
  Pending:0
  RegSize:134308
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:3866488
  AsyncQCurrent:0
  BMFlags:15
  ServiceMaj:0
  ServiceMin:0
  NumInstance:6
  TotalStreamCon:12788
  NTFS Cache Statistics:
   TotalMisses:26864
   TotalHits:77920
   InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  SyncProcessCreateDuration:2ms (320/114)
   Success: 114, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-05T19:07:35.438Z 
****************************RTP Perf Log***************************
RTP Start:‎12‎-‎05‎-‎2016 20:07:35
Last Perf:‎12‎-‎05‎-‎2016 20:07:35
First RTP Scan:N/A
Plugin States:  AV:1  AS:1  RTP:1  OA:1  BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:1
System File Cache:
  Hits:0
  Misses:0
BM Queue:45,0,0
  Proc:17,0,0
  File:28,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:0,1,0
  SetEngine:0,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:17730
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:3866488
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:6
  TotalStreamCon:12788
  NTFS Cache Statistics:
   TotalMisses:26864
   TotalHits:77920
   InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  SyncProcessCreateDuration:2ms (320/114)
   Success: 114, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-05-2016 20:08:51
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/05/2016 19:08:51.468750000 UTC
2016-12-05T19:08:51.468Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-05T19:08:51.484Z Trace session started - MpWppTracing-12052016-200851-00000003-ffffffff.bin
2016-12-05T19:08:51.484Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-05T19:08:51.515Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 20000
Each Bucket has max capacity of -> 1 entries
number of Entries is 18321
Number of invalid entries is 0
Number of inserts issued is 49805
Number of replaces issued is 0
Number of insert failures is 2
Number of inserts with duplicate entries is 15347
Number of lookups is 82227
Number of lookup misses is 8538
Number of fast lookup misses is 62378
Number of false fast lookups is 8538
Number of invalidations is 16
Number of maintenance invalidations is 0
Current File Size is 495616
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T19:08:51.578Z Verifying RTP plugin...
2016-12-05T19:08:51.578Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-05T19:08:51.656Z Loading engine...
2016-12-05T19:08:51.718Z Verifying engine and signature files (source: 1) ...
2016-12-05T19:08:51.718Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-05T19:08:51.718Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-05T19:08:51.718Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-05T19:08:51.718Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-05T19:08:51.718Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-05T19:08:53.359Z Initializing MPUT in engine...
2016-12-05T19:08:53.359Z MPUT initialized in the engine successfully
2016-12-05T19:08:53.562Z CSignatureStatus: back to good
2016-12-05T19:08:53.562Z Initializing RTP plugin state...
2016-12-05T19:08:53.562Z 
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:926
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1394
  NTFS Cache Statistics:
   TotalMisses:4974
   TotalHits:0
   InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
   Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-05T19:08:53.562Z Engine loaded!
2016-12-05T19:08:53.609Z Verifying license file...
2016-12-05T19:08:53.609Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-05T19:08:53.609Z Product supports installmode: 0
2016-12-05T19:08:53.656Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-05T19:08:53.656Z Loaded module#0 MpComServer.
2016-12-05T19:08:53.656Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-05T19:08:53.656Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-05T19:10:12.461Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-05T19:10:12.461Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
2016-12-05T19:10:12.618Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{A2B5A6B5-3C16-4603-BE84-978C2D187C46}
Scan Source:7
Start Time:12-05-2016 20:10:06
End Time:12-05-2016 20:10:12
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Result Count:1
Unknown File
Identifier:7106473450117529598
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:40956872578181
End Scan
************************************************************

2016-12-05T19:10:19.515Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 3856
2016-12-05T19:10:19.515Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 3856
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-05T19:12:14.765Z [Mini-filter] Restricted access to process 1036 from pid: 3856. Original desired access: 0x1fffff.
2016-12-05T19:12:14.765Z [Mini-filter] Restricted access to process 1036 from pid: 3856. Original desired access: 0x1fffff.
2016-12-05T19:12:14.796Z [Mini-filter] Restricted access to process 1036 from pid: 3856. Original desired access: 0x1fffff.
2016-12-05T19:12:14.796Z [Mini-filter] Restricted access to process 1036 from pid: 3856. Original desired access: 0x1fffff.
2016-12-05T19:12:15.296Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 3856
2016-12-05T19:12:15.296Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 3856
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-05-2016 20:22:16
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/05/2016 19:22:16.546875000 UTC
2016-12-05T19:22:16.546Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-05T19:22:16.578Z Trace session started - MpWppTracing-12052016-202216-00000003-ffffffff.bin
2016-12-05T19:22:16.578Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-05T19:22:17.140Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 20000
Each Bucket has max capacity of -> 1 entries
number of Entries is 18321
Number of invalid entries is 0
Number of inserts issued is 49805
Number of replaces issued is 0
Number of insert failures is 2
Number of inserts with duplicate entries is 15347
Number of lookups is 83471
Number of lookup misses is 8680
Number of fast lookup misses is 62896
Number of false fast lookups is 8680
Number of invalidations is 16
Number of maintenance invalidations is 0
Current File Size is 495616
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T19:22:17.890Z Verifying RTP plugin...
2016-12-05T19:22:17.937Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-05T19:22:19.015Z Loading engine...
2016-12-05T19:22:19.640Z Verifying engine and signature files (source: 1) ...
2016-12-05T19:22:19.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-05T19:22:19.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-05T19:22:19.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-05T19:22:19.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-05T19:22:19.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-05T19:22:34.671Z Initializing MPUT in engine...
2016-12-05T19:22:34.671Z MPUT initialized in the engine successfully
2016-12-05T19:22:37.265Z CSignatureStatus: back to good
2016-12-05T19:22:37.328Z Initializing RTP plugin state...
2016-12-05T19:22:37.328Z 
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:742
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1420
  NTFS Cache Statistics:
   TotalMisses:4750
   TotalHits:0
   InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
   Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************
         

Alt 07.12.2016, 21:24   #8
Lumis
 
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden - Standard

PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden



Code:
ATTFilter
2016-12-05T19:22:37.328Z Engine loaded!
2016-12-05T19:22:38.593Z Verifying license file...
2016-12-05T19:22:38.593Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-05T19:22:38.593Z Product supports installmode: 0
2016-12-05T19:22:39.515Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-05T19:22:39.515Z Loaded module#0 MpComServer.
2016-12-05T19:22:39.531Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-05T19:22:39.531Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Begin Resource Scan
Scan ID:{80DA618D-5D34-4AFC-86CF-AD39B3D078E9}
Scan Source:7
Start Time:12-05-2016 20:23:15
End Time:12-05-2016 20:24:05
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************

Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
2016-12-05T19:25:50.790Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-05T19:25:50.915Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-05T19:26:02.258Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-05-2016 20:29:50
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/05/2016 19:29:50.359375000 UTC
2016-12-05T19:29:50.359Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-05T19:29:50.375Z Trace session started - MpWppTracing-12052016-202950-00000003-ffffffff.bin
2016-12-05T19:29:50.375Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-05T19:29:50.375Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 20000
Each Bucket has max capacity of -> 1 entries
number of Entries is 18338
Number of invalid entries is 0
Number of inserts issued is 49833
Number of replaces issued is 0
Number of insert failures is 2
Number of inserts with duplicate entries is 15347
Number of lookups is 93328
Number of lookup misses is 9588
Number of fast lookup misses is 66671
Number of false fast lookups is 9588
Number of invalidations is 16
Number of maintenance invalidations is 0
Current File Size is 495616
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T19:29:50.390Z Verifying RTP plugin...
2016-12-05T19:29:50.390Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-05T19:29:50.390Z Loading engine...
2016-12-05T19:29:50.421Z Verifying engine and signature files (source: 1) ...
2016-12-05T19:29:50.421Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-05T19:29:50.421Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-05T19:29:50.421Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-05T19:29:50.421Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-05T19:29:50.421Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-05T19:29:51.406Z Initializing MPUT in engine...
2016-12-05T19:29:51.406Z MPUT initialized in the engine successfully
2016-12-05T19:29:51.500Z CSignatureStatus: back to good
2016-12-05T19:29:51.500Z Initializing RTP plugin state...
2016-12-05T19:29:51.500Z 
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:926
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1367
  NTFS Cache Statistics:
   TotalMisses:5027
   TotalHits:0
   InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
   Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-05T19:29:51.500Z Engine loaded!
2016-12-05T19:29:51.531Z Verifying license file...
2016-12-05T19:29:51.531Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-05T19:29:51.531Z Product supports installmode: 0
2016-12-05T19:29:51.531Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-05T19:29:51.531Z Loaded module#0 MpComServer.
2016-12-05T19:29:51.531Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-05T19:29:51.531Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-05T19:30:05.110Z MAPS Report Send (hr=0xffffffff httpcode=0)
Begin Resource Scan
Scan ID:{243A6F07-59C5-4FA8-ADF1-8A44ECD5DD8D}
Scan Source:7
Start Time:12-05-2016 20:29:52
End Time:12-05-2016 20:30:06
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Result Count:1
Unknown File
Identifier:7106473450117529598
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:40956872578181
End Scan
************************************************************

2016-12-05T19:30:06.908Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-05T19:30:38.048Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5168
2016-12-05T19:30:38.048Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5168
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
2016-12-05T19:31:36.830Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:36.830Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:36.861Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:36.861Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:37.001Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5168
2016-12-05T19:31:37.001Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5168
2016-12-05T19:31:37.001Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5168
2016-12-05T19:31:37.017Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:37.017Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T19:31:37.017Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:37.017Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T19:31:37.033Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:37.033Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T19:31:37.033Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:37.033Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T19:31:37.689Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-05T19:32:49.376Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-05T19:33:48.423Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:33:48.423Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Begin Resource Scan
Scan ID:{1CFBFB12-4EA5-42B5-AAF1-45A1B684B7EA}
Scan Source:7
Start Time:12-05-2016 20:30:21
End Time:12-05-2016 20:33:54
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2608,ProcessStart:131254397926718750
Result Count:6
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:6032965302403203070
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2608,ProcessStart:131254397926718750
Extended Info:40956872578181
Unknown File
Identifier:1400350415148548094
Number of Resources:2
Resource Schema:process
Resource Path:pid:2608,ProcessStart:131254397926718750
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:0
End Scan
************************************************************

2016-12-05T19:33:57.314Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-05T19:34:57.189Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:34:57.220Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:34:57.236Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:34:57.251Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:35:06.048Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:35:54.845Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\CHIP DIGITAL GMBH\CHIP1CLICK\CHIP 1-CLICK INSTALLER.EXE"
2016-12-05T19:35:54.876Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\HijackThis.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\D:\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
2016-12-05T19:36:54.048Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Begin Resource Scan
Scan ID:{9358F309-F248-4D43-A3DC-33DB0E10C573}
Scan Source:7
Start Time:12-05-2016 20:36:19
End Time:12-05-2016 20:36:55
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2456,ProcessStart:131254397942041015
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2608,ProcessStart:131254397926718750
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2456,ProcessStart:131254397942041015
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\ACSound.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\AudioEnvironment.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Result Count:10
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:467007837944414206
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Extended Info:631932727217916
Unknown File
Identifier:16876926893444562942
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\AudioEnvironment.exe
Extended Info:5863497417884
Unknown File
Identifier:8699507469090553854
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\ACSound.exe
Extended Info:5863497417884
Unknown File
Identifier:12594014312219017214
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2456,ProcessStart:131254397942041015
Extended Info:9223502295520413380
Unknown File
Identifier:4443369305966379006
Number of Resources:2
Resource Schema:process
Resource Path:pid:2456,ProcessStart:131254397942041015
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
Unknown File
Identifier:1400350415148548094
Number of Resources:2
Resource Schema:process
Resource Path:pid:2608,ProcessStart:131254397926718750
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:0
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\1815B6FB-8655-9128-3B75-3FC34129C70D_1d24ff823a710cd"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\79879C57-4647-A6C9-EBFD-6F71ADAAA309_1d24ff825f3f5a3"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe"
2016-12-05T19:37:16.533Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
2016-12-05T19:37:48.611Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{A5C04193-FD33-40F2-B26D-6995FEC81D23}
Scan Source:7
Start Time:12-05-2016 20:37:38
End Time:12-05-2016 20:37:50
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Result Count:2
Unknown File
Identifier:3340142729047834622
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:5866550236419
Unknown File
Identifier:9369635509590032382
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:5866550236419
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\55F0389A-48B3-A357-5522-366402954F32_1d24ff840cb2ed7"
2016-12-05T19:38:02.423Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:39:51.533Z AutoPurgeWorker triggered with dwWork=0x3
2016-12-05T19:39:51.533Z Product supports installmode: 0
2016-12-05T19:39:52.205Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2016-12-05T19:39:52.205Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 17500163(ms)
2016-12-05T19:40:15.845Z Detection State: Finished(3) Failed(0) CriticalFailed(0) Additional Actions(0)
2016-12-05T19:41:17.673Z Trace buffers written: 552, events lost: 0, buffers lost: 0, days: 0
2016-12-05T19:41:17.673Z Trusted image bitmap: 0x0
2016-12-05T19:41:17.673Z Trusted image OEM name: (not found)
2016-12-05T19:41:17.673Z Task(-UploadSQM -RestrictPrivileges) launched
2016-12-05T19:41:17.689Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 5168
2016-12-05T19:41:17.689Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 5168
2016-12-05T19:41:17.689Z [Mini-filter] Restricted access to process 4708 from pid: 7068. Original desired access: 0x1fffff.
2016-12-05T19:42:17.830Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5168
2016-12-05T19:42:17.830Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5168
2016-12-05T19:42:17.830Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5168
2016-12-05T19:42:17.845Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5168
2016-12-05T19:42:17.861Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:44:08.824Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:44:08.824Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:08.915Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:08.915Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:08.915Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:08.946Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:08.977Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:08.977Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:09.086Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:09.086Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:09.086Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:09.102Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:09.118Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:09.118Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:09.118Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:09.118Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:21.321Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.321Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.321Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.321Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1f1fff.
2016-12-05T20:45:21.336Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.336Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1f1fff.
2016-12-05T20:45:21.336Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.336Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.368Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:21.368Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.368Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:21.368Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.383Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:21.399Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.399Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:21.399Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:46:03.446Z Cache Resizing**********Cache stats************
No. Of buckets -> 20000
Each Bucket has max capacity of -> 1 entries
number of Entries is 19219
Number of invalid entries is 0
Number of inserts issued is 52376
Number of replaces issued is 0
Number of insert failures is 3
Number of inserts with duplicate entries is 16146
Number of lookups is 130043
Number of lookup misses is 11572
Number of fast lookup misses is 74025
Number of false fast lookups is 11572
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 495616
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T20:52:54.336Z Cache Resizing**********Cache stats************
No. Of buckets -> 25000
Each Bucket has max capacity of -> 1 entries
number of Entries is 24222
Number of invalid entries is 0
Number of inserts issued is 80677
Number of replaces issued is 0
Number of insert failures is 4
Number of inserts with duplicate entries is 21149
Number of lookups is 145690
Number of lookup misses is 13615
Number of fast lookup misses is 85534
Number of false fast lookups is 13615
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 618496
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T21:02:50.493Z Cache Resizing**********Cache stats************
No. Of buckets -> 31250
Each Bucket has max capacity of -> 1 entries
number of Entries is 29851
Number of invalid entries is 0
Number of inserts issued is 113991
Number of replaces issued is 0
Number of insert failures is 5
Number of inserts with duplicate entries is 26780
Number of lookups is 163747
Number of lookup misses is 16508
Number of fast lookup misses is 98649
Number of false fast lookups is 16508
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 774144
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T21:14:15.336Z Cache Resizing**********Cache stats************
No. Of buckets -> 39062
Each Bucket has max capacity of -> 1 entries
number of Entries is 37449
Number of invalid entries is 0
Number of inserts issued is 156499
Number of replaces issued is 0
Number of insert failures is 6
Number of inserts with duplicate entries is 34376
Number of lookups is 187989
Number of lookup misses is 20168
Number of fast lookup misses is 115059
Number of false fast lookups is 20168
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 958464
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T21:24:37.121Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:37.152Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:37.183Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:37.199Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:37.329Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:37.351Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:37.380Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:37.419Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.268Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.299Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.315Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.346Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.742Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.757Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.789Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.804Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:49.137Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:49.153Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:49.184Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:49.216Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:25:08.552Z Cache Resizing**********Cache stats************
No. Of buckets -> 48827
Each Bucket has max capacity of -> 1 entries
number of Entries is 46393
Number of invalid entries is 0
Number of inserts issued is 207938
Number of replaces issued is 0
Number of insert failures is 7
Number of inserts with duplicate entries is 43310
Number of lookups is 210436
Number of lookup misses is 24119
Number of fast lookup misses is 132728
Number of false fast lookups is 24119
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 1200128
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T21:25:26.943Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:31:42.029Z Cache Resizing**********Cache stats************
No. Of buckets -> 61033
Each Bucket has max capacity of -> 1 entries
number of Entries is 57445
Number of invalid entries is 0
Number of inserts issued is 270759
Number of replaces issued is 0
Number of insert failures is 8
Number of inserts with duplicate entries is 54362
Number of lookups is 234538
Number of lookup misses is 28095
Number of fast lookup misses is 152783
Number of false fast lookups is 28095
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 1499136
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T21:41:01.134Z Cache Resizing**********Cache stats************
No. Of buckets -> 76291
Each Bucket has max capacity of -> 1 entries
number of Entries is 72908
Number of invalid entries is 0
Number of inserts issued is 352707
Number of replaces issued is 0
Number of insert failures is 9
Number of inserts with duplicate entries is 69825
Number of lookups is 265909
Number of lookup misses is 33526
Number of fast lookup misses is 178481
Number of false fast lookups is 33526
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 1871872
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T21:44:42.859Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:44:45.953Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:44:45.968Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:44:45.984Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:44:46.015Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:53:08.997Z Cache Resizing**********Cache stats************
No. Of buckets -> 95363
Each Bucket has max capacity of -> 1 entries
number of Entries is 86940
Number of invalid entries is 0
Number of inserts issued is 444510
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 83848
Number of lookups is 297649
Number of lookup misses is 38900
Number of fast lookup misses is 203506
Number of false fast lookups is 38900
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 2334720
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T21:59:09.806Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:59:09.831Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:59:09.859Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:59:09.882Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:59:12.356Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:59:35.583Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:11.802Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:11.818Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:11.865Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:11.880Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:18.615Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:18.630Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:18.677Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:18.693Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:44.991Z On demand scan closed without completion. Current scan state: 1. ScanSource: 2, Scan flags:0x10002. NumberOfResources:0. bRemoveFromList:1
Internal signature match:subtype=Lowfi, sigseq=0x00002A78628A9626, signame=TEL:VirTool:Win32/Antihv.A!Bios, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\Battle.net\SystemSurvey.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00002A78628A9626, signame=TEL:VirTool:Win32/Antihv.A!Bios, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Battle.net\SystemSurvey.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00002A78628A9626, signame=TEL:VirTool:Win32/Antihv.A!Bios, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\Battle.net\SystemSurvey.exe"
Begin Resource Scan
Scan ID:{1A26559F-7742-480B-899F-3B600F18EBC4}
Scan Source:7
Start Time:12-05-2016 23:02:46
End Time:12-05-2016 23:02:48
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\Battle.net\SystemSurvey.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\PROGRAM FILES (X86)\Battle.net\SystemSurvey.exe
Extended Info:25773971351204
End Scan
************************************************************
         

Alt 07.12.2016, 21:25   #9
Lumis
 
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden - Standard

PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden



Code:
ATTFilter
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00002A78628A9626, signame=TEL:VirTool:Win32/Antihv.A!Bios, cached=false, resource="\\?\C:\Program Files (x86)\Battle.net\SystemSurvey.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
2016-12-05T22:03:14.493Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:14.519Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:14.554Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:14.578Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:14.666Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:26.368Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:26.392Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:26.424Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:26.451Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:34.137Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:40.561Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:40.589Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:40.625Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:40.653Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:45.714Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.715Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.715Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.750Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.787Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.788Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.816Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:45.822Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.824Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:45.831Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.855Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:45.862Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.865Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:45.872Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:48.914Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:58.361Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:58.385Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:58.416Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:58.438Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:04:01.098Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:04:01.122Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:04:01.150Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:04:01.171Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.

BEGIN BM telemetry
GUID:{647D185A-5D8C-E9F9-9EEF-AC124585E2B9}
TelemetryName:Behavior:Win32/EMSGen
SignatureID:51347397088536
ProcessID:3248
ProcessCreationTime:131254397951777343
SessionID:0
CreationTime:12-05-2016 23:04:46
ImagePath:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
END BM telemetry

Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\vShare.tv plugin\MyNewsBar.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\MyNewsBar.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe"
Begin Resource Scan
Scan ID:{E3E4FACD-DA57-4E33-92D8-16C2AEADD0E1}
Scan Source:7
Start Time:12-05-2016 23:05:49
End Time:12-05-2016 23:05:53
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe
Extended Info:35875764682496
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\Device\HarddiskVolume2\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\C:\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-05T22:22:43.873Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:43.873Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:43.874Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:43.924Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:43.973Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:43.974Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:44.004Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:22:44.012Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:44.015Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:22:44.023Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:44.054Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:22:44.062Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:44.065Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:22:44.073Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:29:32.118Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:29:32.145Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:29:32.179Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:29:32.207Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=false, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-05T22:34:43.488Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00002A78628A9626, signame=TEL:VirTool:Win32/Antihv.A!Bios, cached=true, resource="\\?\C:\Program Files (x86)\Battle.net\SystemSurvey.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=false, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Begin Resource Scan
Scan ID:{EFF059E2-7181-41B5-8AEC-C331EF0FF0FE}
Scan Source:7
Start Time:12-05-2016 23:34:43
End Time:12-05-2016 23:37:24
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606B-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2608,ProcessStart:131254397926718750
Explicit resource to scan
Resource Schema:process
Resource Path:pid:4088,ProcessStart:131254489688691406
Explicit resource to scan
Resource Schema:process
Resource Path:pid:5160,ProcessStart:131254400371582031
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2608,ProcessStart:131254397926718750
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:5160,ProcessStart:131254400371582031
Explicit resource to scan
Resource Schema:queryfileregkeyvalue
Resource Path:HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Battle.net\SystemSurvey.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/pcswpc.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/WMFDist11-WindowsXP-X86-ENU.exe->(WExtract)->wmfdist11.exe->(SfxCab_8ead0856)->portabledevicetypes.dll
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/InstallerServiceExec.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Packages/NSU/Setup/NSU.msi->Data1.cab->ta_productdata_handl.D321D6CC_DBBE_4AC3_8DBD_DFF82BB39BDC
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606B-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Explicit resource to scan
Resource Schema:service
Resource Path:chip1click
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Explicit resource to scan
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Result Count:17
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
Unknown File
Identifier:5129542798822866942
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:0
Unknown File
Identifier:17579776275432603646
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:0
Unknown File
Identifier:1400350415148548094
Number of Resources:3
Resource Schema:process
Resource Path:pid:2608,ProcessStart:131254397926718750
Extended Info:0
Resource Schema:service
Resource Path:chip1click
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:0
Unknown File
Identifier:10283933153831682046
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:5160,ProcessStart:131254400371582031
Extended Info:9223502295520413380
Unknown File
Identifier:6032965302403203070
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2608,ProcessStart:131254397926718750
Extended Info:40956872578181
Unknown File
Identifier:11554872916554285054
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Uninstall.exe
Extended Info:0
Unknown File
Identifier:4443369305966379006
Number of Resources:2
Resource Schema:process
Resource Path:pid:5160,ProcessStart:131254400371582031
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
Unknown File
Identifier:3340142729047834622
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:5866550236419
Unknown File
Identifier:9369635509590032382
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:5866550236419
Unknown File
Identifier:7106473450117529598
Number of Resources:2
Resource Schema:process
Resource Path:pid:2608,ProcessStart:131254397926718750
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:40956872578181
Unknown File
Identifier:18181744765492527102
Number of Resources:5
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmex.dll
Extended Info:0
Unknown File
Identifier:9391451435192811518
Number of Resources:9
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncEng.dll
Extended Info:0
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\Device\HarddiskVolume2\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\1F4BDB6F-7E10-76A0-E7C9-C08A19E5B4ED_1d2501151a7434e"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\8BB7153F-43BD-D1B0-1CF0-FE41B57C1E5C_1d2501151667160"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
2016-12-05T22:37:27.453Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{99D1BF67-8D31-4A86-989B-6D540CA8F992}
Scan Source:7
Start Time:12-05-2016 23:37:41
End Time:12-05-2016 23:37:50
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\1F4BDB6F-7E10-76A0-E7C9-C08A19E5B4ED_1d2501151a7434e
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\8BB7153F-43BD-D1B0-1CF0-FE41B57C1E5C_1d2501151667160->[EPO-V-0]
Result Count:1
Unknown File
Identifier:17711664305797070846
Number of Resources:1
Resource Schema:file
Resource Path:C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)
Extended Info:0
End Scan
************************************************************

2016-12-05T22:37:50.955Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{6E9C5D8D-6208-4466-AA17-A03F243AF739}
Scan Source:7
Start Time:12-05-2016 23:37:24
End Time:12-05-2016 23:37:52
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Uninstall.exe
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncEng.dll
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmex.dll
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Explicit resource to scan
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Result Count:11
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:14410960021602959358
Number of Resources:6
Resource Schema:process
Resource Path:pid:5160,ProcessStart:131254400371582031
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AU11_is1
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AU11_is1
Extended Info:0
Resource Schema:file
Resource Path:C:\Windows\System32\Tasks\UninstallMonitor
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Extended Info:0
Resource Schema:taskscheduler
Resource Path:C:\Windows\System32\Tasks\UninstallMonitor
Extended Info:0
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
Unknown File
Identifier:5129542798822866942
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:0
Unknown File
Identifier:17579776275432603646
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:0
Unknown File
Identifier:11554872916554285054
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Uninstall.exe
Extended Info:0
Unknown File
Identifier:18181744765492527102
Number of Resources:5
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmex.dll
Extended Info:0
Unknown File
Identifier:9391451435192811518
Number of Resources:9
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncEng.dll
Extended Info:0
End Scan
************************************************************

2016-12-05T22:37:53.283Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"

BEGIN BM telemetry
GUID:{BB8940C8-0311-8D0F-C61E-7374DB820533}
TelemetryName:Behavior:Win32/EMSGen
SignatureID:51347397088536
ProcessID:3248
ProcessCreationTime:131254397951777343
SessionID:0
CreationTime:12-05-2016 23:39:53
ImagePath:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
END BM telemetry
         

Geändert von Lumis (07.12.2016 um 21:26 Uhr) Grund: Hatte Coder vergessen

Alt 07.12.2016, 21:28   #10
Lumis
 
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden - Standard

PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden



Code:
ATTFilter
2016-12-05T22:40:23.775Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-05T22:46:57.730Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:47:11.593Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:47:11.616Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:47:11.647Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:47:11.668Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:48:40.792Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:48:40.818Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:48:40.845Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:48:40.868Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=true, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-05T22:57:50.659Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:57:50.863Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:57:50.884Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:57:50.911Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:57:50.932Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:44.744Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.744Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.744Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.776Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.811Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.811Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.833Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:44.837Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.839Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:44.845Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.865Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:44.871Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.873Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:44.878Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:47.485Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:47.505Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:47.533Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:47.554Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"

BEGIN BM telemetry
GUID:{F272CE22-C8A9-7A96-4D7C-3CDC2046CBC2}
TelemetryName:Behavior:Win32/EMSGen
SignatureID:51347397088536
ProcessID:3248
ProcessCreationTime:131254397951777343
SessionID:0
CreationTime:12-06-2016 00:02:28
ImagePath:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
END BM telemetry

2016-12-05T23:03:19.343Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:03:19.366Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:03:19.397Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:03:19.420Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:03:49.011Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:03:49.034Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:03:49.062Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:03:49.086Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=true, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-05T23:14:10.158Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:14:10.184Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:14:10.211Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:14:10.233Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:17:17.149Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"

BEGIN BM telemetry
GUID:{E7B57175-FBF2-278A-DC5C-E625B8F53E23}
TelemetryName:Behavior:Win32/EMSGen
SignatureID:51347397088536
ProcessID:3248
ProcessCreationTime:131254397951777343
SessionID:0
CreationTime:12-06-2016 00:21:45
ImagePath:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
END BM telemetry

Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-06-2016 10:18:05
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/06/2016 09:18:05.468750000 UTC
2016-12-06T09:18:05.468Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-06T09:18:05.468Z Trace session started - MpWppTracing-12062016-101805-00000003-ffffffff.bin
2016-12-06T09:18:05.468Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-06T09:18:05.500Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 94032
Number of invalid entries is 0
Number of inserts issued is 539524
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 444037
Number of lookup misses is 54680
Number of fast lookup misses is 277428
Number of false fast lookups is 54680
Number of invalidations is 34
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-06T09:18:05.515Z Verifying RTP plugin...
2016-12-06T09:18:05.515Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-06T09:18:05.531Z Loading engine...
2016-12-06T09:18:05.546Z Verifying engine and signature files (source: 1) ...
2016-12-06T09:18:05.546Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-06T09:18:05.546Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-06T09:18:05.546Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-06T09:18:05.546Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-06T09:18:05.546Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-06T09:18:06.500Z Dynamic signature dropped
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\a926cfec24f01dd562fdf47189200a0caf50f4cd
Dynamic Signature Compilation Timestamp:12-05-2016 19:55:22
Persistence Type:Duration
Time remaining:216000000
2016-12-06T09:18:06.500Z Dynamic signature dropped
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\bf42aabbea08945f1cea20f3a72a910b81d278dc
Dynamic Signature Compilation Timestamp:12-05-2016 19:45:59
Persistence Type:Duration
Time remaining:216000000
2016-12-06T09:18:06.500Z Dynamic signature dropped
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\da60c21e21f3c1efe837e3f670a2456d88468480
Dynamic Signature Compilation Timestamp:12-05-2016 19:39:58
Persistence Type:Duration
Time remaining:216000000
2016-12-06T09:18:06.500Z Initializing MPUT in engine...
2016-12-06T09:18:06.500Z MPUT initialized in the engine successfully
2016-12-06T09:18:06.609Z CSignatureStatus: back to good
2016-12-06T09:18:06.609Z Initializing RTP plugin state...
2016-12-06T09:18:06.609Z 
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:926
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1257
  NTFS Cache Statistics:
   TotalMisses:4902
   TotalHits:0
   InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
   Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-06T09:18:06.609Z Engine loaded!
2016-12-06T09:18:06.609Z Verifying license file...
2016-12-06T09:18:06.609Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T09:18:06.609Z Product supports installmode: 0
2016-12-06T09:18:06.625Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T09:18:06.625Z Loaded module#0 MpComServer.
2016-12-06T09:18:06.625Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T09:18:06.625Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
2016-12-06T09:18:22.602Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{39D3BB68-0816-4CB5-A495-7757601E38CD}
Scan Source:7
Start Time:12-06-2016 10:18:09
End Time:12-06-2016 10:18:22
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************

2016-12-06T09:18:23.696Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
2016-12-06T09:18:33.696Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\420559f6c5c54978abf1ea97d7dc8a6391712593
Dynamic Signature Compilation Timestamp:12-06-2016 10:18:23
Persistence Type:Duration
Time remaining:216000000
DSS Timeout:Received results after timeout
2016-12-06T09:18:33.696Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\users\lutz\desktop\hijackthis.exe"
Begin Resource Scan
Scan ID:{828046E3-3B30-489C-BA77-93DE9C12A3A5}
Scan Source:7
Start Time:12-06-2016 10:18:38
End Time:12-06-2016 10:18:38
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\users\lutz\desktop\hijackthis.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\users\lutz\desktop\hijackthis.exe:Zone.Identifier
Extended Info:35874746033117
End Scan
************************************************************

Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
2016-12-06T09:18:51.899Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5396
2016-12-06T09:18:51.899Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5396
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-06T09:19:05.524Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-06T09:19:06.977Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 5396
2016-12-06T09:19:06.977Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 5396
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-06T09:19:11.461Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-06T09:19:11.461Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Begin Resource Scan
Scan ID:{1703C61C-D7D5-4E1C-BB80-09AE61E1B148}
Scan Source:7
Start Time:12-06-2016 10:19:09
End Time:12-06-2016 10:19:12
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Extended Info:25770492256673
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\Program Files\John Paul Chacha's Lab\Chasys Draw IES\Setup.exe"
2016-12-06T09:19:41.836Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\Program Files\John Paul Chacha's Lab\Chasys Draw IES\Setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
2016-12-06T09:19:51.915Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5396
2016-12-06T09:19:51.915Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5396
2016-12-06T09:19:51.915Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5396
2016-12-06T09:19:51.930Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:19:51.930Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5396
2016-12-06T09:19:51.930Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:19:51.930Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5396
2016-12-06T09:19:51.946Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:19:51.946Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:19:51.946Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5396
2016-12-06T09:19:51.946Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:19:51.946Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5396
2016-12-06T09:19:51.993Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:19:52.415Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:19:52.415Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
2016-12-06T09:20:07.336Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.336Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.336Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.336Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1f1fff.
2016-12-06T09:20:07.336Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.352Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1f1fff.
2016-12-06T09:20:07.352Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.352Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.383Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.399Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.399Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.399Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.415Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.415Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.415Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.430Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.430Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.446Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.461Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.461Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\HijackThis.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Begin Resource Scan
Scan ID:{6140F231-4C9E-4C89-9887-D416778E94E5}
Scan Source:7
Start Time:12-06-2016 10:19:27
End Time:12-06-2016 10:20:14
Explicit resource to scan
Resource Schema:process
Resource Path:pid:3340,ProcessStart:131254894894453125
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3340,ProcessStart:131254894894453125
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Result Count:7
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:1431913279403327486
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3340,ProcessStart:131254894894453125
Extended Info:9223502295520413380
Unknown File
Identifier:14410960021602959358
Number of Resources:2
Resource Schema:process
Resource Path:pid:3340,ProcessStart:131254894894453125
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Extended Info:0
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
End Scan
************************************************************

2016-12-06T09:20:17.274Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-06T09:21:26.244Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-06T09:21:26.291Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-06T09:21:26.962Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:26.978Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:27.009Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:27.009Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:27.025Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:27.244Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.869Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.884Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.884Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.900Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.900Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.916Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.916Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.931Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:22:30.291Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:22:30.291Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
2016-12-06T09:23:30.369Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.369Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.369Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.400Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.431Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.431Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.447Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:23:30.462Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.462Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:23:30.462Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.478Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:23:30.478Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:23:30.494Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.494Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:23:30.494Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.525Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.

BEGIN BM telemetry
GUID:{1456B073-6866-BD17-618A-10566D1223B8}
TelemetryName:Behavior:Win32/EMSGen
SignatureID:51347397088536
ProcessID:3212
ProcessCreationTime:131254894887578125
SessionID:0
CreationTime:12-06-2016 10:23:38
ImagePath:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
END BM telemetry

2016-12-06T09:23:41.791Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\MyNewsBar.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\C:\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-06T09:28:06.634Z AutoPurgeWorker triggered with dwWork=0x3
2016-12-06T09:28:06.634Z Product supports installmode: 0
2016-12-06T09:28:06.666Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2016-12-06T09:28:06.666Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 55956180(ms)
2016-12-06T09:28:10.650Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)
2016-12-06T09:28:14.900Z Trace buffers written: 329, events lost: 0, buffers lost: 0, days: 0
2016-12-06T09:28:14.900Z Trusted image bitmap: 0x0
2016-12-06T09:28:14.900Z Trusted image OEM name: (not found)
2016-12-06T09:28:14.962Z Task(-UploadSQM -RestrictPrivileges) launched
2016-12-06T09:28:14.978Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 5396
2016-12-06T09:28:14.978Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 5396
2016-12-06T09:28:14.978Z [Mini-filter] Restricted access to process 6956 from pid: 6760. Original desired access: 0x1fffff.
2016-12-06T09:29:15.041Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5396
2016-12-06T09:29:15.041Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5396
2016-12-06T09:29:15.041Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5396
2016-12-06T09:29:15.056Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5396
2016-12-06T09:29:15.072Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:29:15.072Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=false, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
2016-12-06T09:34:29.009Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.009Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.009Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.009Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1f1fff.
2016-12-06T09:34:29.025Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.041Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1f1fff.
2016-12-06T09:34:29.041Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.041Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.056Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.072Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.072Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.072Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.087Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.087Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.087Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.103Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.103Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.119Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.119Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.119Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-06T09:36:49.697Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=false, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=true, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan
         

Alt 07.12.2016, 21:29   #11
Lumis
 
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden - Standard

PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden



Code:
ATTFilter
Scan ID:{A97EE8AA-3982-48AC-8157-E7744D84DED7}
Scan Source:7
Start Time:12-06-2016 10:36:49
End Time:12-06-2016 10:38:30
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606B-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Explicit resource to scan
Resource Schema:process
Resource Path:pid:3340,ProcessStart:131254894894453125
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3340,ProcessStart:131254894894453125
Explicit resource to scan
Resource Schema:queryfileregkeyvalue
Resource Path:HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/pcswpc.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/WMFDist11-WindowsXP-X86-ENU.exe->(WExtract)->wmfdist11.exe->(SfxCab_8ead0856)->portabledevicetypes.dll
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/InstallerServiceExec.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Packages/NSU/Setup/NSU.msi->Data1.cab->ta_productdata_handl.D321D6CC_DBBE_4AC3_8DBD_DFF82BB39BDC
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606B-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Explicit resource to scan
Resource Schema:service
Resource Path:chip1click
Explicit resource to scan
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Explicit resource to scan
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Explicit resource to scan
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Explicit resource to scan
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Result Count:21
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:5129542798822866942
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:0
Unknown File
Identifier:17579776275432603646
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:0
Unknown File
Identifier:2611507776458850302
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Unknown File
Identifier:2611507776458850302
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Unknown File
Identifier:1400350415148548094
Number of Resources:2
Resource Schema:service
Resource Path:chip1click
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:0
Unknown File
Identifier:14105644664979718142
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:file
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Unknown File
Identifier:14410960021602959358
Number of Resources:2
Resource Schema:process
Resource Path:pid:3340,ProcessStart:131254894894453125
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Extended Info:0
Unknown File
Identifier:11554872916554285054
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Uninstall.exe
Extended Info:0
Unknown File
Identifier:12840072245577515006
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:5863487478424
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
Unknown File
Identifier:3340142729047834622
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:5866550236419
Unknown File
Identifier:9369635509590032382
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:5866550236419
Unknown File
Identifier:6182801030435045374
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:23631359159303
Unknown File
Identifier:6182801030435045374
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:23631359159303
Unknown File
Identifier:7106473450117529598
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:40956872578181
Unknown File
Identifier:18181744765492527102
Number of Resources:5
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmex.dll
Extended Info:0
Unknown File
Identifier:9391451435192811518
Number of Resources:9
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncEng.dll
Extended Info:0
End Scan
************************************************************

--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-06-2016 19:51:40
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/06/2016 18:51:40.750000000 UTC
2016-12-06T18:51:40.750Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-06T18:51:40.750Z Trace session started - MpWppTracing-12062016-195140-00000003-ffffffff.bin
2016-12-06T18:51:40.750Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-06T18:51:40.781Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 94093
Number of invalid entries is 0
Number of inserts issued is 539599
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 482145
Number of lookup misses is 57948
Number of fast lookup misses is 291385
Number of false fast lookups is 57948
Number of invalidations is 40
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-06T18:51:40.781Z Verifying RTP plugin...
2016-12-06T18:51:40.781Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-06T18:51:40.796Z Loading engine...
2016-12-06T18:51:40.812Z Verifying engine and signature files (source: 1) ...
2016-12-06T18:51:40.812Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-06T18:51:40.812Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-06T18:51:40.812Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-06T18:51:40.812Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-06T18:51:40.812Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-06T18:51:41.687Z Dynamic signature dropped
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\420559f6c5c54978abf1ea97d7dc8a6391712593
Dynamic Signature Compilation Timestamp:12-06-2016 10:18:23
Persistence Type:Duration
Time remaining:216000000
2016-12-06T18:51:41.687Z Initializing MPUT in engine...
2016-12-06T18:51:41.687Z MPUT initialized in the engine successfully
2016-12-06T18:51:41.734Z CSignatureStatus: back to good
2016-12-06T18:51:41.734Z Initializing RTP plugin state...
2016-12-06T18:51:41.734Z 
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:926
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1567
  NTFS Cache Statistics:
   TotalMisses:5295
   TotalHits:0
   InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
   Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-06T18:51:41.734Z Engine loaded!
2016-12-06T18:51:41.734Z Verifying license file...
2016-12-06T18:51:41.734Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T18:51:41.734Z Product supports installmode: 0
2016-12-06T18:51:41.750Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T18:51:41.750Z Loaded module#0 MpComServer.
2016-12-06T18:51:41.750Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T18:51:41.750Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
2016-12-06T18:51:57.806Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{D3669ADE-C2E3-40E7-B1CF-0A01D0B664DB}
Scan Source:7
Start Time:12-06-2016 19:51:44
End Time:12-06-2016 19:51:57
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************

2016-12-06T18:51:59.416Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
2016-12-06T18:52:08.056Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5272
2016-12-06T18:52:08.056Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5272
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\c8fe8a77c06946d9c0a3f71df84871b963d7ee97
Dynamic Signature Compilation Timestamp:12-06-2016 19:51:52
Persistence Type:Duration
Time remaining:216000000
2016-12-06T18:52:11.962Z Dynamic signature received
DSS Timeout:Received results after timeout
2016-12-06T18:52:11.962Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\users\lutz\desktop\hijackthis.exe"
Begin Resource Scan
Scan ID:{621906CD-6E0D-45CD-A6D2-9A259FC9DDA2}
Scan Source:7
Start Time:12-06-2016 19:52:14
End Time:12-06-2016 19:52:15
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\users\lutz\desktop\hijackthis.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\users\lutz\desktop\hijackthis.exe:Zone.Identifier
Extended Info:35874746033117
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-06T18:52:27.791Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\windows\flight1 citation mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{41C8B32F-6F5B-4D5F-A29C-EACDA0065E91}
Scan Source:7
Start Time:12-06-2016 19:52:31
End Time:12-06-2016 19:52:34
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Extended Info:25770492256673
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\audioenvironment.exe"
2016-12-06T18:52:38.752Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\acsound.exe"
2016-12-06T18:52:39.456Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
2016-12-06T18:52:40.824Z Process scan (poststartupscan) started.
2016-12-06T18:52:42.235Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 5272
2016-12-06T18:52:42.236Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 5272
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-06T18:52:47.231Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\audioenvironment.exe"
2016-12-06T18:52:50.808Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-06T18:52:50.809Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\D:\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Begin Resource Scan
Scan ID:{979643CF-A74D-4152-9D61-CF29D4EBF368}
Scan Source:7
Start Time:12-06-2016 19:52:50
End Time:12-06-2016 19:52:53
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\acsound.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\audioenvironment.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Result Count:3
Unknown File
Identifier:467007837944414206
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Extended Info:631932727217916
Unknown File
Identifier:16876926893444562942
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\audioenvironment.exe
Extended Info:5863497417884
Unknown File
Identifier:8699507469090553854
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\acsound.exe
Extended Info:5863497417884
End Scan
************************************************************

Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\HijackThis.exe"
2016-12-06T18:52:55.608Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
2016-12-06T18:52:58.808Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\601274af351de373a3c0724cbb035b79048be501
Dynamic Signature Compilation Timestamp:12-06-2016 19:52:59
Persistence Type:Duration
Time remaining:216000000
2016-12-06T18:52:58.813Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-06T18:53:08.062Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5272
2016-12-06T18:53:08.063Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5272
2016-12-06T18:53:08.063Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5272
2016-12-06T18:53:08.075Z [Mini-filter] Restricted access to process 1040 from pid: 5272. Original desired access: 0x1fffff.
2016-12-06T18:53:08.076Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5272
2016-12-06T18:53:08.078Z [Mini-filter] Restricted access to process 1040 from pid: 5272. Original desired access: 0x1fffff.
2016-12-06T18:53:08.078Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5272
2016-12-06T18:53:08.094Z [Mini-filter] Restricted access to process 3804 from pid: 5272. Original desired access: 0x1fffff.
2016-12-06T18:53:08.099Z [Mini-filter] Restricted access to process 1040 from pid: 5272. Original desired access: 0x1fffff.
2016-12-06T18:53:08.100Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5272
2016-12-06T18:53:08.102Z [Mini-filter] Restricted access to process 1040 from pid: 5272. Original desired access: 0x1fffff.
2016-12-06T18:53:08.103Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5272
2016-12-06T18:53:08.140Z [Mini-filter] Restricted access to process 3804 from pid: 5272. Original desired access: 0x1fffff.
2016-12-06T18:53:08.899Z [Mini-filter] Restricted access to process 1040 from pid: 5272. Original desired access: 0x1fffff.
2016-12-06T18:53:08.911Z [Mini-filter] Restricted access to process 3804 from pid: 5272. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-06-2016 20:03:44
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/06/2016 19:03:44.250000000 UTC
2016-12-06T19:03:44.250Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-06T19:03:44.250Z Trace session started - MpWppTracing-12062016-200344-00000003-ffffffff.bin
2016-12-06T19:03:44.250Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-06T19:03:44.265Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 94093
Number of invalid entries is 0
Number of inserts issued is 539599
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 482145
Number of lookup misses is 57948
Number of fast lookup misses is 291385
Number of false fast lookups is 57948
Number of invalidations is 40
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-06T19:03:44.281Z Verifying RTP plugin...
2016-12-06T19:03:44.281Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-06T19:03:44.281Z Loading engine...
2016-12-06T19:03:44.296Z Verifying engine and signature files (source: 1) ...
2016-12-06T19:03:44.296Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-06T19:03:44.296Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-06T19:03:44.296Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-06T19:03:44.296Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-06T19:03:44.296Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-06T19:03:45.296Z Initializing MPUT in engine...
2016-12-06T19:03:45.296Z MPUT initialized in the engine successfully
2016-12-06T19:03:45.328Z CSignatureStatus: back to good
2016-12-06T19:03:45.328Z Initializing RTP plugin state...
2016-12-06T19:03:45.328Z 
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:742
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1418
  NTFS Cache Statistics:
   TotalMisses:5129
   TotalHits:0
   InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
   Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************
         

Alt 07.12.2016, 21:30   #12
Lumis
 
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden - Standard

PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden



Code:
ATTFilter
2016-12-06T19:03:45.328Z Engine loaded!
2016-12-06T19:03:45.343Z Verifying license file...
2016-12-06T19:03:45.343Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T19:03:45.343Z Product supports installmode: 0
2016-12-06T19:03:45.343Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T19:03:45.343Z Loaded module#0 MpComServer.
2016-12-06T19:03:45.343Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T19:03:45.359Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{488481F8-8673-4E1C-B2D4-2414AD7CFABE}
Scan Source:7
Start Time:12-06-2016 20:04:05
End Time:12-06-2016 20:04:43
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************

2016-12-06T19:05:04.883Z Process scan (poststartupscan) started.
2016-12-06T19:05:05.649Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:05:05.961Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-06T19:05:10.071Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:05:10.071Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-06T19:05:50.211Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:05:50.211Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-06T19:07:32.040Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.040Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.040Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.055Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:32.055Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.055Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:32.055Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.086Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:32.086Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.086Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:32.086Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\windows\flight1 citation mustang\uninstall.exe->(UPX)"
2016-12-06T19:07:52.555Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
2016-12-06T19:07:56.024Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:56.040Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:56.055Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:56.071Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-06T19:08:02.461Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\HijackThis.exe"
2016-12-06T19:08:16.336Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-06T19:09:34.868Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-06T19:09:34.868Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Begin Resource Scan
Scan ID:{91714CA9-20CB-47A9-9573-976BF1F3E44E}
Scan Source:7
Start Time:12-06-2016 20:05:17
End Time:12-06-2016 20:09:53
Explicit resource to scan
Resource Schema:process
Resource Path:pid:3040,ProcessStart:131255246451875000
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3040,ProcessStart:131255246451875000
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Result Count:7
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:14452099181164101630
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3040,ProcessStart:131255246451875000
Extended Info:9223502295520413380
Unknown File
Identifier:14410960021602959358
Number of Resources:2
Resource Schema:process
Resource Path:pid:3040,ProcessStart:131255246451875000
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Extended Info:0
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
2016-12-06T19:10:04.305Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\acsound.exe"
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-06-2016 20:14:16
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/06/2016 19:14:16.390625000 UTC
2016-12-06T19:14:16.390Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-06T19:14:16.406Z Trace session started - MpWppTracing-12062016-201416-00000003-ffffffff.bin
2016-12-06T19:14:16.406Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-06T19:14:16.421Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 94106
Number of invalid entries is 0
Number of inserts issued is 539633
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 494160
Number of lookup misses is 58570
Number of fast lookup misses is 295248
Number of false fast lookups is 58570
Number of invalidations is 55
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-06T19:14:16.437Z Verifying RTP plugin...
2016-12-06T19:14:16.437Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-06T19:14:16.453Z Loading engine...
2016-12-06T19:14:16.468Z Verifying engine and signature files (source: 1) ...
2016-12-06T19:14:16.468Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-06T19:14:16.468Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-06T19:14:16.468Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-06T19:14:16.468Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-06T19:14:16.468Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-06T19:14:17.390Z Initializing MPUT in engine...
2016-12-06T19:14:17.390Z MPUT initialized in the engine successfully
2016-12-06T19:14:17.500Z CSignatureStatus: back to good
2016-12-06T19:14:17.500Z Initializing RTP plugin state...
2016-12-06T19:14:17.500Z 
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:926
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1321
  NTFS Cache Statistics:
   TotalMisses:4966
   TotalHits:0
   InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
   Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-06T19:14:17.500Z Engine loaded!
2016-12-06T19:14:17.500Z Verifying license file...
2016-12-06T19:14:17.500Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T19:14:17.500Z Product supports installmode: 0
2016-12-06T19:14:17.562Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T19:14:17.562Z Loaded module#0 MpComServer.
2016-12-06T19:14:17.562Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T19:14:17.562Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
2016-12-06T19:14:33.326Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{94DADB1D-8718-4338-9C2C-8DD26A182F0D}
Scan Source:7
Start Time:12-06-2016 20:14:20
End Time:12-06-2016 20:14:33
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************

2016-12-06T19:14:34.623Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
2016-12-06T19:15:03.201Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:15:03.201Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:15:16.466Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-06T19:15:18.748Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2072
2016-12-06T19:15:18.748Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2072
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-06T19:15:22.654Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-06T19:15:22.654Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Begin Resource Scan
Scan ID:{A2962F25-0B15-47DE-97F6-37D0C93C8110}
Scan Source:7
Start Time:12-06-2016 20:15:21
End Time:12-06-2016 20:15:24
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Extended Info:25770492256673
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\Program Files\John Paul Chacha's Lab\Chasys Draw IES\Setup.exe"
2016-12-06T19:15:38.560Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\Program Files\John Paul Chacha's Lab\Chasys Draw IES\Setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\D:\Program Files\John Paul Chacha's Lab\Chasys Draw IES\Setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-06T19:16:03.201Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.201Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.201Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.201Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1f1fff.
2016-12-06T19:16:03.216Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.216Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1f1fff.
2016-12-06T19:16:03.216Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.216Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.263Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:03.263Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2072
2016-12-06T19:16:03.263Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:03.263Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2072
2016-12-06T19:16:03.279Z [Mini-filter] Restricted access to process 6844 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:03.279Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:03.279Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2072
2016-12-06T19:16:03.279Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:03.279Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2072
2016-12-06T19:16:03.326Z [Mini-filter] Restricted access to process 6844 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:04.029Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:04.044Z [Mini-filter] Restricted access to process 6844 from pid: 2072. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-06-2016 20:28:38
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/06/2016 19:28:38.984375000 UTC
2016-12-06T19:28:38.984Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-06T19:28:39.046Z Trace session started - MpWppTracing-12062016-202838-00000003-ffffffff.bin
2016-12-06T19:28:39.046Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-06T19:28:39.062Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 94106
Number of invalid entries is 0
Number of inserts issued is 539633
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 494160
Number of lookup misses is 58570
Number of fast lookup misses is 295248
Number of false fast lookups is 58570
Number of invalidations is 55
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-06T19:28:39.062Z Verifying RTP plugin...
2016-12-06T19:28:39.062Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-06T19:28:39.078Z Loading engine...
2016-12-06T19:28:39.078Z Verifying engine and signature files (source: 1) ...
2016-12-06T19:28:39.078Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-06T19:28:39.078Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-06T19:28:39.078Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-06T19:28:39.078Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-06T19:28:39.078Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-06T19:28:39.890Z Initializing MPUT in engine...
2016-12-06T19:28:39.890Z MPUT initialized in the engine successfully
2016-12-06T19:28:39.906Z CSignatureStatus: back to good
2016-12-06T19:28:39.906Z Initializing RTP plugin state...
2016-12-06T19:28:39.906Z 
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:370
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1172
  NTFS Cache Statistics:
   TotalMisses:4593
   TotalHits:0
   InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
   Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-06T19:28:39.906Z Engine loaded!
2016-12-06T19:28:39.921Z Verifying license file...
2016-12-06T19:28:39.921Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T19:28:39.921Z Product supports installmode: 0
2016-12-06T19:28:39.921Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T19:28:39.921Z Loaded module#0 MpComServer.
2016-12-06T19:28:39.921Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T19:28:39.921Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{B9F15BC2-6635-40FA-A2C5-6D3B8A8E1334}
Scan Source:7
Start Time:12-06-2016 20:28:53
End Time:12-06-2016 20:29:33
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-06T19:30:40.461Z Process scan (poststartupscan) started.
2016-12-06T19:30:40.493Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:30:40.711Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-06T19:30:46.993Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:30:46.993Z Process scan (poststartupscan) completed.
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-06-2016 20:32:15
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/06/2016 19:32:15.578125000 UTC
2016-12-06T19:32:15.578Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-06T19:32:15.578Z Trace session started - MpWppTracing-12062016-203215-00000003-ffffffff.bin
2016-12-06T19:32:15.578Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-06T19:32:15.593Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 94106
Number of invalid entries is 0
Number of inserts issued is 539633
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 499212
Number of lookup misses is 58794
Number of fast lookup misses is 296706
Number of false fast lookups is 58794
Number of invalidations is 55
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-06T19:32:15.609Z Verifying RTP plugin...
2016-12-06T19:32:15.609Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-06T19:32:15.625Z Loading engine...
2016-12-06T19:32:15.640Z Verifying engine and signature files (source: 1) ...
2016-12-06T19:32:15.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-06T19:32:15.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-06T19:32:15.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-06T19:32:15.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-06T19:32:15.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-06T19:32:16.515Z Initializing MPUT in engine...
2016-12-06T19:32:16.515Z MPUT initialized in the engine successfully
2016-12-06T19:32:16.531Z CSignatureStatus: back to good
2016-12-06T19:32:16.531Z Initializing RTP plugin state...
2016-12-06T19:32:16.531Z 
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:370
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1147
  NTFS Cache Statistics:
   TotalMisses:4654
   TotalHits:0
   InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
   Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-06T19:32:16.531Z Engine loaded!
2016-12-06T19:32:16.546Z Verifying license file...
2016-12-06T19:32:16.546Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T19:32:16.546Z Product supports installmode: 0
2016-12-06T19:32:16.546Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T19:32:16.546Z Loaded module#0 MpComServer.
2016-12-06T19:32:16.546Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T19:32:16.546Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
2016-12-06T19:32:31.220Z MAPS Report Send (hr=0xffffffff httpcode=0)
Begin Resource Scan
Scan ID:{F742FE55-8B50-4B4D-9C2C-3F9E95FA067D}
Scan Source:7
Start Time:12-06-2016 20:32:19
End Time:12-06-2016 20:32:31
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************

2016-12-06T19:32:32.158Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-06T19:33:00.939Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T19:33:00.939Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T19:33:09.705Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE, pid: 5488
2016-12-06T19:33:09.705Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE, pid: 5488
2016-12-06T19:33:17.095Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 5488
2016-12-06T19:33:17.095Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 5488
2016-12-06T19:33:59.205Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:33:59.220Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:33:59.236Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:33:59.236Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:33:59.236Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:33:59.330Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:00.955Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T19:34:00.955Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T19:34:00.955Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T19:34:00.970Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:00.970Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T19:34:00.970Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:00.970Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T19:34:01.001Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:01.001Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:01.001Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T19:34:01.001Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:01.001Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T19:34:01.048Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.423Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.423Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.423Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.423Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.423Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.439Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.439Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.455Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.455Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.455Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.455Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.470Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.501Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.111Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.111Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.111Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.126Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.142Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.142Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.142Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.158Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.158Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.173Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.173Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.173Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.189Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.189Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.189Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:35.861Z On demand scan closed without completion. Current scan state: 1. ScanSource: 2, Scan flags:0x10001. NumberOfResources:0. bRemoveFromList:1
2016-12-06T19:35:24.705Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-06T19:35:30.626Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:35:30.626Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-06T19:36:44.673Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:36:44.689Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\windows\flight1 citation mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-06T19:37:27.392Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-06T19:39:46.783Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-06T19:39:46.783Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Begin Resource Scan
         

Alt 07.12.2016, 21:33   #13
Lumis
 
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden - Standard

PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden



Code:
ATTFilter
Begin Resource Scan
Scan ID:{222D38D9-B50A-4920-8DD0-E4078491D18B}
Scan Source:7
Start Time:12-06-2016 20:35:30
End Time:12-06-2016 20:39:55
Explicit resource to scan
Resource Schema:process
Resource Path:pid:3216,ProcessStart:131255263398525390
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3216,ProcessStart:131255263398525390
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Result Count:7
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:5870588768083247102
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3216,ProcessStart:131255263398525390
Extended Info:9223502295520413380
Unknown File
Identifier:14410960021602959358
Number of Resources:2
Resource Schema:process
Resource Path:pid:3216,ProcessStart:131255263398525390
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Extended Info:0
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
End Scan
************************************************************

2016-12-06T19:40:04.705Z MAPS Report Send (hr=0xffffffff httpcode=0)

BEGIN BM telemetry
GUID:{472D0732-B24B-00A7-FD97-952607CD9FB9}
TelemetryName:Behavior:Win32/EMSGen
SignatureID:51347397088536
ProcessID:3120
ProcessCreationTime:131255263391103515
SessionID:0
CreationTime:12-06-2016 20:40:14
ImagePath:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
END BM telemetry

Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\D:\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-06T19:40:20.908Z MAPS Report Send (hr=0xffffffff httpcode=0)
Begin Resource Scan
Scan ID:{80DBC4FE-9FDC-4742-B477-BEC89354FE30}
Scan Source:7
Start Time:12-06-2016 20:40:14
End Time:12-06-2016 20:40:21
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\acsound.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\audioenvironment.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Result Count:3
Unknown File
Identifier:467007837944414206
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Extended Info:631932727217916
Unknown File
Identifier:16876926893444562942
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\audioenvironment.exe
Extended Info:5863497417884
Unknown File
Identifier:8699507469090553854
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\acsound.exe
Extended Info:5863497417884
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\07D2020B-49C5-3D43-387C-D584D72B2A0C_1d250c1c056c679"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\2094E795-23A5-0E41-EDDE-E84679997ADA_1d250c1c081b0cd"
2016-12-06T19:40:23.783Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
2016-12-06T19:40:34.455Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
2016-12-06T19:40:34.548Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Begin Resource Scan
Scan ID:{014A3298-F56D-4DCA-828B-F22491AC4C60}
Scan Source:7
Start Time:12-06-2016 20:40:38
End Time:12-06-2016 20:40:44
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Result Count:2
Unknown File
Identifier:3340142729047834622
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:5866550236419
Unknown File
Identifier:9369635509590032382
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:5866550236419
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\15D3AD4A-53F4-1C38-7825-1E3AFE86FD1F_1d250c1ce3bfb01"
2016-12-06T19:40:47.658Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\vShare.tv plugin\MyNewsBar.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\MyNewsBar.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe"
2016-12-06T19:41:13.330Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe"
Begin Resource Scan
Scan ID:{FBC1B5B6-699E-4F2F-8B52-D99040B9CE0B}
Scan Source:7
Start Time:12-06-2016 20:41:16
End Time:12-06-2016 20:41:16
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe
Extended Info:35875764682496
End Scan
************************************************************

2016-12-06T19:42:16.548Z AutoPurgeWorker triggered with dwWork=0x3
2016-12-06T19:42:16.548Z Product supports installmode: 0
2016-12-06T19:42:17.064Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2016-12-06T19:42:17.064Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 20813750(ms)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
2016-12-06T19:42:17.470Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\Creative\SHARED FILES\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Begin Resource Scan
Scan ID:{5F4B09EC-9FD8-494E-83CA-599FEDFCAC4A}
Scan Source:7
Start Time:12-06-2016 20:42:17
End Time:12-06-2016 20:42:19
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Result Count:1
Unknown File
Identifier:6182801030435045374
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:23631359159303
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\E7972D13-24FF-EC43-B9BD-C89A4618E90A_1d250c2065fda39"
2016-12-06T19:42:20.908Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:42:23.033Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)
2016-12-06T19:42:32.392Z Trace buffers written: 322, events lost: 0, buffers lost: 0, days: 0
2016-12-06T19:42:32.392Z Trusted image bitmap: 0x0
2016-12-06T19:42:32.392Z Trusted image OEM name: (not found)
2016-12-06T19:42:32.486Z Task(-UploadSQM -RestrictPrivileges) launched
2016-12-06T19:42:32.486Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 5488
2016-12-06T19:42:32.486Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 5488
2016-12-06T19:42:32.501Z [Mini-filter] Restricted access to process 7104 from pid: 3164. Original desired access: 0x1fffff.
2016-12-06T19:42:32.564Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched
2016-12-06T19:42:32.564Z Run lost scheduled job: SignatureUpdate -ScheduleJob -RestrictPrivileges
2016-12-06T19:42:32.580Z [Mini-filter] Restricted access to process 1164 from pid: 7012. Original desired access: 0x1fffff.
2016-12-06T19:42:32.626Z Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched
2016-12-06T19:42:32.642Z [Mini-filter] Restricted access to process 3504 from pid: 2004. Original desired access: 0x1fffff.
2016-12-06T19:43:32.595Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.595Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.595Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.595Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.642Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.673Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.673Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.689Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.689Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.689Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.689Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.720Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.736Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.736Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.751Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.751Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.751Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.751Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T19:43:32.751Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.767Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T19:43:32.767Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.767Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.798Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.814Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.814Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.814Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.830Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.830Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.845Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.845Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.845Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.861Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.861Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.861Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.861Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.876Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.876Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.876Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.923Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.923Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.923Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.923Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.939Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.939Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.955Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.970Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.970Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.986Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.986Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:33.001Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:33.001Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:33.001Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:33.017Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:33.017Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:33.017Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:33.033Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:33.033Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:33.064Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:47.939Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:47.955Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:47.955Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:47.970Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:47.970Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:47.970Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:47.986Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:48.001Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:48.001Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:48.001Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:48.017Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:48.017Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\Device\HarddiskVolume2\Aerosoft\Launcher\aeroCrypt.dll"
2016-12-06T19:50:19.720Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Begin Resource Scan
Scan ID:{8CC6014E-B589-4C9D-ACE8-DCFEE88C1338}
Scan Source:7
Start Time:12-06-2016 20:50:19
End Time:12-06-2016 20:50:20
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Result Count:1
Unknown File
Identifier:12840072245577515006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:5863487478424
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\AD3A7507-20DF-64FF-6790-1FD620AA2C3D_1d250c3243c0d15"
2016-12-06T19:50:20.595Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\C:\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=false, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-06T20:04:13.689Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=true, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=false, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{7297C4CD-26A6-4B59-A257-539AE75273CC}
Scan Source:7
Start Time:12-06-2016 21:04:13
End Time:12-06-2016 21:05:51
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Explicit resource to scan
Resource Schema:process
Resource Path:pid:3216,ProcessStart:131255263398525390
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3216,ProcessStart:131255263398525390
Explicit resource to scan
Resource Schema:queryfileregkeyvalue
Resource Path:HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/pcswpc.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/WMFDist11-WindowsXP-X86-ENU.exe->(WExtract)->wmfdist11.exe->(SfxCab_8ead0856)->portabledevicetypes.dll
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/InstallerServiceExec.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Packages/NSU/Setup/NSU.msi->Data1.cab->ta_productdata_handl.D321D6CC_DBBE_4AC3_8DBD_DFF82BB39BDC
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Explicit resource to scan
Resource Schema:service
Resource Path:chip1click
Explicit resource to scan
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Explicit resource to scan
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Explicit resource to scan
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Explicit resource to scan
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Result Count:14
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:1400350415148548094
Number of Resources:2
Resource Schema:service
Resource Path:chip1click
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:0
Unknown File
Identifier:14410960021602959358
Number of Resources:2
Resource Schema:process
Resource Path:pid:3216,ProcessStart:131255263398525390
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Extended Info:0
Unknown File
Identifier:11554872916554285054
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Uninstall.exe
Extended Info:0
Unknown File
Identifier:14105644664979718142
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:file
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
Unknown File
Identifier:5129542798822866942
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:0
Unknown File
Identifier:17579776275432603646
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:0
Unknown File
Identifier:2611507776458850302
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Unknown File
Identifier:2611507776458850302
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Unknown File
Identifier:7106473450117529598
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:40956872578181
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\C7EDD317-BFBE-571D-47FA-CE21D47AB5AF_1d250c54f408f6b"
2016-12-06T20:05:51.760Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T20:05:51.760Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\C7EDD317-BFBE-571D-47FA-CE21D47AB5AF_1d250c54f408f6b"
Begin Resource Scan
Scan ID:{978BE61C-D1D1-4E7F-B306-3D14147F0492}
Scan Source:7
Start Time:12-06-2016 21:05:51
End Time:12-06-2016 21:05:51
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\C7EDD317-BFBE-571D-47FA-CE21D47AB5AF_1d250c54f408f6b
Result Count:1
Unknown File
Identifier:1400350415148548094
Number of Resources:1
Resource Schema:file
Resource Path:C:\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\C7EDD317-BFBE-571D-47FA-CE21D47AB5AF_1d250c54f408f6b
Extended Info:0
End Scan
************************************************************

2016-12-06T20:05:52.135Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T20:06:32.041Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.041Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.041Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.073Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.104Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.104Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.166Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:32.182Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.182Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:32.182Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.198Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:32.198Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:32.198Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:32.213Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.213Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:32.213Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.260Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:32.260Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:34.495Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:34.510Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:34.510Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:11:48.628Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-06T20:17:04.766Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.782Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.782Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.797Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.813Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.813Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.813Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.829Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.829Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.844Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.860Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.860Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.938Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.954Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.954Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.969Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.985Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.985Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.985Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:05.000Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:05.000Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:05.016Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:05.032Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:05.032Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.684Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.700Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.700Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.700Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.715Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.715Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.731Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.747Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.747Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.747Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.762Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.762Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.271Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.287Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.287Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.302Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.318Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.318Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.318Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.333Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.333Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.349Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.365Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.365Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.535Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.550Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.550Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.566Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.582Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.582Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.582Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.597Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.597Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.613Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.628Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.628Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.766Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.779Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.781Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.788Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.808Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.808Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.829Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.841Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.843Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.850Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.863Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.865Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:53.803Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:53.803Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:53.803Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:21:17.010Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:21:17.010Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:21:17.026Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:30:18.902Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:30:18.910Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:30:18.917Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.484Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.500Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.515Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.828Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.859Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.859Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.906Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.937Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.937Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.421Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.437Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.437Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.484Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.500Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.515Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.578Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.593Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.609Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.656Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.671Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.687Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.734Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.750Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.765Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.812Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.828Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.828Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.953Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.984Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.984Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.312Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.328Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.328Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.421Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.437Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.437Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.781Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.796Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.796Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.109Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.125Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.125Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.171Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.187Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.187Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.253Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.284Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.284Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.190Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.206Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.206Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.315Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.331Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.331Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.393Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.409Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.409Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.471Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.487Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.487Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.581Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.596Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.596Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.690Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.721Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.721Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.831Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.846Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.862Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.924Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.940Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.940Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.706Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.721Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.721Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.737Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T20:32:49.737Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T20:32:49.737Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T20:32:49.737Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T20:32:49.752Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T20:32:49.752Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T20:32:49.752Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T20:32:49.752Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T20:32:49.784Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.784Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T20:32:49.784Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.784Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T20:32:49.815Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.815Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.831Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.831Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T20:32:49.831Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.831Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T20:32:49.877Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.893Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.940Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.956Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.971Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.971Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.987Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.987Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.518Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.518Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.565Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.581Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.596Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.596Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.612Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.612Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.487Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.487Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.534Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.549Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.565Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.565Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.581Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.581Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.190Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.190Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.237Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.252Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.268Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.268Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.284Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.284Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.555Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.555Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.618Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.618Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.649Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.649Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.743Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.743Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.790Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.790Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.805Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.805Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:09.993Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:09.993Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:10.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:10.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:10.071Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:10.071Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:10.086Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:10.086Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.008Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.008Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.086Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.102Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.102Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.118Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.133Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.430Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.430Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.508Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.508Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.524Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.555Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.586Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.602Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.680Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.680Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.743Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.743Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.805Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.805Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.821Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.821Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.852Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.883Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.899Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:12.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:12.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:12.055Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:12.055Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:12.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:12.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.040Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.040Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.180Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.180Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.243Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.243Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.321Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.336Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.352Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.352Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.368Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.368Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.415Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.415Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
         

Alt 07.12.2016, 21:33   #14
Lumis
 
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden - Standard

PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden



Code:
ATTFilter
2016-12-06T20:33:14.493Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.508Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.524Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.555Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.602Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.602Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.852Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.852Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.915Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.915Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.961Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.977Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.993Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.008Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.071Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.071Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.211Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.227Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.243Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.243Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.352Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.352Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.477Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.493Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.508Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.508Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.524Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.586Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.586Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.696Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.696Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.711Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.711Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.758Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.758Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.805Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.836Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.836Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.852Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.930Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.930Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.993Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.993Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.024Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.024Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.040Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.040Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.086Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.086Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.133Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.165Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.165Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.243Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.243Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.258Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.258Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.258Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.290Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.336Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.336Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.352Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.368Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.368Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.368Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.383Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.383Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.399Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.399Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.415Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.415Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.461Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.461Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.508Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.508Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.540Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.555Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.602Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.602Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.649Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.680Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.680Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.711Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.758Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.758Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.805Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.836Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.836Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.852Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.149Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.149Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.243Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.243Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.321Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.321Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.352Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.352Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.368Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.383Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.540Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.540Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.586Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.602Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.618Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.618Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.633Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.649Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.821Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.821Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.883Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.899Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.899Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.915Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.915Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.946Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.961Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.086Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.102Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.102Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.118Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.118Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.196Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.211Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.258Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.258Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.290Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.290Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.305Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.305Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.352Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.352Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.399Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.415Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.430Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.430Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.446Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.461Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.524Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.633Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.649Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.665Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.665Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.680Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.743Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.743Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.790Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.805Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.821Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.821Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.118Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.118Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.165Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.196Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.196Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.211Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.227Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.274Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.274Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.305Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.321Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.336Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.336Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.352Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.368Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.430Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.430Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.477Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.493Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.508Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.508Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.524Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.961Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.961Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.024Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.040Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.040Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.118Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.118Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.227Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.243Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.258Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.258Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.274Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.290Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.321Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.336Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.368Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.383Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.399Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.399Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.415Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.415Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.993Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.993Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.133Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.165Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.165Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.227Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.227Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.274Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.290Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.305Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.305Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.321Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.336Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.805Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.805Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.993Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.993Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.008Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.008Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.040Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.086Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.086Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.165Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.180Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.180Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.211Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.258Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.258Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.415Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.430Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.446Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.446Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.461Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.477Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.524Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.649Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.680Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.680Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.711Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.758Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.758Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.805Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.852Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.852Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.883Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:23.696Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:23.696Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.086Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.102Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.118Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.118Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.133Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.196Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.196Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.258Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.274Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.290Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.290Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.305Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.321Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.368Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.368Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.430Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.430Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.461Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.461Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.477Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.493Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.524Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.602Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.618Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.633Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.633Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.649Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.696Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.696Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.852Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.868Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.883Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.899Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.946Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.946Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.993Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.024Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.040Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.040Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.102Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.102Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.165Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.196Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.196Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.211Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.227Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.274Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.274Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.352Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.352Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.383Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.383Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.399Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.399Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.446Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.461Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.524Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.540Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.540Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.555Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.555Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.555Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.555Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T20:33:25.571Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.586Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T20:33:25.586Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.586Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.602Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.618Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.618Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.618Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.633Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.633Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.649Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.649Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.665Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.665Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.680Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.680Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.727Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.758Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.774Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.790Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.790Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.805Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.821Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.852Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.868Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.946Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.946Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.961Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.977Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.977Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.993Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.008Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.024Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.071Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.118Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.133Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.149Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.165Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.165Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.180Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.211Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.243Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.290Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.305Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.305Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.321Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.321Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.336Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.352Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.352Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.368Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.805Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.883Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.899Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.915Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.915Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.930Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.946Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.946Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.961Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.993Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.086Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.102Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.102Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.118Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.118Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.133Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.149Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.165Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.196Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.493Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.508Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.524Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.540Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.555Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.555Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.571Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.602Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.618Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.618Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.618Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.633Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.649Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.649Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.680Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.680Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.696Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.711Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.711Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.711Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.727Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.727Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.743Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.743Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.758Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.758Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.790Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.790Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.790Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.790Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.790Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T20:33:27.805Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.821Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T20:33:27.821Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.821Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.852Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.852Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.852Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.852Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.868Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.868Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.868Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.883Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.899Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.899Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.899Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.899Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.915Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.915Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.915Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:28.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.024Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.024Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.040Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.040Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.071Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.071Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.086Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.086Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.165Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.180Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.180Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.196Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.211Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.211Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.227Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.227Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.258Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.258Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.258Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.352Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.368Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.368Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.368Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.383Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.383Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.399Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.415Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.415Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.430Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.430Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.446Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.524Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.540Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.540Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.555Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.555Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.571Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.586Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.586Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.602Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.618Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.618Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.711Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.727Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.727Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.743Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.743Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.758Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.758Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.774Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.774Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.790Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.790Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.868Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.883Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.883Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.899Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.899Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.915Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.930Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.930Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.930Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.946Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.946Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.040Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.040Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.040Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.055Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.055Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.086Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.086Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.086Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.102Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.102Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.836Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.836Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.852Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.852Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.883Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.883Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.883Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.899Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.899Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.071Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.071Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.086Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.086Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.102Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.118Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.118Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.118Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.133Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.133Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.290Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.305Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.305Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.305Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.321Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.321Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.336Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.352Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.352Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.352Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.368Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.368Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.477Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.493Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.493Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.508Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.524Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.540Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.555Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.555Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.571Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.571Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.680Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.680Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.696Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.711Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.711Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.727Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.727Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.743Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.743Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.758Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.758Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.852Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.852Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.883Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.883Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.899Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.899Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.899Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.915Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.930Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.930Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.024Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.024Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.040Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.040Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.071Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.071Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.086Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.086Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.211Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.211Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.227Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.243Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.243Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.258Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.274Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.274Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.274Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.290Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.290Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.399Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.415Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.415Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.415Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.430Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.430Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.446Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.461Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.461Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.461Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.477Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.477Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.555Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.586Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.586Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.586Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.602Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.602Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.618Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.633Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.633Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.633Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.649Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.649Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.743Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.758Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.758Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.758Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.774Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.774Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.790Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.805Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.805Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.821Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.836Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.930Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.946Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.946Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.946Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.961Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.961Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.977Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.993Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.008Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.024Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.024Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.086Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.102Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.243Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.243Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.258Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.258Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.274Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.274Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.290Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.305Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.305Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.321Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.336Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.336Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.430Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.446Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.446Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.446Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.461Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.461Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.477Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.493Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.493Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.508Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.508Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.524Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.602Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.618Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.618Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.618Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.633Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.633Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.649Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.665Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.665Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.680Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.680Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.680Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.774Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.790Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.790Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.805Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.821Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.821Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.836Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.852Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.852Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.868Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.868Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.977Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.977Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.993Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.993Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.008Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.008Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.040Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.040Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.055Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.071Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:35.437Z [Mini-filter] Denied access to file: \program files\microsoft security client\mpsvc.dll, pid: 5488
2016-12-06T20:33:35.453Z [Mini-filter] Denied access to file: \program files\microsoft security client\mpsvc.dll, pid: 5488
2016-12-06T20:33:35.468Z [Mini-filter] Denied access to file: \program files\microsoft security client\mpclient.dll, pid: 5488
2016-12-06T20:33:35.468Z [Mini-filter] Denied access to file: \program files\microsoft security client\mpclient.dll, pid: 5488
2016-12-06T20:33:35.484Z [Mini-filter] Denied access to file: \program files\microsoft security client\mpcommu.dll, pid: 5488
2016-12-06T20:33:35.484Z [Mini-filter] Denied access to file: \program files\microsoft security client\mpcommu.dll, pid: 5488
2016-12-06T20:33:35.531Z [Mini-filter] Denied access to file: \program files\microsoft security client\mprtp.dll, pid: 5488
2016-12-06T20:33:35.531Z [Mini-filter] Denied access to file: \program files\microsoft security client\mprtp.dll, pid: 5488
2016-12-06T20:33:43.406Z [Mini-filter] Denied access to file: \program files\microsoft security client\eppmanifest.dll, pid: 5488
2016-12-06T20:33:43.406Z [Mini-filter] Denied access to file: \program files\microsoft security client\eppmanifest.dll, pid: 5488
2016-12-06T20:33:50.757Z [Mini-filter] Denied access to file: \program files\microsoft security client\nislog.dll, pid: 5488
2016-12-06T20:33:50.757Z [Mini-filter] Denied access to file: \program files\microsoft security client\nislog.dll, pid: 5488
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Windows\Installer\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}\ARPIcon"
2016-12-06T21:23:32.685Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.685Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.687Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.702Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.719Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:23:32.736Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:23:32.749Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.749Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.750Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.750Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.767Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:23:32.781Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.362Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.375Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.385Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.399Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.415Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.428Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.437Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.451Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
2016-12-06T21:37:52.393Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\\?\D:\AudioEnvironment.exe"
         

Alt 07.12.2016, 21:54   #15
Lumis
 
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden - Standard

PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden



Code:
ATTFilter
Begin Resource Scan
Scan ID:{58531C0A-6081-4CA4-939A-A7D545291BF2}
Scan Source:7
Start Time:12-06-2016 22:37:52
End Time:12-06-2016 22:37:53
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\AudioEnvironment.exe
Result Count:1
Unknown File
Identifier:11224847328881934334
Number of Resources:1
Resource Schema:file
Resource Path:D:\AudioEnvironment.exe
Extended Info:0
End Scan
************************************************************

2016-12-06T21:37:53.683Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\ACSound.exe"
2016-12-06T21:37:56.876Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-06T21:38:06.898Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\\?\D:\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Begin Resource Scan
Scan ID:{5BB8428C-112B-4D0A-A800-CBA75908FC73}
Scan Source:7
Start Time:12-06-2016 22:38:08
End Time:12-06-2016 22:38:09
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\ACSound.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Result Count:1
Unknown File
Identifier:669509434212351998
Number of Resources:1
Resource Schema:file
Resource Path:D:\ACSound.exe
Extended Info:0
End Scan
************************************************************

2016-12-06T21:38:10.017Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
2016-12-06T21:48:55.738Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:48:55.751Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:51:34.175Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:51:34.190Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:40.333Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:40.347Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:42.142Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:42.156Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:42.165Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:42.178Z [Mini-filter